Cybersecurity for Manufacturing Basics 101
Cybersecurity for Manufacturing Basics covers the foundational concepts of cybersecurity as it relates to the manufacturing sector. As manufacturers adopt Industry 4.0 technology to enhance the digital connectivity of facilities, a fundamental understanding of cybersecurity is becoming more critical to preventing losses due to cyber attacks. The United States government identifies manufacturing as one of the 16 critical U.S. infrastructures. Consequently, ensuring the strength and integrity of this sector is crucial to national safety and security.
Cyber threats generally involve attempts by hackers to utilize malware, such as viruses or digital worms, to disrupt or disable technology or to gain access to systems illegally to obtain sensitive information. Malicious hacking attempts may involve individuals, groups of individuals, or even other nations. This course will help manufacturers and manufacturing personnel understand and identify basic cyber threats.
Number of Lessons 12
- The Importance of Cybersecurity
- Industry 4.0 and the Industrial Internet of Things
- IIoT Cybersecurity Basics
- Review: IIoT Cybersecurity Introduction
- Common Virus Types
- Protecting Against Cyber Attacks
- Federal Cybersecurity Resources
- Review: Basic Malware Types and Protection
- Describe the importance of cybersecurity in manufacturing.
- Describe Industry 4.0 and the Industrial Internet of Things.
- Identify basic capabilities and risks of IIoT devices.
- Distinguish between criminal hacking and ethical hacking.
- Distinguish between basic types of malware.
- Describe how a virus functions.
- Distinguish between different types of common viruses.
- Describe how a digital worm functions.
- Describe basic steps for protecting against cyber attacks.
- Identify cybersecurity resources available through the U.S. government.
A logical and mathematical expression that models a process or action. Algorithms are coded into a computer program that forms the rules by which a device such as a robot will interact with its environment.
Security software that protects against various types of malware. Many anti-malware products protect against the latest malware and may not include protection against some older malware types.
The use of self-regulated equipment, processes, or systems that meet manufacturing requirements with limited human intervention. Automation, which includes both robotic and CNC-controlled processes, is an efficient means of performing manufacturing processes.
black hat hackers
A type of hacker who uses computer coding and other skills to carry out illegal activities, such as stealing sensitive data or disabling digital technology. Black hat hackers, or criminal hackers, may include nation-states, foreign or domestic groups, or individuals seeking financial or political gain.
browser hijacker virus
A type of computer virus that can take control of browser software on a computing device without the user's consent. A browser hijacker virus may open malicious websites where links to other malicious content are located.
A combination of hardware and software computing technology typically provided by a third party that allows clients to access, store, and process data remotely through an internet connection. Cloud-based servers can provide multiple clients with access to unlimited storage and processing capabilities but may pose greater cybersecurity risks than secure local area network servers (LANs).
A collection of commands for a computer or computerized system. Codes use different combinations of letters, numbers, and symbols, which a computer interprets and presents as a program, website, or other application.
CD. A thin, circular, removable data storage format that reads and writes optical data. Compact discs were often used to store data for manufacturing, such as CNC part programs, but are less common today.
A type of hacker who uses computer coding and other skills to carry out illegal activities, such as stealing sensitive data or disabling digital technology. Criminal hackers, or black hat hackers, may include nation-states, foreign or domestic groups, or individuals seeking financial or political gain.
critical infrastructure sectors
Physical or virtual assets that are essential to the security, well-being, and sustainability of the United States. Presidential Policy Directive 21 identifies 16 critical infrastructure sectors in the U.S.
An effort to disrupt, disable, or gain illegal access to a digital device or network. Cyber attacks include hacking, phishing, and installing malware.
Any potential event or attack that could access or damage computers or digital networks. Cyber threats may include inadvertent events or malicious attacks from hackers.
CPS. One or more hardware devices that link physical components and processes with interconnected digital components and processes. Cyber-physical systems are used in Industry 4.0 to monitor and control physical components using digitally automated technology.
