October 2020

| INTERVIEWS & REPORTS | www.smartmachinesandfactories.com September/October 2020 | 33 | I n research conducted jointly with Politecnico di Milano, Trend Micro has revealed previously unknown design flaws that the so-called threat actors can misuse to hide malicious functionalities. Such flaws are almost impossible to fix, and can remain persistent within a factory, silently altering the quality of a product, or waiting to halt a manufacturing line. As a result of this research, security- sensitive features were identified in the eight most popular industrial robotic programming platforms, and a total of 40 instances of vulnerable open source code have been found. One vendor has removed the automation program affected by a vulnerability from its application store for industrial software, and two more have been acknowledged by the maintainer, leading to fruitful discussion. Details of the vulnerability disclosures have also been shared by ICS-CERT in an alert to their community. The two partners have developed a patent-pending tool to detect vulnerable or malicious code in task programs, thus preventing damage at runtime. Legacy proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript were designed without an active attacker model in mind. Developed decades ago, they are now essential to critical automation tasks on the factory floor, but they can’t themselves be fixed easily. Not only are vulnerabilities a concern in the automation programs written using these proprietary languages, but researchers demonstrate how a new kind of self-propagating malware could be created using one of the legacy programming languages as an example. “Once OT systems are network- connected, applying patches and updates is nearly impossible, which makes secure development upfront absolutely critical,” said Bill Malik, vice president of infrastructure strategies for Trend Micro. “Today, the software backbone of industrial automation depends on legacy technologies that Cybersecurity – beware of outdated programming language Although robots and other programmable industrial machines are the backbone of the modern factory, and the technology behind them is fundamental to Industry 4.0, these machines often run on outdated proprietary programming languages that make it difficult for developers not to introduce vulnerabilities in their code. Andy Pye reports.