Machine Tool Makers Fight Cyberattacks

SmartBox can mount to any machine tool and serves as a launch platform and secure entrance into the IIoT. Photo courtesy of Mazak Corp.

Growing numbers of manufacturers and shop owners are connecting machine tools, computers, sensors, and other plant equipment to the Industrial Internet of Things (IIoT) with the goal of improving data collection and monitoring capability to ultimately boost productivity.

The problem, however, is that connected machine tools and other equipment are vulnerable to cyber threats in the form of viruses, bugs, malware, and hacking. All indications are cyberattacks in the manufacturing sector are rising rapidly, in part because online connectivity is becoming more common in industrial settings.

“Manufacturers are increasingly being targeted not just by traditional malicious actors such as hackers and cyber criminals, but by competing companies and nations engaged in corporate espionage. Motivations range from money and revenge to competitive advantage and strategic disruption,” states “Global Cyber Executive Briefing,” a report from professional services giant, Deloitte.

Cyberattacks can involve the theft of intellectual property (IP) and the spread of bugs and viruses in an IIoT network, causing chaos.

Deloitte surveyed manufacturing executives on the issue of cybersecurity. In another report, “Cyber Risk in Advanced Manufacturing,” which was released in 2016, the company revealed that “almost one-third of manufacturers have not performed any cyber risk assessments specifically focused on industrial control systems operating on their shop floors. This could pose a significant risk to their operations.”

Machine Tool Security

Some companies are taking proactive steps to guard against cyberthreats in the manufacturing sector, though.

Mazak Corp. has teamed with tech giant Cisco to provide security for the Mazak SmartBox, a device that connects machine tools and other equipment with the IIoT. Japanese machine tool maker DMG Mori and Microsoft Japan also are collaborating on cybersecurity measures. GE Digital, a branch of General Electric, even offers manufacturing cybersecurity technology.

This all is very timely, given the scale of the threat.

Reports Indicate Growing Risk

A report by the Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT (a division of the U.S. Department of Homeland Security), stated that cyberattacks against manufacturing doubled in the fiscal year ending Sept. 30, 2015.

“In FY 2015, ICS-CERT responded to 295 cyber incidents. This represented a 20 per cent increase over FY 2014. The Critical Manufacturing Sector nearly doubled to a record 97 incidents, becoming the leading sector for ICS-CERT in FY 2015,” stated the report, which was issued January 2016 and offers the most recent ICS-CERT data.

OpShield protects industrial controls and critical infrastructure networks by blocking suspicious traffic on an IIoT network and performing a virtual network segmentation. Photo courtesy of GE Digital.

The Department of Homeland Security states critical manufacturing includes vehicle and aerospace manufacturing, as well as engine and turbine manufacturing.

The “2016 Cyber Security Intelligence Index” from the IBM® X-Force® (a division of IBM) offers even grimmer tidings. Researchers looked at information gathered from thousands of devices monitored in more than 100 countries. They catalogued the number of security events (an event on a system or network detected by a security device or application), attacks (a security event identified as a malicious attempt to steal data or screw up a system), and security incidents (attacks or security events that have been reviewed by IBM security analysis and deemed worthy of deeper investigation).

The average organization examined by IBM experienced roughly 53 million events, 1,157 attacks, and 178 incidents in 2015. The average manufacturing company, meanwhile, experienced 58 million events, 1,296 attacks, and 282 incidents. The manufacturing sector as a whole placed second in 2015 for the most frequently cyber-attacked industry, just behind health care but above financial services, according to the IBM X-Force study.

As for who is doing these attacks? The answer is, no one really knows.

“There’s a lot of speculation. Is it organized crime? Is it another nation-state trying to extract IP? There’s debate on whether the attacker is a specific nation-state, someone with a $20 billion budget, or two guys in a garage somewhere,” said Tom Le, executive director, cyber at GE Digital.

Not all cyberattacks are deliberate, say experts. They can occur anytime.

