Addressing the Complex Cyber Security Needs of Digital Manufacturing

This approach is backward in that the hacker attacks the wireless network from the wired network, which makes it the only approach that can be carried out remotely. At the point where the wireless network interfaces with the wired systems, it is possible to configure some devices to participate in the wireless system via an ad-hoc connection. The hacker can then bridge the gap between the two networks, allowing unsanctioned access to the wireless network from the wired network.

Rogue APs

A poorly managed wireless network may permit the addition of new APs able to communicate with the devices. This capability can be used legitimately to improve network coverage, but a hacker can also insert a device and use it to participate in normal network traffic.

Man in the middle

An intruder inserts a wireless node in the path of legitimate communication between a transmitter and gateway cutting off the direct path. As a result, each end of the link thinks the new node is the other. The hacker can manipulate the data flow, inserting false data or instructions at will. This requires intimate knowledge of the network and management methods, plus the ability to place the device in the network.

Reconnaissance and cracking

As wireless networks have developed over the last decades, the encryption methods have been broken, requiring them to be improved with each networking advance. WirelessHART uses AES 128-bit encryption which remains unbreakable by brute force. So even if an attacker can get close enough to eavesdrop on the device-to-gateway communication, the encryption makes it impossible to decode and understand the data.

These attack vectors can be addressed by implementing the following preventative measures.

Addressing Attack Vectors

Access Control

Controlling access to the network requires every device to authenticate itself so it can join a network and communicate with the gateway.

Network Protection

The two main network protection methods are, first, all wireless communication is encrypted with AES128-bit encryption with multiple keys, and second, all devices on the network are authenticated.

Preserving Data Confidentiality and Integrity

In spite of all these security measures, careless users and poor network managers can create vulnerabilities by being lax with passwords and join keys. If these are not applied to their greatest advantage and workers trained to understand their importance, they can fall into the hands of hackers allowing them to gain access.

Integrating a Solution

Cybersecurity for digital manufacturing initiatives cannot be implemented piecemeal. Networks must be evaluated end-to-end rather than inserting firewalls and other security appliances at random points.

Creating a new cybersecurity strategy or evaluating an existing one requires working with a vendor able to manage the big picture to create a network with the required security features. Once the proper network is selected, users must be vigilant to ensure ongoing cybersecurity. If these steps are taken, the network will be sufficiently secure for the most critical applications.