On June 27, 2022, two Iranian steel companies, Mobarakeh Steel Company and Khuzestan Steel Industries, suffered cyberattacks. Hacktivist group Predatory Sparrow later claimed responsibility. Notably, one of the attacks targeted a steel mill in Khuzestan and caused an industrial machine to malfunction severely, spouting fire and molten steel onto the factory floor.
The attack on the Iranian factory shows how susceptible modern industrial facilities can be to cyberattacks and how severe the consequences can be. Moreover, current technological trends in the manufacturing industry will only exacerbate these threats.
To understand how manufacturing facilities are increasingly vulnerable to cyberattacks, it helps to understand the history of industrialized manufacturing, which can be roughly divided into four stages.
The history of industrialized manufacturing
The first stage of industrialized manufacturing (Industry 1.0) saw the mechanization of production replacing human workers with steam-powered machines in the early to mid-19e century. The second stage (Industry 2.0) took place roughly from the middle of the 19e century to the First World War and saw the electrification of factories and the beginnings of mass production. Basically, these first two stages of industrialized production only involved what we would today call “operational technology” (OT). OT refers to machines and systems that control industrial processes. For example, 19eSteam pumps and textile machinery of the last century would be the earliest examples of operational technology. During these stages, the Internet, information technology (IT) and (therefore) cybercrime did not exist.
The third stage (Industry 3.0) took place between 1950 and 1970. This stage brought into industrialized manufacturing what we would today call “information technology” (IT). Computing refers to systems that produce, store and transmit electronic data. For the first time, computers were integrated into the manufacturing process and industrial equipment could be automated using computer numerical control (CNC) machining. As the role of IT has increased in all sectors and the Internet has been born, cybercrime has also grown. The first computer worm was created in 1972 and the first virus in 1983.
We have recently entered the fourth stage (Industry 4.0) of industrialized manufacturing. At this point, OT and IT converge even more. Manufacturing is made more efficient by acting on insights derived from data collected from OT assets by IoT sensors, stored in the cloud, and analyzed by AI.
Cyberattacks in Industry 4.0
Industry 4.0’s emphasis on marrying OT and IT to harvest data from industrial equipment makes OT assets increasingly vulnerable to cyberattacks. More importantly, it is increasingly common for OT assets to be connected to both the Internet and the corporate network. This makes it easier for companies to operate machinery remotely and monitor operational performance. Equipment vendors also often want their machines to be connected to the internet during installation so that maintenance is easier. However, any Internet-connected OT or IT asset is (theoretically) hackable, and any device connected to both the Internet and the network can act as a gateway to the corporate network for threat actors.
This potential vulnerability is often turned into a very real one by the frequent absence of cybersecurity devices protecting OT assets from cyberattacks. One reason for this is the large number of OT assets in a company’s supply chain, which makes it extremely difficult to gain network visibility (being able to monitor the data being transmitted to and from from each OT asset). Another reason is the wide variety of OT equipment typically included in a company’s supply chain, or even in a single factory. This equipment varies in function, vendor, date of installation and firmware level. These differences mean that there is generally no quick fix for cybersecurity vulnerabilities in an OT environment (such as a software update or patch that affects all OT assets). In addition, many connected IoT sensors do not have sufficient computing power to install appropriate security software on them.
Additionally, Industry 4.0’s pursuit of data-driven insights reveals critical skill gaps between OT and IT teams, who are often unfamiliar with each other’s technology domain and yet are increasingly additionally required to adapt to both when working in industrial environments. This can lead to cybersecurity neglect of OT assets. For example, an OT specialist installing industrial equipment may add an Internet connection as recommended by the equipment’s installation manual, not realizing that this Internet connection automatically makes the equipment a potential target for cyberattacks.
An uncertain future
The BBC’s coverage of the recent cyberattack on the Iranian factory argued that the attack was unusual because it caused damage in the physical rather than digital world. Of course, Iran has experienced such cyberattacks before: in 2010, the Stuxnet attack crippled centrifuges at Iran’s uranium enrichment facilities. Unfortunately, the growing threat posed by cyberattacks to OT assets means we could see more industrial equipment malfunctioning in equally disastrous ways in the future.