Security Risks and Challenges in the Age of Intelligent Manufacturing and Internet

Release time：2022-04-25 10:28:42Source：匿名

From the point of view of network security, the attack profile of intelligent manufacturing network will be greatly expanded, and it will face eight security challenges, including equipment, control, network, application, cloud platform and data. At the same time, we should also see the personnel factors involved in all levels, as well as the high-level persistent threat APT that integrates all aspects.
Intelligent Manufacturing+
The security challenges facing the Internet age can be summarized as follows:
1. Equipment level security challenges. The security challenges of servo drivers, intelligent IO, intelligent sensors, instrumentation and intelligent products in the field of intelligent manufacturing include: chip security, embedded operating system security, coding specification security, third-party application software security and functional security. These devices may have loopholes, defects, standard use, backdoor and other security challenges; at present, they are in the manufacturing field. Domain has not carried out in-depth research on the above issues. For example: Siemens Vulnerability CVE-2016-5849 and so on.
2. Control layer security challenges. It mainly comes from CNC systems, PLC, motion controllers, control protocols, control platforms, control software and so on. At the beginning of its design, it may not consider security requirements such as integrity and identity checking. There are input validation, inadequate license, authorization and access control, inappropriate authentication, inadequate configuration and maintenance, inadequate certificate management, and outdated encryption algorithm. And other security challenges. For example, the operating system used in the domestic CNC system may be tailored based on a certain version of Linux. Once the kernel, file system, external service and stability are not modified, it may continue to be used for many years, or even more than ten years. However, the vulnerabilities of these kernels, file systems and services that have been exploded for many years have not been updated, and the security risks can be guaranteed for a long time. Stay. For example: Siemens Vulnerability CVE-2017-2685, Mitsubishi PLC Vulnerability CNVD-2016-06361 and so on.
3. Network layer security challenges. Mainly from three aspects: various CNC systems, PLC, application servers through wired network or wireless network connection to form an industrial network, industrial network and office network connection to form an enterprise internal network, enterprise internal network and external cloud platform connection, third-party supply chain connection, customer network connection. The main security challenges include: common network threats (such as denial of service, man-in-the-middle attacks) in the process of network data transmission, hardware and software security (such as software vulnerabilities, unreasonable configuration, etc.) on the network transmission link, and blurred network protection boundaries caused by the use of wireless network technology. For example: Mitsubishi network module vulnerability CNVD-2016-06360. Siemens Network Server Vulnerabilities CNVD-2012-7944 and so on.
4. Application-level security challenges refer to the security of application software and platforms that support the operation of industrial Internet services, such as Demagyson Precision Machine (DMG).
ERP (Enterprise Resource Planning)/PPS (Production Planning and Control System)/PDM (Product Data Management)/MES manufacturing execution system and CAD/CAM software and control system integrated by MORI CELLOS system. Intelligent manufacturing applications, similar to common commercial software, will continue to face traditional security challenges such as viruses, Trojans, vulnerabilities, etc.
Fanuc vulnerabilities CVE-2008-0175 and CVE-2008-0176, Siemens PC vulnerabilities CNVD-2016-11465 and so on.
5. Industrial cloud security challenges. From this CIMT, we can see that the major domestic machine tool manufacturers and CNC system manufacturers are establishing or will soon establish cloud platforms and services. These cloud platforms and services are also facing internal and external security challenges such as illegal access, internal intrusion, multi-tenant risk, springboard intrusion, internal outreach, social worker attack and so on.
6. Data layer security challenges refer to the security problems of production management data, production operation data and external data in intelligent manufacturing plants. Whether the data is stored on large data platforms or distributed on users, production terminals, design servers and other devices, massive data will face security threats such as data loss, leakage and tampering.
7. Challenges of personnel management. With the development of networking and digitalization of intelligent manufacturing and the high integration of industry and IT, the "conscious" or "unconscious" behavior of employees in enterprises, such as engineers, managers, field operators and senior managers, may destroy industrial systems, disseminate malicious software and neglect job anomalies because of the wide network. In general use, the impact of these challenges will be dramatically magnified; and a large number of attacks against human social engineering, phishing attacks, email scanning attacks and other attacks take advantage of sensitive information that employees unintentionally leak. Therefore, in the intelligent manufacturing + Internet, personnel management is also facing tremendous security challenges.
8. Advanced Persistent Threat (APT), APT in the field of intelligent manufacturing is the combination of the above six challenges, which is the most difficult and the most serious threat. The attacker's target may be to steal the product design data and product application data of key intelligent manufacturing enterprises, or to stop the production of intelligent manufacturing enterprises, reduce the rate of good products, and delay in service at critical moment, which may cause direct losses to enterprises. The attacker carefully planned and carried out long-term and sustained attacks in order to achieve the established goals. The attack process includes collecting all kinds of letters. Information collection, intrusion technology preparation, penetration preparation, intrusion attack, long-term latency and waiting, deep penetration, trace elimination and a series of precision attack links. For example: 360APT Report: Mohair Tissue.
How to deal with it? Cooperate to establish a joint defense system!