Smart Factory Insights: Zombie Cars: The Next Pandemic Is Digital

In the manufacturing world, we increasingly rely on internal and outsourced security partners to keep our IT networks safe. One report stated that as many as 50% of manufacturing companies have already been the target of ransomware attempts. Therefore, there is more work to do, especially on the neglected IT network. Industry requirements, such as CMMC, invoke costs and difficulties. But like traceability in the past, with the right preparation, this “burden” can be turned around to become a near zero cost, or even a benefit.

You vs. the Hackers
As operational security in the market evolves, hackers are increasingly “left-shifting” their operations toward the source of targeted products: manufacturing. Unlike biological viruses, hackers often share their intrusion tools freely to disguise their origin, resulting in a whole stream of concurrent attacks, each with different motivations and intents. Risk increases so that our seemingly genuine Smart personal, household, automotive, medical, and defense products could suddenly turn against us.

It's no joke that there may be hackers who would like to create a game of “Zombie Cars,” taking remote control of vehicles. They would suddenly take over as you drive along the freeway and use it as a tool to extort money from you; this is technically possible. (Examples of such remote control can easily be seen on YouTube.) Imagine a group of vehicles taken over and used for coordinated disruption. As vehicle control security is ever heightened, the hackers simply get more resourceful; they are focusing on manufacturing, with even the simplest and seemingly innocuous Smart/connected devices as targets. Cars have hundreds of interconnected controllers, where a simple media player or window winder module could become the cyberattack entry point. In the same way, a compromised USB stick on the manufacturing shopfloor could easily be the attack mechanism.

Once they succeed into a manufacturing network, it is open season on:

  • Competitive information: Customer and supplier names, capacities, capabilities, schedules, and shipping information that anyone from counterfeiters to dishonest competitors can use against you
  • Private information: Organizational and structural details, investors, employee details, payroll records, travel, and expense information
  • Intellectual property: Product design and technologies, bill of materials, which together enable the creation of clones and counterfeits in the market
  • Product alteration: The changing of data related to product documentation, bill of materials, and embedded software to establish quality or security vulnerabilities
  • Hijacking: Implementation of ransomware or parasite programs mining for bitcoin using computers built into automation
  • Sabotage: Machine instructions can be altered, either to damage processes and cause downtime, or to make subtle changes leading to quality issues, new product launch delays, or product-related issues in the market 

Though these may sound a little ambitious, consider that there have been complex attacks in which design information, for example, was intercepted between design and manufacturing such that cloned products could be manufactured but with alterations that allowed embedded spyware to be active. Shipping information was also hacked so that substitutions of real products with the cloned products could be made. Traceability data was hacked so that legitimate serial numbers would be matched. Noticing a single cybersecurity incident within an organization often represents just the tip of the iceberg of what has been unknowingly happening, which, in at least one documented case, went on for over a decade.

Further Complicating the Problem
Industry regulators are responding to the threat, but with requirements that significantly impact the profitability of most manufacturers and increase the burden on executive accountability but do little to reduce risks. The idea that a firewall and virus checkers keep things relatively safe in IT networks may be true in the office, but this is not true when it comes to manufacturing floors. Most production automation has internal computers, which have been designed for the single purpose of operating the machine and use the same common operating systems, such as Windows. These machines are often now connected for the purposes of MES, machine learning, closed loops, dashboards, program management etc., so in most manufacturing facilities, there is a manufacturing network (OT) in place. These machines, however, typically cannot run anti-virus software, as that may affect the precise timings of the machines, and very often operating systems cannot be upgraded due to the fixed hardware and software limitations. They continue to contain known security vulnerabilities with no checks in place for the latest known vulnerabilities. Any cybersecurity intrusion can spread almost instantly from a single point of entry to every machine on the network.

The reality is that in almost all factories there are many types of automation, from many vendors, with many versions of unprotected software. This is further complicated by numerous instances of middleware; the OT network connection to the IT network has therefore become a critical security concern. In some cases, connection is not allowed at all, as firewalls allow legitimate traffic to flow, which are emulated by viruses that may already be present in the OT network. Data breaches are a major concern as product data, traceability data, and electronic visibility and control are all somehow inevitably transferred to and from the OT network, often using uncontrolled USB drives, middleware, or in-house developed software. It is an absolute nightmare for IT teams, which cannot practicably be expected to be in control all the time.

