1. Comment
July 19, 2022

Cyberattacks: Predatory Sparrow targets Iranian factory

On 27 June, 2022, two Iranian steel companies, Mobarakeh Steel Company and Khuzestan Steel Industries, suffered cyberattacks. Hacktivist group Predatory Sparrow subsequently claimed responsibility. Notably, one of the attacks targeted a Khuzestan steel factory and caused an industrial machine to seriously malfunction, vomiting fire and molten steel across the factory floor.

The attack on the Iranian factory highlights how susceptible modern industrial facilities can be to cyberattacks, and how serious the consequences can be. Moreover, current technological trends in the manufacturing industry will only exacerbate these threats.

To understand how manufacturing facilities are increasingly vulnerable to cyberattacks, it helps to understand the history of industrialized manufacturing, which can be divided roughly into four stages.

The history of industrialized manufacturing

The first stage of industrialized manufacturing (Industry 1.0) saw the mechanization of production by replacing human workers with steam-powered machines in the early-mid 19th century. The second stage (Industry 2.0) took place roughly from the mid-19th century to the First World War and saw the electrification of factories and the beginnings of mass production. Crucially, these first two stages of industrialized production involved only what we would now term ‘operational technology’ (OT). OT refers to the machines and systems that control industrial processes. For example, 19th-century steam pumps and textile machinery would be early examples of operational technology. During these stages, the internet, information technology (IT), and (therefore) cybercrime did not exist.

The third stage (Industry 3.0) took place between 1950 and 1970. This stage integrated into industrialized manufacturing what we would now term ‘information technology’ (IT). IT refers to systems that produce, store, and transmit electronic data. For the first time, computers were integrated into the manufacturing process, and industrial equipment could be automated with computer numerical control (CNC) machining. As the role of IT grew in all sectors and the internet was born, so too did cybercrime develop. The first computer worm was created in 1972, and the first virus in 1983.

We have recently entered the fourth stage (Industry 4.0) of industrialized manufacturing. In this stage, OT and IT converge even more. Manufacturing is made more efficient by acting on insights derived from data collected from OT assets by IoT sensors, stored on the cloud, and analyzed by AI.

Cyberattacks in Industry 4.0

Industry 4.0’s emphasis on marrying OT with IT to harvest data from industrial equipment results in OT assets becoming more vulnerable to cyberattacks. Critically, it is increasingly common for OT assets to be connected to both the internet and the corporate network. This makes it easier for companies to remotely operate machinery and monitor operational output. Equipment vendors also often want their machines to be internet-connected when installed so that maintenance is easier. However, any OT or IT asset that is connected to the internet is (theoretically) hackable, and any device that is both internet and network-connected can act as a gateway into the corporate network for threat actors.

This potential vulnerability is often turned into a very real vulnerability by the frequent absence of cybersecurity apparatus protecting OT assets from cyberattacks. One reason for this is the sheer number of OT assets in a company’s supply chain, which makes gaining network visibility (being able to monitor the data transmitted to and from every OT asset) extremely difficult. Another reason is the sheer diversity of OT equipment typically included in a company’s supply chain, or indeed in just a single factory. This equipment will vary in function, vendor, installation date, and firmware level. These differences mean that there usually is no quick fix to an OT environment’s cybersecurity vulnerabilities (like a software update or patch that impacts all OT assets). In addition, many connected IoT sensors do not have sufficient computing power to have proper security software installed on them.

Furthermore, Industry 4.0’s pursuit of data-driven insights exposes critical skills gaps between OT and IT teams, who are often unfamiliar with the other’s technological field and yet increasingly are required to accommodate both when working in industrial environments. This can result in the cybersecurity of OT assets being overlooked. For example, an OT specialist installing a piece of industrial equipment may add an internet connection at the recommendation of the equipment’s installation manual, not realizing that this internet connection automatically renders the equipment a potential target for cyberattacks.

An uncertain future

The BBC’s coverage of the recent cyberattack on the Iranian factory argued that the attack was unusual because it caused damage in the physical world, rather than the digital. Of course, Iran has experienced such cyberattacks before: in 2010, the Stuxnet attack crippled centrifuges at Iran’s uranium enrichment facilities. Unfortunately, the growing threat posed by cyberattacks to OT assets means that we could be seeing more industrial equipment malfunctioning in similarly disastrous ways in the future.

Related Report
img
GlobalData Thematic Research