Protection against criminal or unauthorized access to computer networks, programs, and data. Cybersecurity has become a major industrial concern as networking and connectivity have increased.
Cybersecurity and Infrastructure Security Agency
CISA. A government agency under the U.S. Department of Homeland Security established in 2018. The Cybersecurity and Infrastructure Security Agency combines the efforts of various cybersecurity organizations, including the U.S Computer Emergency Response Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Cybersecurity Evaluation Tool
CSET. A downloadable ICS-CERT software tool that helps industrial firms evaluate their cybersecurity infrastructure. The Cybersecurity Evaluation Tool helps users build visual tools based on cybersecurity analysis to enhance understanding.
A service that organizations can purchase in order to protect against losses in the event of a cyber attack. Cybersecurity insurance can cover penalties, fines, and other costs that are incurred in a cyber attack.
The process of transforming data into another form that can only be accessed using a decryption key. Data encryption protects data when it moves from a trusted to an untrusted area, but hackers also use data encryption in ransomware attacks to block users out of their own system files and applications.
Department of Homeland Security
DHS. A federal agency of the United States government that oversees matters of public and national security. The U.S. Department of Homeland Security works alongside private- and public-sector partners to strengthen cybersecurity standards in the U.S.
Consisting of information that is input or output electronically as a series of pulses or signals, often resulting in binary strings of 0s and 1s. Digital computing devices interpret various programming commands as binary digits.
Stored within a particular file or web document. Embedded links often contain media files but may also potentially contain malware.
A person who uses computer coding and other skills to expose system vulnerabilities. Ethical hackers, or white hat hackers, help organizations improve cybersecurity by addressing vulnerabilities to prevent criminal hackers from exploiting them.
A rectangular, plastic device that stores programs and computer information magnetically. Standard removable floppy disks hold only 1.44 MB of data and are considered obsolete.
Access to files on a digital system granted to all users within a group defined on that system. Group permissions are typically determined based on a user's role or position within the organization.
A person who uses computer coding and other skills to access a computer, device, or network by exploiting system vulnerabilities. Hackers may be classified based on level of skill and whether or not they act with criminal intent.
Gaining access to a computer, device, or network by exploiting system vulnerabilities. Hacking is generally an illegal activity.
The physical equipment used in a computer system. IIoT hardware includes sensors, wireless routers, and computing devices.
Industrial Control Systems Cyber Emergency Response Team. A previously independent government cybersecurity organization that now functions as part of the Cybersecurity and Infrastructure Security Agency. The Industrial Control Systems Cyber Emergency Response Team provides resources to help manufacturers evaluate the effectiveness of their cybersecurity systems and develop processes and strategies to improve protection of digital assets.
Industrial Internet of Things. A network of physical devices used in manufacturing that contain computing systems that allow them to send and receive data. The IIoT allows devices to exchange data and automate processes without any human intervention.
Industrial Internet of Things
IIoT. A network of physical devices used in manufacturing that contain computing systems that allow them to send and receive data. The Industrial Internet of Things allows devices to exchange data and automate processes without any human intervention.
The third major phase of manufacturing development that began in the late 1970s. Industry 3.0 revolutionized machine manufacturing by introducing microcomputers and developing advanced software applications.
A stage in manufacturing that uses connected devices and digital technologies. Industry 4.0 uses automation and data exchange to achieve advancements in a variety of industries.
local area network servers
LAN servers. A computer or program that manages networking functions for a variety of devices within a single geographical location. Local area network servers store, process, and transfer information between other devices connected to the local network.
The process that enables a digital system to analyze data in order to build predictive models and make decisions autonomously. Machine learning is a key benefit of Industry 4.0.
macro programming language
A programming language used to execute specific commands within a program or application. Macro programming languages can be used by viruses to run undesired commands.
A type of computer virus that executes malicious or undesired commands within a program by mimicking its macro programming language. Macro viruses are often executed when a user runs a specific program.