Become Solution-Oriented
I wish I could describe a perfect and simple solution, such that manufacturing can avoid the cost, compromise, and burden of security measures that will imminently be required in manufacturing, but I cannot. The reality is that there is no easy answer. There are some principles that can and should be established as soon as possible to reduce the cost, risk, and impact from security breaches, or requirements for protection, which enable easier compliance and benefit the factory. Think back to the early days of traceability, where data collection and collation quickly became a major burden for the industry, with accuracy and usefulness of reporting, as well as long-term storage of data being quite a challenge. As technologies developed, native traceability data extraction mechanisms became normal with the IPC-1782 traceability standard defining exactly what is needed and how to communicate requirements. The IPC-CFX standard securely extracts traceability data in a single standard language. This enables the use of traceability data for machine learning and active quality management, thus building value from contextualization of events in many ways, turning an everyday burden into an everyday benefit. Preparedness and utilization of the right technologies and solutions turns situations around.

Trying to bolt on a high-security regime on top of an existing shop-floor network, more reminiscent of the “wild west,” is likely to invoke a life-changing experience. Instead, there are several things that can be considered and prepared that will secure production, while at the same time modernizing and streamlining the operation for improved performance and quality, thus reducing costs and risks. Some things for immediate consideration are:

Is the current exchange of data on the shop floor secure?

  • Is any of the data open and not encrypted end to end?
  • Is there any third-party middleware involved?
  • Are there one or more “translations” of machine data?

If the answer to any of these questions is “yes,” then consider the use of IPC-CFX (Connected Factory Exchange) which is already supported by an increasing list of machine vendors.

Are the shop-floor solutions secure?

  • Are there home-grown solutions that cannot be modified or maintained?
  • Are there multiple solutions that share data through an automated or manual translation process between solutions?
  • Are USB devices to transfer data ever needed?
  • Is sensitive data ever sent by email?
  • Is my IT network connected somehow with my OT network?

If the answer to any of these questions is “yes,” then the infrastructure and interoperability of solutions should be reviewed with the ideal being a single, secure IIoT-based MES platform that provides secure interoperability with other solutions, such as ERP, PLM etc.

Are my people secure?

  • Does anyone have access to data that is not of immediate relevance for their tasks?
  • Does anyone have contact with key intellectual property relating to the product, such as when preparing automation programs or work instructions?
  • Are there people operating computers or automation that have not been appropriately trained in cybersecurity?
  • Are there areas in which enforced and monitored best practices for security are not established?
  • Does my OT network have a flat structure, not segmented according to customer/product/environment?
  • Do the IT team refuse or are unable to take full 24/7 responsibility for OT network security?

If the answer to any of these questions is “yes,” then it is important to now start identifying vulnerabilities and to establish best practices, such as the replacement of procedures. For example, this might involve emailing multiple documents relating to the design of a product between engineering groups with applications that utilize PCB layout and 3D CAD design data through secure digital manufacturing engineering tools that don’t require users to manually access the raw design data. It is also advised to implement an OT-specific cybersecurity package that detects abnormalities on an OT network, including the operation of machines and other automation.

Are my products secure?

  • Am I sure that there has been no manipulation of product or manufacturing data due to any cyberattack?
  • Where a cyber-intrusion has been detected, can I identify and quarantine those materials and products that may have been affected and inform the supply-chain appropriately to prevent issues from further escalating in the market?

If the answer to either of these questions is “no,” then implementation of the new IPC-1793 Cybersecurity standard is advised, which includes exact traceability in manufacturing of the association of material to products, such that potentially affected specific products can be identified and quarantined.

For sure, almost no facility should feel as though it is well prepared for coming security requirements; there is no magic pill. But by implementing some intelligent practices as part of digital transformation projects, most requirements can be addressed without excessive cost or burden to the operation, and just like modern traceability, can bring with it best practices that directly and positively impact profitability.

This column originally appeared in the July 2022 issue of SMT007 Magazine.




Smart Factory Insights: Zombie Cars: The Next Pandemic Is Digital


In the manufacturing world, we increasingly rely on internal and outsourced security partners to keep our IT networks safe. One report stated that as many as 50% of manufacturing companies have already been the target of ransomware attempts. Therefore, there is more work to do, especially on the neglected OT network. Industry requirements, such as CMMC, invoke costs and difficulties. But like traceability in the past, with the right preparation, this “burden” can be turned around to become a near zero cost, or even a benefit.

View Story

Smart Factory Insights: Fractional Materials and High-Mix Manufacturing


We used to discuss manufacturing paradigms in terms of high- or low-mix, coupled with high- or low-volume, with many shades of grey in between. Now, we have a new dimension, that of high-volatility, as key dependencies on labour, materials and logistics contribute challenges to production, which in turn, is subject to the volatility of customer demand. Material management more than ever before, is being either the key enabler for business success, or your nemesis in not being able to achieve the necessary recovery plan if not thought out properly.

