As the industrial production system in this country becomes increasingly integrated with smart, connected technology, more physical security risks will become apparent.
In a recent article for Dark Reading, Managing Editor Tara Seals writes about how serious bugs in factory automation software from both Rockwell Automation and Mitsubishi Electric might enable serious access control breaches from bad actors. She writes that today’s so-called “smart factories” might be vulnerable to everything from product tampering to denial-of-service (DoS) concerns, and remote code execution (RCE) by way of entities that aim to access factories and the sensitive materials and data they house.
Seals explains that the warning is coming in loud and clear from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The government agency issued a warning that “an attacker could exploit the Mitsubishi Electric bug (CVE-2023-6943, CVSS score of 9.8) by calling a function with a path to a malicious library while connected to the device.” These vulnerabilities could pave the way for significant beaches. These are just two of several serious vulnerabilities impacting Rockwell Automation and Mitsubishi’s smart factories, according to a disclosure issued by CISA.
Infosecurity Magazine details some of CISA’s threat mitigation recommendations regarding the vulnerabilities associated with these two companies’ systems. They include:
- Reducing network exposure for control system devices and control systems as a whole — this makes sure that these systems aren’t accessible by way of vulnerable Internet connections.
- Pinpoint control system networks and remote devices that are shielded behind firewalls — these would be isolated from crucial business networks that could be open to easy hacks.
- In the case of remote access to systems, CISA recommends that company stakeholders harness methods like VPNs as a more foolproof security measure. Infosecurity Magazine notes that VPNs have their own vulnerabilities and flaws and should be consistently upgraded to their most current, secure versions complete with all of the latest software updates.
In the conclusion to her piece, Seals writes that CISA’s recommendations are coming at a fraught time. Chinese and Russian threats against physical infrastructure systems and manufacturing systems are only ramping up. These foreign bad actors “show no signs of letting up their assaults on utilities, telecoms, and other high-value targets,” she concludes.
Ensuring that all systems are updated and any serious vulnerabilities are patched up can make all the difference. As manufacturing increasingly relies on Internet-connected systems to function, it’s important that any physical and cybersecurity blind spots are addressed right away.
Peter Cavicchia II 