“[Maybe] somebody accidentally has a virus on a USB jump drive or they bring their [infected] laptop or maybe their smart phone to work,” explained Neil Desrosiers, application engineer, MTConnect specialist with Mazak Corp.

If the employee uses this infected device to connect to the IIoT network in your plant, your machine tools and other equipment become at risk of being compromised too.

Some cyberattacks are sneakier, and potentially more dangerous, than others. If a virus or piece of malware gets on your network, the impact can be felt very quickly as your system runs amok. However, with IP theft, a company might not even notice anything is amiss at first.

“A lot of IP theft occurs where the victim feels no immediate impact. You as a company may not even feel the impact directly until someone else steals a formula and produces a competing product that you may not see for a couple years,” said Le.

Another problem in many industrial environments -- including manufacturing – is that a lot of the operating systems are extremely out-of-date.

“Anything in that environment that was manufactured more than five years ago is extremely vulnerable to attack,” said Le.

Fortunately, there’s no shortage of tools to prevent cyberattacks.

GE’s flagship product, OpShield, protects industrial controls and critical infrastructure networks. It can block suspicious traffic on an IIoT network and perform virtual network segmentation.

“What network segmentation does is allow you to limit the activity occurring. So if you do have a worm outbreak, it’s not going to impact all the systems in the environment, it will just be localized to systems in that network,” explained Le. “[It] will perform the virtual network segmentation for you. I can create a virtual network for this control system and these other work stations so only the devices within that virtual segment can talk to each other.”

The product “also allows us to filter based on the actual commands being sent in the industrial protocol so we can autodiscover what is normal and block what is not normal,” added Le.

OpShield is not exclusive to any one product line, either.

“Our security solutions complement any existing machine tool vendor’s products,” said Le.

GE Digital’s Predix cloud-based platform for accessing the industrial Internet, meanwhile, also is packed with cybersecurity features, such as asset authentication and data encryption.

Machine Tool Cyber Safety

In the fall of 2015 Mazak unveiled SmartBox, the result of a collaboration with Cisco and Memex Automation. Roughly the size of a medicine cabinet, SmartBox serves as a launch platform and secure entrance into the IIoT.

SmartBox uses MTConnect, an open, royalty-free manufacturing communication standard that connects manufacturing machines with software for the purpose of gathering data. SmartBox can mount to any machine tool (from Mazak or another builder). It allows users to access real-time manufacturing data for production-enhancing purposes. A single SmartBox can link several machines, with 10 being about the maximum one device can optimally handle, according to Desrosiers.

Central to the system is Cisco’s Industrial Ethernet 4000 series switch, which provides secure connectivity and boosted monitoring ability.

The switch gives the IT department complete control and monitoring capability of the machine SmartBox is connected to.

“If somebody plugs in some other device into an empty port, they can detect it and shut down the device automatically if they so desire,” said Desrosiers.

It doesn’t have to be used with new equipment, either, he added.

Mazak isn’t the only machine tool company taking an aggressive stand against cyberattacks. On Sept. 9, 2016, DMG Mori of Japan, one of the largest machine tool makers in the world, announced it had reached an agreement with Microsoft Japan on cybersecurity features for the company’s machine tool controls.

The two companies are collaborating to tackle various issues, including security measures for control systems in the company’s machine tools. This technical cooperation covers the security of products that use Windows, such as the CELOS® machine tool console, safe data transfer to aggregate sensor information in the cloud, data handling in the cloud, data operation in the cloud, and application of data.

There are additional strategies for handling cyber threats that small machine shops and big manufacturers alike can use. Deloitte’s study on cyber risk, for example, urges manufacturers to be secure, vigilant, and resilient.

Security involves more than just having technology in place to block cyberattacks. It can mean appointing a team or staff member to focus on cyber threats and raise awareness about the issue (such as the danger posed by bringing “infected” devices to work).

Vigilance entails constant monitoring for unauthorized access and security incidents on an IIoT network. Resiliency means being prepared for cyberattacks, boosting security on a regular basis, and fixing problems immediately to keep your machines running.

Good advice, as the IIoT continues to grow and evolve.