View Story

Smart Factory Insights: Has the Industry 4.0 Gold Rush Ended?


Industry 4.0, though only five years old, already has a checkered history. With buzzwords flying, existing technologies—re-branded as Industry 4.0 solutions—have been in demand. Manufacturers embarked on the Industry 4.0 “gold rush” to gather as much data as possible, and by whatever means necessary, to get those nuggets of smart manufacturing credibility. Today, the more mature approach of Industry 4.0 is emerging with consideration of a real return on investment (ROI) as well as sustainability. Taking advantage of such maturity may have been the smartest option all along.

View Story

Smart Factory Insights: CFX IIoT Open-Source Hardware


The IPC Connected Factory Exchange standard, CFX, has triggered a revolution in the way that industrial machines communicate in a secure, IIoT-based, plug and play environment. Attention now is on how CFX can be connected to older, “dumber” machines, bringing 100% visibility and control across the whole manufacturing floor, thereby avoiding the numerous technical and financial pitfalls historically experienced.

View Story


Smart Factory Insights: Digital Transcendence—Fear of The Unknown


The first three industrial revolutions have brought us automation of physical tasks through adoption of mechanical and electrical machines, the benefit of which has been quite easy to appreciate. Industry 4.0 automation, however, is driven almost exclusively from the digital realm, representing a whole new world of intangibility. With manufacturing being rather averse to unplanned change or risk, unless there are very compelling reasons, how do we get to fully trust digital technology needed for our businesses today, taking us toward manufacturing digital transcendence?

View Story

Smart Factory Insights: The Costs of Legacy Thinking


As humans, we learn facts, gain impressions, create solutions, put practices into place, and move onto our next challenge. Over time, our intent is to create a legacy of value, but in many cases, we are creating legacies in a different sense. Our knowledge, experience, and creations age or become superseded, but there is resistance to replace or update. An increasing gap develops between perception and reality. Younger, more agile peers take advantage, get ahead, and we look away, thinking that they don’t know what they are doing. Though a natural human phenomenon, decision-makers in manufacturing today need to bear this mind more than ever.

View Story

Smart Factory Insights: Hands-off Manufacturing


The use of automation has not eliminated causes of unreliability, nor defects, which ironically continues to drive the need for humans to be hands-on, even as part of SMT operations. There is clearly something missing, so cue our digital twin.

View Story

Smart Factory Insights: Me and My Digital Twin


A fully functional digital twin involves more than it may initially seem. At first we tend to think about access to information. There is a great deal of trust to be taken into account when creating a digital twin, as there is scope for its use both for good and evil.

View Story


Smart Factory Insights: Changing Roles in the Digital Factory


Experts once required to have a knowledge of specialized materials and processes are giving way to those experienced in the application of automated and computerized solutions. Michael Ford describes how it is time to reinvent the expectations and qualifications that we seek in managers, engineers, and production operators to attract and support a different kind of manufacturing innovation.

View Story

Smart Factory Insights: Smart Factories—Indirectly the Death of Test and Inspection


In the smart factory, test and inspection are reinvented, contributing direct added value, playing a new and critically important role where defects are avoided through the use of data, and creating a completely different value proposition. Michael Ford explains how the digitalized Deming Theory can be explained to those managing budgets and investments to ensure that we move our operations forward digitally in the best way possible.

View Story

Smart Factory Insights: Trust in Time


We’ve all heard of “just in time” as applied to the supply chain, but with ongoing disruption due to COVID-19, increasing risk motivates us to return to the bad habit of hoarding excess inventory. Michael Ford introduces the concept of "trust in time"—a concept that any operation, regardless of size or location, can utilize today.

View Story

Smart Factory Insights: It’s Not What You Have—It’s How You Use It


According to the reports, all the machines in the factory are performing well, but the factory itself appears to be in a coma, unable to fulfill critical delivery requirements. Is this a nightmare scenario, or is it happening every day? Trying to help, some managers are requesting further investment in automation, while others are demanding better machine data that explains where it all went wrong. Digital technology to the rescue, or is it making the problem worse?

View Story

Smart Factory Insights: Seeing Around Corners


Each of us has limitations, strengths, and weaknesses. Our associations with social groups—including our friends, family, teams, schools, companies, towns, counties, countries, etc.—enable us to combine our strengths into a collective, such that we all contribute to an overall measure of excellence. There is strength in numbers. Michael Ford explains how this most human of principles needs to apply to IIoT, smart manufacturing, and AI if we are to reach the next step of smart manufacturing achievement.

