Cybersecurity and Automation
Industrial automation systems vulnerable
Nearly all the products we purchase are processed by automated systems. If these were to stop working, or workflow maliciously adjusted, there would be a clear issue immediately as the products were assembled incorrectly or broken during the “adjusted” process. While this potential to wreck our way of life if implemented on a large scale, there has not been a sufficient amount of attention paid to it. Recently, a new vulnerability was uncovered with the equipment. This vulnerability, which is critical, is in the real-time automation’s (RTA) 499E5 EtherNet/IP (ENIP) stack. The stack is widely used and is the standard for factory floor I/O applications in North American plants. If the attacker is able to exploit this, the equipment could experience a DoS-type attack, and allow for remote code execution. This vulnerability, CVE-2020-25159, has the opportunity to not only shut down a line and part of a plant but also be instructed to do whatever the unauthorized third party directs it to. Based on the pertinence to society these automated processed play and the costs associated with these lines not being productive, more of a focus needs to be applied to this. There is even a tool available used to scour the internet seeking the robots used in these processes which are not properly secured. Without cybersecurity, in place, there is the potential for individual attacks and much worse with a concerted attack.