Industrial Automation

Every cool beverage, glowing screen, or warm bed is brought to us by Industrial Automation and Control Systems (IACS). These marvelous transformative systems enable our economy and way of life; without these systems, we would find ourselves living in a far less desirable post-apocalyptic world.

The Importance of Cyberlearning

IACS requires connectivity, while connectivity supports innovation; connectivity also opens a system to new threats. As we have seen, with every connected device, there is a cyberlearning development curve. We have learned repeatedly the hard way that shipping a zero-defect secure connected device is remarkably challenging. IACS has more significant challenges than a typical connected device, as IACS by design requires orchestration between various connected devices to solve complex interactions, making decisions beyond superhuman speed. Security, mitigation, and resilience must be built-in to meet these demanding challenges.

Industrial Connected Devices Under Attack

A disgruntled job-seeking applicant in Australia using a network-based attack caused massive ecological damage by dumping more than 264,000 gallons of raw sewage in neighboring waterways. The infamous Stuxnet malware disrupted and damaged the Iranian nuclear weapons program. The unsuccessful Russian Triton malware targeted the Saudi Arabian petrochemical plant with the intent of causing massive physical damage and loss of life. The Russians have attacked the Ukrainian power grids with severe specialized malware targeting multiple classes of systems.

Industrial Automation Challenges

Attribution is a severe challenge of industrial automation control systems. Identifying a hardware failure from malicious actors may not be possible. If the Russian Triton attack had not failed, it’s unlikely investigators searching the rubble of a destroyed petrol plant could uncover any malware. An industrial automation system failure often leads to catastrophic outcomes.

Potential Loss of Life

China’s Wenzhou bullet trains failed communication systems resulted in collision and derailment, killing 40 people and injuring 190. Russia’s Sayano-Shushenskaya power station failed catastrophically, killing 75 people and destroying the station. The hydro turbine’s 920-ton rotor cover shot up, the rotor broke free from its seat, rising 9 feet. The San Bruno natural pipeline explosion killed eight people and leveled 35 homes. People would be disturbed to learn that catastrophic hardware, architectural, or maintenance failures can be spurred or faked with a cyberattack.

Deeper, Disturbing Trend

Marketplaces for selling exploits are growing quickly. Demand, supply, and expected high ROI is fueling the Zero-Day vulnerability marketplace. Nation-state actors and criminal organizations are actively seeking, purchasing, and exploiting Zero-Day vulnerabilities. Researchers sell exploits to either fix or disclose vulnerabilities, which means that fixing exploits becoming ever more expensive.
Zero-Day Price Sheet
Platform
2012
2021
Adobe Reader
$5K-$30K
$80K
Mac OSX
$20K-$50K
$50K
Android
$30K-$60K
< $2.5M
Microsoft Word
$50K-$100K
< $100K
Windows
$60K-$120K
< $1M
Chrome
$80K-$200K
< $500K
iOS
$100K-$200K
< $1M
Industrial Automation Systems
< $1M

Warfare is Changing

Envision the effect of a cyberattack via malware on an assembly plant. In a worst-case scenario, the attacker maintains persistent presences, eroding the quality and performance of the manufacturer as economic warfare. In 2011, Japan was hit by a tsunami, which disrupted the automotive supply chain in the area. Toyota was forced to close its plants for nearly a month and reduced that quarter’s earnings by 77%. IACS is paramount for national security.

Enter Your Information to Access This White Paper

  • This field is for validation purposes and should be left unchanged.

Enter Your Information to Access This White Paper

  • This field is for validation purposes and should be left unchanged.

Enter Your Information to Access This White Paper

  • This field is for validation purposes and should be left unchanged.

Enter Your Information to Access This Datasheet

  • This field is for validation purposes and should be left unchanged.

Enter Your Information to Access This White Paper

  • This field is for validation purposes and should be left unchanged.

Enter Your Information to Access This Datasheet

  • This field is for validation purposes and should be left unchanged.