Cybersecurity for Manufacturing: Hacking Overview 201
Cybersecurity for Manufacturing: Hacking Overview 201 explores the various types of hackers, some common hacking methods, and strategies for defending against hacking. Hackers are generally classified based on their level of skill and their motivations for hacking. Highly skilled criminal hackers develop malware designed to harm digital systems, while less-skilled hackers may look for ways to use existing malware. Skilled ethical hackers work to correct cybersecurity vulnerabilities in digital systems to protect them from criminal hackers.
Criminal hackers present a threat for manufacturers as they can attack digital systems in a variety of ways. This threat grows more complex as manufacturers adopt smart devices enabled by the Industrial Internet of Things (IIoT) and exchange more data across digital networks. After taking this class, users will better understand the cyber threats posed by hackers as well as the tools and strategies to defend against these threats.
Number of Lessons 10
- Introduction to Hacking
- Evolution of Criminal Hacking
- Types of Hackers
- Hacking Strategies: Active Attacks
- Hacking Strategies: Passive Attacks
- Review: Hacking Introduction
- Criminal Hacking and Malware
- Common Hacking Methods: Clickjacking and Cookie Theft
- Defending Against Criminal Hacking
- Review: Hacking Methods and Prevention
- Describe hacking and the risk it poses to smart manufacturing.
- Describe the history of criminal hacking.
- Distinguish between different types of hackers.
- Describe various active attack strategies used by criminal hackers.
- Describe eavesdropping tactics used by criminal hackers to passively monitor digital systems.
- Describe how criminal hackers use malware to illegally access systems.
- Distinguish between clickjacking and cookie theft.
- Describe strategies for protecting against criminal hacking.
A cyber attack method in which a hacker directly alters the functionality of one or more digital systems. Active attacks are easier to detect than passive attacks.
Permission to access and modify critical files, applications, and settings on a digital system. Administrative privileges are typically protected by a password.
A character that is either a letter or a number. Alphanumeric commands are translated into binary digits by computing systems.
Security software that protects against various types of malware. Many anti-malware products protect against the latest malware and may not include protection against some older malware types.
Security software that protects against common viruses, worms, trojans, and other known malware threats. Antivirus software must recognize a threat in order to protect against it.
A numbering system that uses two digits, 0 and 1, arranged in a series of columns to represent all numerical quantities. A binary digit is the smallest unit of information on a computing device.
black hat hacker
A type of hacker who uses computer coding and other skills to carry out illegal activities, such as stealing sensitive data or disabling digital technology. Black hat hackers, or criminal hackers, may include nation-states, foreign or domestic groups, or individuals seeking financial or political gain.
blue hat hackers
An unskilled hacker who aims to take down a very specific target, typically to get revenge on an individual or an organization. Blue hat hackers are often disgruntled employees or people who feel they have been wronged by the target.
A continuous period during which a person uses web browsing software to carry out activities on the internet. Browsing sessions create data, or cookies, that are typically stored by the web browser on the user's computer and can contain sensitive information.
brute force attacks
A type of active cyber attack in which a hacker attempts to break into a secured digital system by guessing passwords, encryption keys, or other ways of unlocking the system. Brute force attacks are difficult or impossible to carry out on most up-to-date systems without malware tools.
Chief Information Security Officer
CISO. An individual responsible for developing and monitoring cybersecurity tools and strategies to protect digital assets. The Chief Information Security Officer understands the tactics of criminal hackers and typically hires, trains, and manages cybersecurity personnel to defend against them.
An attack in which a hacker tricks an internet user into clicking on hidden browser links unintentionally. Clickjacking, or user interface redress (UI redress), attacks are often carried out using fake webpages with uniform resource locators (URLs) that are designed to look like those of legitimate webpages.
CD. A thin, circular, removable data storage device that reads and writes optical data. Compact discs were often used to store data for manufacturing, such as CNC part programs, but are less common today.
A collection of instructions written in a computer programming language that a computing device can translate into readable data. Computer code uses different combinations of letters, numbers, and symbols, which a computer interprets and presents as a program, website, or other application.
Computer Fraud and Abuse Act
CFAA. A United States federal law that makes accessing a computing system without authorization a criminal act. The Computer Fraud and Abuse Act was enacted in 1986 and has been amended several times in order to further define criminal actions under the law.
A person who codes digital commands into a computing device. Computer programmers use various computer programming languages that tell a device what actions to perform.
