The Robots Taking Your Job Could Get You Killed

Uploaded on 2015-08-14 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Production-Manufacturing

bcg-ex1-chart_800_499_80.jpgBoston Consulting Group  recently released a global robotics market study that projects industry growth of 10.4% CAGR.

The rush to automate more factory processes may look like it’s saving money, but to Ken Westin, a senior security analyst at Tripwire, it’s a dangerous trend that’s spreading cyber vulnerabilities across entire industries. And it will only get worse. Westin says that too much or unsafely implemented automation in chemical and pharmaceutical plants will result in a catastrophic, and largely avoidable, cyber attack in the next two years.

That automation is on the rise is no secret. Boston Consulting Group has forecast that between this year and 2025,1.2 million industrial robots will make their way into factories across the United States (in addition to those in factories today.) Some projections commonly cited among the chemical and pharmaceutical industry suggest that automation in more factories could increase throughput by 20 percent on a yearly basis and reduce energy consumption by 8 percent.
“A lot of businesses see value in automating a lot more of the processes when it comes to manufacturing,” Westin said at the Black Hat cybersecurity conference here. “They’ll actually let a lot of these people go, like the engineers. And they’ll focus on the automation. What they fail to do is look at the increased risk that that poses to the organization.”
“These systems were designed decades ago,” he went on. “They’re using protocols that are pretty ancient. They were designed for reliability and efficiency. Security was not a part of that. The security occurred on the physical end, protecting people who came in and out of these physical systems. Once you connect that to a corporate network? What happens is the corporate network now gets connected to the manufacturing plant, which was not designed to be connected to the Internet at all. When you have that connection that increases risk to the organization. That’s something that’s not assessed in their analysis of risk.”

How ubiquitous is open Internet connectivity in supervisory command and control systems? You would be surprised. “Where and when something happens is almost completely under cyber control,” said Jason Larsen, a principal security consultant at the group IOACTIVE. “Opening and closing valves is almost always under cyber control.” Larsen spoke during a demonstration that showed how un opening and closing of valves can cause heat and pressure buildups as well as massive container destruction, and leaks of volatile or poisonous chemicals.

Of course, you, as the plant operator, could just call in engineers to monitor or fix the problem, but you fired them to save money, remember? Westin calls it “a perfect storm in a lot of ways.” He predicts the compromise of a major manufacturing plant in the next two years. “It will be something where we see a loss of life. That’s going to change everything.”

While his clients trend toward energy companies, it’s the chemicals and pharmaceutical plants that cause him the most stress. He singled out companies like Bayer and Pfizer, based just outside of Pittsburgh, as particularly attractive targets. “I flew into Pittsburgh and looked down at some of these plants along the river. Imagine the environmental impact if some of chemical leaked out?”

It’s that classic cyber-Pearl-Harbor scenario that former Defense Secretary Leon Panetta warned of in a 2012 speech, and which has since prompted massive increase in cybersecurity spending, much to the benefit of people like Westin. But he says many companies could implement solutions to fix some of these vulnerabilities themselves, do so quickly, and at not necessarily by hiring a fancy hacker team to hunt for bugs. For starters, simple two-factor authentication and other means to keep passwords safe should be much more common. They’re exactly the sorts of measures that the Office of Personnel Management was able to quickly put in place after a major breach. Westin says that password and credential loss is the most common major vulnerability and a lot of that springs from human error, rather than brute force attacks, that don’t use stolen credentials.
Humans are the solution, but they’re also still the problem.
DefenseOne: http://bit.ly/1WoONX4

 

« Switzerland & Austria Investigate Claims of Electronic Spying at Iran Talks
Artificial Intelligence: Myths, Facts and Future »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.