Smart Factory Security: A Case Study on a Modular SmartManufacturing System

Authors: Federico Maggi, Marco Balduzzi, Rainer Vosseler, Martin Rösler, Walter Quadrini, Giacomo Tavola, Marcello Pogliani, Davide Quarta, Stefano Zanero

November 2020

International Conference on Industry 4.0 and Smart Manufacturing

Journal Article

Abstract

Smart manufacturing systems are an attractive target for cyber attacks, because they embed valuable data andcritical equipment. Despite the market is driving towards integrated and interconnected factories, current smartmanufacturing systems are still designed under the assumption that they will stay isolated from the corporatenetwork and the outside world. This choice may result in an internal architecture with insufficient network andsystem compartmentalization. As a result, once an attacker has gained access, they have full control of the entireproduction plant because of the lack of network segmentation.With the goal of raising cybersecurity awareness, in this paper we describe a practical case study showing attackscenarios that we have validated on a real modular smart manufacturing system, and suggest practical securitycountermeasures. The testbed smart manufacturing system is part of the Industry 4.0 research laboratory hosted byPolitecnico di Milano, and comprises seven assembly stations, each with their programmable logic controllers andhuman-computer interfaces, as well as an industrial robotic arm that performs pick-and-place tasks.On this testbed we show two indirect attacks to gain initial access, even under the best-case scenario of a system notdirectly connected to any public network. We conclude by showing two post-exploitation scenarios that an adversarycan use to cause physical impact on the production, or keep persistent access to the plant.We are unaware of a similar security analysis performed within the premises of a research facility, following ascientific methodology, so we believe that this work can represent a good first step to inspire follow up research onthe many verticals that we touch.

PDF Cite

@InProceedings{	  maggi_smsec_2020,
  abstract	= {Smart manufacturing systems are an attractive target for
		  cyber attacks, because they embed valuable data andcritical
		  equipment. Despite the market is driving towards integrated
		  and interconnected factories, current smartmanufacturing
		  systems are still designed under the assumption that they
		  will stay isolated from the corporatenetwork and the
		  outside world. This choice may result in an internal
		  architecture with insufficient network andsystem
		  compartmentalization. As a result, once an attacker has
		  gained access, they have full control of the
		  entireproduction plant because of the lack of network
		  segmentation.With the goal of raising cybersecurity
		  awareness, in this paper we describe a practical case study
		  showing attackscenarios that we have validated on a real
		  modular smart manufacturing system, and suggest practical
		  securitycountermeasures. The testbed smart manufacturing
		  system is part of the Industry 4.0 research laboratory
		  hosted byPolitecnico di Milano, and comprises seven
		  assembly stations, each with their programmable logic
		  controllers andhuman-computer interfaces, as well as an
		  industrial robotic arm that performs pick-and-place
		  tasks.On this testbed we show two indirect attacks to gain
		  initial access, even under the best-case scenario of a
		  system notdirectly connected to any public network. We
		  conclude by showing two post-exploitation scenarios that an
		  adversarycan use to cause physical impact on the
		  production, or keep persistent access to the plant.We are
		  unaware of a similar security analysis performed within the
		  premises of a research facility, following ascientific
		  methodology, so we believe that this work can represent a
		  good first step to inspire follow up research onthe many
		  verticals that we touch.},
  author	= {Maggi, Federico and Balduzzi, Marco and Vosseler, Rainer
		  and Rösler, Martin and Quadrini, Walter and Tavola,
		  Giacomo and Pogliani, Marcello and Quarta, Davide and
		  Zanero, Stefano},
  booktitle	= {International Conference on Industry 4.0 and Smart
		  Manufacturing},
  date		= {2020-11-23},
  file		= {files/papers/conference-papers/maggi_smsec_2020.pdf},
  location	= {Linz, Austria},
  publisher	= {Elsevier Procedia Computer Science},
  series	= {ISM '20},
  shorttitle	= {SMSec},
  title		= {Smart Factory Security: A Case Study on a Modular
		  SmartManufacturing System},
  volume	= {42}
}

Back to Publications