Keep machine tools, shop floor data safe from hackers

Securing computer systems from intruders should be top priority at homes and businesses alike. Unfortunately, many wait until something goes terribly wrong before taking action.

Proactive security measures become even more important as manufacturing software moves into the cloud, machine tool intelligence and automation continue to grow, and the Industrial Internet of Things makes big data an increasingly big deal.

There are a lot of troublemakers out there, waiting for an opportunity to hack into machine tools, servers and users’ computers. Case in point: Nissan manufacturing facility in England hit by cyberattack.

But you just want to make parts. Who has time to worry about a catastrophe that may never happen? Why should you take the trouble to hire an expensive IT geek to sit around watching for that catastrophe—someone who will then enforce a bunch of crazy password rules and internet restrictions on everyone in the company?

Hassle or not, that’s exactly what manufacturers should do, at least if they’re concerned with machine uptime, intellectual property, data integrity, and loss of the files and software residing on company servers and desktop computers. Can’t afford a full-time IT person? Then consider contracting the services of someone like Leonard Jacobs.

Jacobs is president and CEO of Netsecuris Inc., a managed information security services provider in Minneapolis. His customers include smaller companies that recognize today’s computing risks but can’t justify their own IT staffs and larger firms that need a hand identifying vulnerabilities or continuously monitoring their network traffic.

According to Jacobs, troublemakers attempt to access a network through phishing scams. These are email messages that appear legitimate, but actually contain links to fraudulent websites that trick the recipient into entering sensitive credit card or social security information, for example. Email links may also launch malicious code known as malware, opening back doors for future network reconnaissance. They may secretly install viruses and worms or launch a ransomware attack, whereby the user’s computer and data—or possibly a CNC machine tool—is held hostage until a fee is paid.

Posted and easily guessed passwords are asking for trouble.

“By not scanning the contents of a USB flash drive with appropriate antivirus software before plugging it in, people often accidently introduce malware into their computer,” he said. “Sometimes people can pick up a virus from visiting websites that might appear legitimate, but are infected with malicious code. We see this all the time while monitoring our customers.”

Unacceptable Passwords

Whether you hire a professional or not, Jacobs said regular user training is an important first step in keeping hackers at bay. Teach workers to not click on suspicious links, show them how to construct complex but easy-to-remember passwords and slap the hands of those caught taping a piece of paper with their password written on it to the front of a computer.

“Another frequent mistake is giving people administrative access to their own computer,” Jacobs said. “This allows them to inadvertently install software, which increases the risk of a virus. Be sure to keep all computers up to date with security patches and antivirus updates.”

Those include the computers inside the shop floor’s CNC equipment. Brad Klippstein, controls product specialist at Okuma America Corp., Charlotte, N.C., said regular patching is something many shops overlook, especially those without an IT department. However, it is an important part of any preventative-maintenance program.

Patching is just a small part of the network security picture, however. Like most large organizations, Okuma is the target of frequent digital attacks, which is why Klippstein recommends a robust firewall.

Hardware devices like the Okuma NETBOX are only part of a sound network security strategy. User training, strong password policies and other good IT practices are also important. Image courtesy of Okuma America.

“Even without some of the hardware security devices introduced recently,” Klippstein said, “it’s quite feasible to configure the network in a way that isolates the CNCs from the rest of the company. All that’s needed is to set rules for what types of information are allowed or not allowed to move through the different ports in the firewall. Then make sure the network routers and switches are secured with strong passwords. We’ve been doing it for years.”

Klippstein noted system security also involves establishing an intranet, or VLAN (virtual local area network), a network inside of a network that is isolated from the outside world.

Simplifying Security

“If a hacker or other person with malicious intent gains access to an unprotected port,” Klippstein said, “they can ‘spiderweb’ out to any device on the network, including the machine controls, from which they can launch attacks on other devices. Using a separate LAN eliminates that risk.”