Topics:
Reports say Amazon intends to replace more than 500,000 employees—160,000 in the United States by 2027—with robots and artificial intelligence (AI). This logistics automation is expected to save 30 cents per item picked, according to a New York Times article published last month, and significantly cuts into the company’s workforce while expecting to double product sales volume in less than 10 years.
While this is a harrowing future for warehouse workers in the U.S.’s second-largest employer, it’s a strong trend that’s unlikely to abate. From a cybersecurity perspective, it is another wave of cyber-physical systems (CPS) that will need to be protected not only in the logistics and warehousing industries but also for work-in-process (WIP) inventory in manufacturing and other critical industries.
The productivity and efficiency gains are too attractive to ignore as the way forward for business leaders, corporate boards, and investors. Corporate IT security teams, OT asset owners and operators, and plant engineers meanwhile will have to strategize and budget for appropriate cyber protections in order to maintain physical safety inside plants, meet regulatory demands, and ensure that company critical processes and production won't be disrupted by determined attackers targeting automated assembly lines, robots, and package pickers.
It seems like this is a good time for a refresher of the most critical cyber-physical systems key to manufacturing operational uptime that security teams should prioritize for layered protection before the tsunami waves of AI based cyber-attacks focused on manufacturing applications and infrastructure arrive. This is not an if, but a when, situation.
CPS, such as Amazon’s robots, integrate with AI-based digital technology to make up the modern physical world. Management of CPS protection has largely been integrated with IT security operations, and with that integration comes the introduction of a new world of exposures that put these inter-connected automated systems and devices at greater risk and vulnerability.
Within manufacturing, operational technology (OT) is complemented by a plethora of connected internet of things (IoT) devices such as sensors, actuators, motors, and controllers that operate at low levels of the Purdue Model integrated network architecture. These devices produce indispensable data that feeds and controls continuous operations as well as enables predictive maintenance, process innovation, and improvements—much of which is processed and analyzed in the cloud.
The risks are plentiful given that vulnerabilities in many OT and IoT devices may not be fully inventoried and mitigated. Data protection is also another security mandate helping keep automation afloat.
Robotic arms, autonomous vehicles and carriers, and other manufacturing automation are a traffic bridge between IT and OT that can be challenging to protect. Sensors and controllers guide their operations and communicate heavily with OT networks as well as the IT cloud. Any disruption due to a cybersecurity incident can lead to unsafe or erratic movements on the shop floor, threaten the integrity of machines and processes, and lead to operations downtime that is expensive.
Protecting these CPS environments is challenging on several fronts. Firmware and software updates in OT should require prior testing and then be scheduled for a downtime window. Risk must be communicated to plant and IT decision makers from a lens of business impact in order to update these devices in a relatively timely fashion and reduce the window of exposure.
Industrial control systems and SCADA networks will remain core to manufacturing processes because they control the physical plant. However they are increasingly exposed to the internet, cloud, and corporate networks to harvest their data—and thus their respective cybersecurity vulnerabilities and shortcomings.
Many of these OT systems were designed decades ago for reliability, not cybersecurity. Vulnerabilities include outdated legacy operating systems that are no longer supported by vendors with security or feature updates. Most installed ICS and SCADA systems often don’t support encryption; their network traffic exposes data to capture and manipulation (ex. Stuxnet) that also can put automated processes at risk.
Network connectivity for remote maintenance and updates can also put these systems in the crosshairs of attackers, especially if they’re directly connected to the internet and not behind a VPN or an IT-OT purpose-built secure remote access solution.
Perhaps the most vital technology on automated production lines are programmable logic controllers or realtime controllers. PLCs control specific physical device tasks such as opening valves or operating conveyors. Compromises of PLCs can enable a threat actor to alter logic commands that can lead to equipment damage, production stops, or put humans within reach of manufacturing in physical jeopardy. Many PLCs also lack robust authentication or firmware verification of commands, leaving them open to manipulation.
Much of the same applies to human-machine interfaces (HMIs) that provide operators with visual control over ICS controlled manufacturing and other OT devices. If an attacker compromises an HMI, they can falsify readings, send unsafe commands, or disrupt entire processes. These underlying systems managing HMIs must be configured with complex passwords, multifactor authentication, current patch levels, hardened OS platforms, and secure remote desktop connections.
Access and authorization are the cornerstones of modern cybersecurity programs. Layered IT-OT zero-trust architectures (ZTA) require that thorough verification and identification of all device-to-device, device-to-cloud, and user-to-device communication are becoming a mandate for protecting modern shop floor manufacturing sites.
ZTA enables much of the rest of an OT security program, including network segmentation projects. Segmenting network devices according to process criticality enables security teams to isolate compromised systems before attackers can move laterally on the network and attack other systems. ZTA and segmentation are critical cornerstones to CPS resilience.
We’ve examined the importance of keeping critical operating systems and devices at current patch levels for firmware and software. Security teams must communicate the risk of cyber attacks based on business impact, and make a proper business case for the downtime necessary to update evergreen CPS systems or OSes no longer supported by the vendor.
Threat detection—informed by threat intelligence—is key to spotting anomalies in network traffic before a compromise impacts business. Resilience is the ability to operate under compromise, and continuous monitoring and threat detection properly integrated with security information and event management (SIEM) tools is a key strategy for achieving resilience.
Develop a CPS-specific incident response plan with clear protocols for isolating compromised systems, personnel communications plans, and plans for how to restore operations. Always keep separate system backups offline and online, and test recovery plans regularly. Assign critical personnel to response teams that include technical, business, legal, leadership, and corporate/site communications teams.
Fully integrated cyber-physical systems are transforming manufacturing—but they’re also introducing new and complex cybersecurity risks. As IT and OT networks converge, traditional defenses are no longer enough. By combining network segmentation, proactive monitoring, access controls, communication plans, manufacturers can build a resilient foundation that keeps their people, data, and machinery safe and their critical business highly productive.
Jim LaBonty is the retired Director and Head of Global Automation Engineering for Pfizer's Global Engineering & Technology division. In this role he primarily focused on establishing the strategic direction and harmonizing control system solutions across 42 manufacturing sites globally, including securing the development of Pfizer's COVID-19 vaccine. Previously, LaBonty held senior engineering and system architect roles at Rockwell Automation, Eli Lilly & Company, and Eastman Kodak Company. He now leverages his decades of experience to help firms with their corporate OT cyber strategy and global program execution, with the goal of protecting manufacturing.
