Operational Technology (OT)

Assembly Line

🔏🚗 In-Depth Analysis of Cyber Threats to Automotive Factories

📅 Date:

🔖 Topics: Operational Technology, Cybersecurity, OPC-UA, Industrial Robot, Digital Twin, Industrial Control System

🏭 Vertical: Automotive

🏢 Organizations: TXOne Networks, AWS

We found that Ransomware-as-a-Service (RaaS) operations, such as Conti and LockBit, are active in the automotive industry. These are characterized by stealing confidential data from within the target organization before encrypting their systems, forcing automakers to face threats of halted factory operations and public exposure of intellectual property (IP). For example, Continental (a major automotive parts manufacturer) was attacked in August, with some IT systems accessed. They immediately took response measures, restoring normal operations and cooperating with external cybersecurity experts to investigate the incident. However, in November, LockBit took to its data leak website and claimed to have 40TB of Continental’s data, offering to return the data for a ransom of $40 million.

Previous studies on automotive factories mainly focus on the general issues in the OT/ICS environment, such as difficulty in executing security updates, knowledge gaps among OT personnel regarding security, and weak vulnerability management. In light of this, TXOne Networks has conducted a detailed analysis of common automotive factory digital transformation applications to explain how attackers can gain initial access and link different threats together into a multi-pronged attack to cause significant damage to automotive factories.

In the study of industrial robots, controllers sometimes enable universal remote connection services (such as FTP or Web) or APIs defined by the manufacturer to provide operators with convenient robot operation through the Control Station. However, we found that most robot controllers do not enable any authentication mechanism by default and cannot even use it. This allows attackers lurking in the factory to directly execute any operation on robots through tools released by robot manufacturers. In the case of Digital Twin applications, attackers lurking in the factory can also use vulnerabilities in simulation devices to execute malicious code attacks on their models. When a Digital Twin’s model is attacked, it means that the generated simulation environment cannot maintain congruency with the physical environment. This entails that, after the model is tampered with, there may not necessarily be obvious malicious behavior which is a serious problem because of how long this can go unchecked and unfixed. This makes it easy for engineers to continue using the damaged Digital Twin in unknown circumstances, leading to inaccurate research and development or incorrect decisions made by the factory based on false information, which can result in greater financial losses than ransomware attacks.

Read more at TXOne Networks Blog

⭐ A Framework for Enhancing the Interoperability of Information across a Plant

📅 Date:

✍️ Authors: Atsushi Sato, Toshio Ono, Tetsuo Takeuchi

🔖 Topics: Industrial Control System, Programmable Logic Controller, OPC Unified Architecture, Operational Technology, Industrial Communication

🏢 Organizations: Yokogawa, FDT Group

Since it is becoming increasingly difficult for a single vendor to meet diversifying user requirements by itself, interoperability among multi-vendor components and control systems such as distributed control systems (DCS) and programmable logic controllers (PLC), has been improved by adopting open industrial communication protocols. However, these protocols, and the information generated, stored, and transferred, are not fully compatible with each other. Accordingly, the open platform communications unified architecture (OPC UA) and related international standards are attracting attention from many vendors and users as a key to high interoperability. This paper introduces how OPC UA improves interoperability among plant components and systems and describes Yokogawa’s prospect.

This paper introduced the trend of FITS and OPC UA FX as standard technologies related to OPC UA. Conventionally, a plant operation system is built by stacking various specialized elements. The system is expected to be integrated vertically and horizontally by industrial-level interoperability standards including OPC UA. As a result, the functional hierarchy will become flat and diverse components and systems will cooperate with each other regardless of the kind of vendors and applications. Yokogawa focuses on the interoperability in the cooperative domain, which was discussed in this paper, and is actively participating in standardization of FITS, OPC UA FX, and IEC/IEEE 60802.

Read more at Yokogawa Technical Report

Nokia launches first off-the-shelf, mission-critical Industrial Edge to accelerate the enterprise journey to Industry 4.0

📅 Date:

✍️ Author: Tessa Axsom

🔖 Topics: edge computing, operational technology

🏢 Organizations: Nokia

Nokia today announced it has launched the industry’s first cloud-native, mission-critical industrial edge solution to allow enterprises to accelerate their operational technology (OT) digitalization initiatives and advance their journey to Industry 4.0. The new Nokia MX Industrial Edge is a scalable application and compute solution designed to meet the mission-critical digital transformation needs of asset-intensive industries such as manufacturing, energy, and transportation. It uniquely combines compute, storage, wired/wireless networking, one-click industrial applications and automated management onto a unified, on-premise OT digital transformation platform.

Read more at Telecom TV

A Digital Factory Approach to Data-driven Management in Factories

📅 Date:

✍️ Author: Hideki Fujiwara

🔖 Topics: Data Lake, Operational Technology, Digital Twin

🏢 Organizations: Yokogawa, Microsoft

Yokogawa’s solutions and know-how play an important role in accelerating digital transformation (DX) of operational technology (OT) in the manufacturing industry. When proposing these solutions and know-how to customers, it is persuasive to be able to show that Yokogawa has actually improved productivity in its own factories using its OT operations data. This specific example will help customers to understand the effectiveness of the proposal. To achieve data-driven management with OT operation data, three requirements must be satisfied: (1) OT Data Lake, which is a framework for gathering operational data from Yokogawa’s factories worldwide into a single database and improving productivity on a global scale, (2) AI optimization and automation that use operational data and images, and (3) remote operation that ensures the continuity of business even when people’s access is restricted, for example, due to the COVID-19 pandemic. Yokogawa defines a factory that satisfies these three items as a Digital Factory and is working hard to make its own factories as such. Although this approach is one of Yokogawa’s Internal DX measures, the results can be used to develop know-how for External DX, which will increase value for customers, expedite DX in existing businesses, create new DX businesses, and strengthen Yokogawa’s presence in DX. This paper introduces Yokogawa’s approach to Internal DX, its roadmap, and progress toward external DX.

Read more at Yokogawa Technical Report