Manufacturing and cybersecurity

On May 12, hackers launched a “ransomware” cyberattack that would eventually infect 300,000 machines in 150 countries over a three-day period.

The ransomware, known as WannaCry, locked computers and blocked access to files. Victims were ordered to pay a $300 ransom to regain their data. The countries most affected by the ransomware were Russia, Taiwan, Ukraine and India, but the attack also hit U.S. companies, notably FedEx. Victims included universities, oil companies, telecom providers and train systems.

The virus hit computers running older versions of Microsoft software that had not been recently updated. Microsoft released patches in April and again during the attack to fix a vulnerability that allowed the worm to spread across networks. Computers at manufacturers and hospitals, which can be hard to patch without disrupting operations, were particularly vulnerable. Indeed, the cyberattack slowed or stopped production at five assembly plants run by Renault-Nissan, including the automaker’s huge factory in Sunderland, UK.

By May 15, the attack had largely been stanched. Renault-Nissan is the only carmaker to have reported problems stemming from the attack, but who’s to say Ford, GM or Toyota won’t be next? Cyberattacks on factories are the new normal today, and the WannaCry attack is only the latest. In 2008, for example, a uranium enrichment facility in Iran was disrupted by a computer worm, Stuxnet, allegedly developed by a U.S. intelligence agency. In 2014, a blast furnace in Germany was damaged after malware infected the steelmaker’s production management system and disabled control systems. In December 2015, a cyberattack on a power station in West Ukraine cut electricity to 80,000 homes.

Sadly, the problem will get worse as manufacturers invest in the Industrial Internet of Things and so-called “smart,” or “connected,” factories. Market research firm IHS forecasts that the number of “things” (machines other than computers) connected to the Internet will grow from 15.4 billion devices in 2015 to 75.4 billion in 2025.

That trend represents a tremendous opportunity to increase efficiency, but it could also leave manufacturers vulnerable to cyberattacks. And, it’s not just their computer systems manufacturers have to worry about.

A recent study by cybersecurity firm Trend Micro Inc. and Polytechnic University of Milan, Italy, concluded that robots are vulnerable to cyberattack. The researchers found that the much of the software running robots is outdated; is based on vulnerable operating systems and libraries; is reliant on obsolete or cryptographic libraries; and has weak authentication systems with default, unchangeable credentials. Additionally, the researchers found tens of thousands of industrial devices—including robots—residing on public IP addresses that could be exploited by hackers.

The researchers further demonstrated that hackers could alter a robot controller’s parameters; tamper with the robot’s calibration parameters; tamper with the production logic; and prevent operators from discovering any problems.

How good is your cybersecurity? Are your operating systems up to date? Is your data backed up and secure? Check now or start learning about bitcoin.

John has been with ASSEMBLY magazine since February 1997. John was formerly with a national medical news magazine, and has written for Pathology Today and the Green Bay Press-Gazette. John holds a B.A. in journalism from Northwestern University, Medill School of Journalism.

The ASSEMBLY Show South

ASSEMBLY is thrilled to return to the Music City Center in Nashville, TN for The ASSEMBLY Show SOUTH on May 1-2, 2024. This is a booming time for manufacturing and the U.S. South is right in the heart of the action. According to ASSEMBLY’s most recent annual capital spending survey, the South is projected to account for 31 percent of total spending this year, marking the fifth straight year this region has accounted for at least 30 percent of capital spending in the U.S.

In this session, manufacturers will learn how Quality function deployment (QFD) can transform consumers’ qualitative demands into quantitative parameters that will shape the design of their product and, ultimately, their manufacturing process.

Sponsored by: