Defending Your Automated Processes Against Cyberattacks
A common misconception is that your data must be valuable to people outside of your company for you to be at risk of a cyber-attack. This belief is nothing more than a false sense of security that could irreparably harm your company. As recent cyber-attacks have demonstrated, the current strategy for cybercriminals is to cast a wide net and lock up the data of multiple victims in a single incident.
In the “good old days”, the goal of a cyberattack was to steal your data or reveal your intellectual property (IP) but your business was left alive to fight another day. Modern cyberattacks instead focus on locking you out of critical systems with the goal of bringing your business to a standstill. The software used to execute this style of attack is called “ransomware” because your business is effectively held for ransom. The recent prevalence of these types of attacks highlights the reality every business is facing, which is that regardless of your size or the sophistication of your security and monitoring processes, you could be the next victim of a cyberattack.
The Cost of Being Unprepared
Ransomware attacks have increased in frequency and, given their effectiveness, that trend is likely to continue. While it can be costly to implement a cybersecurity strategy, the impact to your business if you do not have one is considerably higher. Below are some effects a ransomware attack could have on your business if you do not set up an effective response.
Short Term Impact:
- Access is restricted to critical systems and data
- Manufacturing/Production operations will be idle
- Specialists will be required to determine the pervasiveness of the attack
- A potential ransom payment
- Potential negotiation fees
Long Term Impact:
- Missed delivery dates
- Loss of customers
- Loss of intellectual property
- Damage to company’s reputation
- Changes in management
- Employee Layoffs
Preparing an Effective Response
The easiest route to getting your business up and running is to pay the ransom. Paying the ransom is enticing since it is usually not outrageous, and attackers have historically released systems and data after payment. Before paying, companies should consider the real benefits of doing so because this one-time payment provides no guarantees that a similar attack will not happen again. But this does not mean there is no way to protect your company. Most companies in the robotics industry are uniquely positioned to continue operations in the event of a ransomware attack if they are properly prepared.
“If internet connectivity is not mission-critical for a device, disconnect it”
The first step in preparing for a ransomware attack is to identify any networked PCs and PLCs that are critical for controlling your robots. Whenever possible, isolate robotic systems and remove them from the network. This is the single most important piece of advice we give our clients, so it bears repeating: if internet connectivity is not mission-critical for a device, disconnect it.
Severely restricting internet access for robotic devices hasn’t always been our first recommendation, but the threats are changing, so our advice is changing.
If network isolation is not feasible, configure and store hardware backups for each PLC and PC. In the event of an attack, on-site engineers can swap out compromised systems and get operations restarted with relative ease. To minimize downtime, software updates must be regularly performed on these backups. In addition to hardware backups, consider using “Honey Pots” to distract attackers and to notify you that an attack is underway. Honey Pots can not only provide helpful information about the vulnerabilities in your network but also gives you time to enact an emergency response plan. The personnel that should be replacing hardware, isolating systems, and managing the process should be clearly defined in your emergency response plan.
Remote management, system updates, and monitoring are all essential to the modern business, keeping your engineers from having to be on-site unnecessarily while keeping your customers updated and well supported. Go West has extensive experience designing systems that allow for these crucial benefits while keeping critical systems inaccessible to unauthorized external actors.
Another option to consider is air-gapping devices that are used for sharing data with the internet-connected systems. For example, if you have a system that is required to send out performance data or signal the need for operator intervention, consider uni-directional digital output systems that don’t allow for inbound communication.
In addition, it is more important than ever to be taking regular backups of system data that would be required for a rebuild. Are you using a machining management system that relies on part metadata and decades of Gcode libraries or robot recipes? If so, please back that data up regularly to a location that is not on your local network, so that you can perform a reinstall quickly. For data backups, we like to use cloud storage systems provided by third parties (think: Google Drive) because those systems tend to be well-maintained, highly secure, and on a disconnected network.
You should also consider your hardware recovery strategy when determining your cyber exposure. We use off-the-shelf easy to find industrial PCs for most of our systems that run the Linux operating system. Linux-based systems tend to be more secure and less attractive to hackers. In the unlikely event that one of our systems was compromised, a replacement can be quickly ordered and replaced with a clean installation to get our customers back up and running in no time.
For battlefields and board games, the “best defense is a good offense”, but in a world where the value you place on your current system determines your risk, your best defense is easy recovery. As James Mickens has famously said: “Mossad’s gonna Mossad”, meaning that there is no defense against a sufficiently motivated adversary. Most of us will never deal with that and be perfectly safe with industry standard IT security, but there is no 100% guarantee. You need a quick and easy recovery process supported by data from recent system backups that ensures you won’t be handing your hard-earned money over to hackers and hoping they keep their word to decrypt your data.
Go West has decades of experience in building custom software that not only improves the overall user experience but is also easily deployable, which allows customers to quickly swap out hardware and minimize downtime. Want to know more about how we can help you reduce the impact of cyberattacks? Please send us a note and let us know how we can help you.
Is there a topic you need help with or would like us to cover? Drop us a quick note and let us know: firstname.lastname@example.org
Want to learn more?
We'd love to talk to you. Contact us to see how we can help.
ROS is, without a doubt, one of the most widely used frameworks for developing robotics applications but is a complex framework that can easily lead to more trouble than it is worth. Is ROS the best option for you?
Building a comprehensive test suite will allow you to spend less time on releasing hardware, testing cells, and on-site support, which frees up your team to focus on what matters.
The Go West Robotics leadership team dropped in on The Robot Industry Podcast to discuss how we help integrators scale.