Any malicious code or software that can potentially harm a computer, device, or network, or retrieve data from the network or device without authorization. Malware often exists undetected on systems for extended periods of time.
The portion of a computer where data is stored. Memory storage can be built into the central processing unit of a computing device or can be in the form of a removable device.
National Institute of Standards and Technology
NIST. A non-regulatory federal agency within the U.S. Department of Commerce. The National Institute of Standards and Technology is a primary resource for developing cybersecurity standards and protocols.
OS. The software on a computer that allows files to be created and organized, manages the interaction of different programs, holds data in memory, and performs other functions. In short, the operating system runs the computer.
A series of characters known only by authorized users that allows the users to access an otherwise locked digital system. Passwords effectively prevent unauthorized access as long as they are not shared or discovered by unauthorized users.
A type of social engineering tactic often employed by hackers that uses electronic communications intended to trick users into providing information or downloading malware. Phishing attacks are usually conducted via email messaging.
A web browser window that opens automatically rather than being opened by a user. Popup windows may sometimes open on certain websites to display ads or other content.
Presidential Policy Directive 21
PPD-21. A U.S. presidential directive issued in 2013 to address cybersecurity concerns. Presidential Policy Directive 21 calls for a unified effort across industries to improve the nation's cybersecurity infrastructure.
programmable logic controllers
PLCs. A processor-driven device that uses logic-based software to provide electrical control to a machine or process. Programmable logic controllers are used in factory automation.
A type of malware that uses data encryption to restrict access to files on a system. Ransomware attacks usually demand some form of payment in order for the user to regain access to the encrypted files.
A field of technology that is focused on programmable mechanical devices. Robotics enable the work of a person to be done by a robot with a higher degree of accuracy.
A software fix that corrects coding flaws or improves vulnerabilities. Security patches are often included with software updates.
A device equipped with software that can process digital signals as data, monitor processes, and control mechanisms without human interaction. Smart actuators are more advanced than normal digital actuators since they can process data internally rather than simply sending digital signals to an external system to be processed.
A device equipped with software that can detect physical inputs, process them as data, and output digital signals. Smart sensors are more advanced than normal digital sensors since they can process data internally rather than simply sending digital signals to an external system to be processed.
A computing device that can send and receive data without human intervention. Smart technology generally requires internet connectivity to enable data processing.
The instructions, formulas, and operations that structure the actions of a computer. Software often consists of a computer program or application.
The latest version of a software package that is typically installed through an internet connection. Software updates often include security patches that address vulnerabilities found in earlier versions of the software.
A type of malware that can collect data from a system without authorization once installed. Spyware is often installed using a worm or virus.
A type of malware that poses as another trusted software application. Trojans do not make copies and must instead be run by a user in order to function.
universal serial bus
USB. A connection port on computers that is compatible with many different types of devices, such as memory cards and printers. Universal serial bus devices can be used to store malicious software and transfer it to another device.
A type of malware that copies itself onto a computer or device by attaching to existing code. Viruses must be transferred by a user in order to spread to other systems.
A flaw within an operating system, application, or hardware. System vulnerabilities can be leveraged by hackers to make a system behave in unintended ways.
A program used to access and navigate the internet. Web browser software can potentially be hacked or infected with malware.
web scripting virus
A type of computer virus coded into links or other components of a website that can infect a user's system when clicked. Web scripting viruses are sometimes coded into legitimate, trusted websites by hackers.
white hat hackers
A person who uses computer coding and other skills to expose system vulnerabilities. White hat hackers, or ethical hackers, help organizations improve cybersecurity by addressing vulnerabilities to prevent criminal hackers from exploiting them.
Wireless network. A network that uses radio waves instead of copper or fiber optic cable. In WiFi, devices transmit a radio signal through an antenna.
WiFi. A network that uses radio waves instead of copper or fiber optic cable. In wireless networks, devices transmit a radio signal through an antenna.
A type of malware that can copy itself onto multiple computers or devices within a network. Worms can spread to other systems without human interaction.