View Story

Smart Factory Insights: Size Matters—The Digital Twin


In the electronics manufacturing space, at least, less is more. Michael Ford considers what the true digital twin is really all about—including the components, uses, and benefits—and emphasizes that it is not just an excuse to show some cool 3D graphics.

View Story

Smart Factory Insights: What You No Longer Need to Learn


Naturally evolving layers of technological applications allow us to build and make progress, layer by layer, rather than staying relatively stagnant with only incremental improvement. To gain ground in manufacturing, Michael Ford explains how we need to embrace next-layer hardware and software technologies now so that we can focus on applying these solutions as part of a digital factory.

View Story


Smart Factory Insights: Dromology—Time-space Compression in Manufacturing


Dromology is a new word for many, including Microsoft Word. Dromology resonates as an interesting way to describe changes in the manufacturing process due to technical and business innovation over the last few years, leading us towards Industry 4.0. Michael Ford explores dromology in the assembly factory today.

View Story

Smart Factory Insights: Trends and Opportunities at SMTAI 2019


SMTAI is more than just a simple trade show. For me, it is an opportunity to meet face to face with colleagues and friends in the industry to talk about and discuss exciting new industry trends, needs, technologies, and ideas.

View Story

Smart Factory Insights: Recognizing the Need for Change


We are reminded many times in manufacturing, that "you cannot fix what you cannot see" and "you cannot improve what you cannot measure." These annoying aphorisms are all very well as a motivational quip for gaining better visibility of the operation. However, the reality is that there is a lot going on that no-one is seeing.

View Story

Accelerating Tech: Standards-driven, Digital Design Flow for Industry 4.0


The term “fragmented manufacturing” is a good way to describe current assembly manufacturing challenges in an Industry 4.0 environment. Even in Germany, productivity reportedly continues to decline. To reach the upside of Industry 4.0, data flows relating to design play a major role—one that brings significant opportunity to the overall assembly business.

View Story

The Truth Behind AI


The term "artificial intelligence" or "AI" has become a source of confusion for many—heralded as part of Industry 4.0, yet associated with the threat of automation replacing human workers. AI is software rather than hardware, and it's time to put these elements of AI into context, enabling us as an industry to embrace the opportunities that so-called AI represents without being drawn in, or pushed away, by the hype.

View Story


Resolving the Productivity Paradox


The productivity paradox continues to thrive. To a growing number of people and companies, this does not come as a surprise because investment in automation alone is still just an extension of Industry 3.0. There has been a failure to understand and execute what Industry 4.0 really is, which represents fundamental changes to factory operation before any of the clever automation and AI tools can begin to work effectively.

View Story

The Truth About CFX


A great milestone in digital assembly manufacturing has been reached by having the IPC Connected Factory Exchange (CFX) industrial internet of things (IIoT) standard in place with an established, compelling commitment of adoption. What's the next step?

View Story

Advanced Digitalization Makes Best Practice, Part 2: Adaptive Planning


For Industry 4.0 operations, Adaptive Planning has the capability of replacing both legacy APS tools, simulations, and even Excel solutions. As time goes on, with increases in the scope, quality and reliability of live data coming from the shop-floor, using for example the CFX, it is expected that Adaptive Planning solutions will become progressively smarter, offering greater guidance while managing constraints as well as optimization.

View Story

Advanced Digitalization Makes Best Practice Part 1: Digital Remastering


As digitalization and the use of IoT in the manufacturing environment continues to pick up speed, critical changes are enabled, which are needed to achieve the levels of performance and flexibility expected with Industry 4.0. This first part of a series on new digital best practices looks at examples of the traditional barriers to flexibility and value creation, and suggests new digital best practices to see how these barriers can be avoided, or even eliminated.

View Story

Configure to Order: Different by Design


Perhaps in the future, sentient robots looking back at humans today will consider that we were a somewhat random bunch of people as no two of us are the same. Human actions and choices cannot be predicted reliably, worse even than the weather. As with any team however, our ability to rationalize in many different ways in parallel is, in fact, our strength, creating a kind of biological “fuzzy logic.”

View Story


Counterfeit: A Quality Conundrum


There is an imminent, critical challenge facing every manufacturer in the industry. The rise in the ingress of counterfeit materials into the supply chain has made them prolific, though yet, the extent is understated. What needs to be faced now is the need for incoming inspection, but at what cost to industry, and does anyone remember how to do it?

View Story
Copyright © 2022 I-Connect007. All rights reserved.