Abstract
In the last decades, factories have suffered a significant change in automation, evolving from isolated towards interconnected systems. However, the adoption of open standards and the opening to the internet have caused an increment in the number of attacks. In addition, traditional intrusion detection systems relying on a signature database, where malware patterns are stored, are failing due to the high specialization of industrial cyberattacks. For this reason, the research community is moving towards the anomaly detection paradigm. This paradigm is showing great results when it is implemented using machine learning and deep learning techniques. This chapter surveys several incidents caused by cyberattacks targeting industrial scenarios. Next, to understand the current status of anomaly detection solutions, it analyses the current industrial datasets and anomaly detection systems in the industrial field. In addition, the chapter shows an example of malware attacking a manufacturing plant, resulting in a safety threat. Finally, cybersecurity and safety solutions are reviewed.
TopIntroduction
Nowadays, industry plays a fundamental role in our society since an essential part of the economy is based on this sector. Therefore, any advance that involves a significant increase in the industrial production of factories is associated with an improvement in the economy and, consequently, with the growth of countries. In this context, industrial processes automation has been the way followed by factories to increase production without increasing cost.
Decades ago, automation in factories consisted of small isolated elements capable of making measurements and, based on these measurements, performing certain types of actions. However, new technologies are being introduced progressively in the industrial ecosystem, facilitating the automation of processes. In recent years, new terms, such as Industry 4.0 (Lasi et al., 2014), Industrial Internet of Things (IIoT) (Boyes et al., 2018), and recently, Industry 5.0 and Society 5.0 (Perakovic et al., 2020), have emerged strongly. In general, these terms are related to each other and refer to introducing new smart devices in industrial factories. These devices use typical technologies of communication networks, such as Ethernet or WiFi, to exchange information between them. In addition, more and more factories are being connected to the Internet (Mirian et al., 2016) to provide new functions such as remote control or information sharing between factories in different geographical areas. In addition, and based on the Industry 5.0 paradigm, Artificial Intelligence (AI) techniques are being introduced in industrial scenarios (Skovelev et al., 2017).
Although Industry 4.0/5.0 comprises many different elements and the identification of its parameters is crucial (Perakovic et al., 2020), the core part of the factory automation are the Industrial Control Systems (ICS) that encompass a large number of heterogeneous devices whose goal is to control and supervise industrial processes. To achieve this goal, ICS comprise devices that operate in both the logical and physical layers of industrial processes. This is the reason why ICS are also known as Cyber-Physical Systems (CPS). Devices in the logical layer govern the system behavior, while devices in the physical layer, such as controllers and sensors, interact with the physical world.
Key Terms in this Chapter
Actuator: A device responsible for moving a physical mechanism.
Botnet: A network of internet-connected devices infected by a bot, generally used to perform Distributed Denial-of-Service (DDoS) attacks and send spam.
Industrial Control System: A set of heterogeneous devices and networks in charge of controlling industrial devices. industrial control systems includes supervisory control and data acquisition systems, programmable logic controllers, sensors, and actuators.
Supervisory Control and Data Acquisition: A system used in industrial scenarios to supervise and control processes.
Ransomware: A type of malware that blocks access to computer data, generally using a cipher algorithm, and ask for a ransom.
Human Machine Interface: A device that shows information about the process status and where an operator can interact with the process.
Programmable Logic Controller: A industrial device to control industrial processes. It serves as an intermediary between SCADA and sensors/actuators.
Malware: A software specially designed to cause damage to the user computer.
Intrusion Detection System: A system that analyzes networks or hosts in order to detect anomalous activities.
Sensor: A device capable of performing measures and send the information to a computer.