Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks. Industrial security company Malcrawler pinpointed these dangers at Kaspersky Lab’s Security Analyst Summit earlier this month.
Dewan Chowdhury, founder of MalCrawler, said that many robotics that work as part of industrial systems on manufacturing floors are still leveraging outdated and unsupported operating systems – such as Windows XP. Chowdhury presented his research at a SAS session titled “Hack Your Robot”.
“Even before the robotics, the issue is that the programs that control the robotics are completely wide open to vulnerabilities,” said Chowdhury.
For manufacturing companies, cybersecurity threats are beginning to make headlines. As recently as December, an attack framework targeting industrial control systems called TRITON was used to manipulate industrial safety settings through SIS controllers in a critical infrastructure organization.
The sophisticated malware, revealed by security firms FireEye and Dragos, targets an emergency shutdown tool in Schneider Electric’s Triconex safety instrumented system (SIS), enabling hackers to shut down and reprogram them.
Chowdhury said that there are an array of steps that manufacturers can take to secure their operational technology – starting with a basic understanding of security risks on their manufacturing floor and a security assessment of their plant operations.