More manufacturers than ever before are turning to automation, whether to combat rising production costs or increase productivity. Modern automation systems operate on Operational Technology (OT) networks, comprised of industrial control (ICS) and supervisory control and data acquisitions systems (SCADA). These systems are designed to operate in conjunction with each other and are quite sensitive to any failure in the OT network.
As technological advances and business requirements drive more manufacturers to connect their OT network to the internet, these manufacturers may be placing their systems in greater risk of cyberattack.
In a conversation with Threat Post, MalCrawler Founder and CEO Dewan Chowdhury points out that security vulnerabilities may lie not in the control systems, but directly in the software running the robotics. Chowdhury says that “even before the robotics, the issue is that the programs that control the robotics are completely wide open to vulnerabilities.”
This is due, in part, to the large number of robotics that are operating on outdated and unsupported software, like Windows XP or Windows Server 2003. In addition, he suggests that any attempt to update the software of these robotics could lead to breaking end user license agreements, thereby voiding warranties or on-going support or maintenance contracts.
Control systems are increasingly under attack from threat actors—state or non-state based—looking to shut down or gain control of critical infrastructure systems. As a starting point, Chowdhury recommends that companies examine their manufacturing floor for potential vulnerabilities, along with an assessment of security risks in their overall operations.