Software designed using computer coding to carry out specific functions on traditional computing devices. Computer programs can be infected with malware and must be updated regularly.
An attack during which a hacker captures a user's internet browsing, or cookie, data without the user's knowledge. Cookie theft can be carried out with both active and passive attack strategies.
Data created during an internet browsing session that is stored by a web browser on a user's computer. Cookies often contain usernames, passwords, or other sensitive data.
copyright protection software
A series of computer coding commands that restrict how users can use a software product. Some copyright protection software only allows users to install and use software products on a single device.
A type of hacker who uses computer coding and other skills to carry out illegal activities, such as stealing sensitive data or disabling digital technology. Criminal hackers, or black hat hackers, may include nation-states, foreign or domestic groups, or individuals seeking financial or political gain.
XSS. An attack in which a hacker inserts malicious code into a vulnerable website so the code is read and executed by another user's browser software. Cross-site scripting attacks are typically used to steal a user's cookie data.
Any potential event or attack that could access or damage computers or digital networks. Cyber threats may include inadvertent events or malicious attacks from hackers.
Protection against criminal or unauthorized access to computer networks, programs, and data. Cybersecurity has become a major industrial concern as networking and interconnectivity have increased.
The process of transforming data into another form that can only be accessed using a decryption key. Data encryption protects data when it moves from a trusted to an untrusted area, but hackers also use data encryption in ransomware attacks to block users out of their own system files and applications.
Making data stored on a digital device available to other devices through a network connection. Data sharing features on IIoT devices can potentially expose the device or the network to cyber attacks.
Pre-configured features, options, or functions on a digital device that are set up by the manufacturer. Some default settings may increase cybersecurity risks.
Consisting of information that is input or output electronically as a series of pulses or signals, often resulting in binary strings of 0s and 1s. Digital computing devices interpret various programming commands as binary digits.
A cyber attack method in which a hacker secretly observes and records data exchanged between digital systems across a network without affecting or altering system functionality. Eavesdropping, which is sometimes referred to as a passive attack, is often carried out by hackers using public WiFi to steal sensitive data.
A type of hacker who uses computer coding and other skills to expose system vulnerabilities. Ethical hackers, or white hat hackers, help organizations improve cybersecurity by addressing vulnerabilities to prevent criminal hackers from exploiting them.
external storage device
A digital device that can connect to and copy data files from other devices and systems. External storage devices, such as external hard drives, help prevent important information on data files from being erased or lost due to damage.
A software program or hardware device that allows intended internet communications over a network while blocking access to unauthorized users or websites. Firewall software can be installed on a digital system like other software packages.
A rectangular, plastic device that stores programs and computer information magnetically. Standard removable floppy disks hold only 1.44 megabytes (MB) of data and are considered obsolete.
gray hat hacker
A type of hacker who uses computer coding and other skills to discover system vulnerabilities without malicious intent. Some gray hat hackers may offer to fix vulnerabilities for a fee.
green hat hackers
An unskilled hacker motivated by a desire to learn and improve hacking skills and strategies. Green hat hackers look to more skilled hackers for guidance.
A person who uses computer coding and other skills to access a computer, device, or network by exploiting system vulnerabilities. Hackers may be classified based on level of skill and whether or not they act with criminal intent.
Gaining access to a computer, device, or network by exploiting system vulnerabilities. Hacking may be conducted for ethical or malicious reasons.
The practice of illegally accessing or manipulating digital systems for the sake of progressing a social or political cause. Hacktivism is often carried out by hacker groups.
Hypertext Transfer Protocol
HTTP. An internet protocol used by early websites that exchanges unencrypted data over the internet. Websites using the dated Hypertext Transfer Protocol are not considered secure.
Hypertext Transfer Protocol Secure
HTTPS. An internet protocol used by most legitimate websites that encrypts data before exchanging it over the internet. Hypertext Transfer Protocol Secure provides a more secure way to exchange sensitive data.
The intentional and deceptive use of another person's personal information to carry out illegal actions. Identity fraud may include credit card fraud, tax fraud, or other fraudulent actions.
Industrial Internet of Things. A network of physical devices used in manufacturing that contain computing systems. The IIoT allows devices to exchange data and automate processes without any human intervention.
Industrial Internet of Things
IIoT. A network of physical devices used in manufacturing that contain computing systems. The Industrial Internet of Things allows devices to exchange data and automate processes without any human intervention.
Any idea, creative expression, or knowledge that originated from, or is owned by, an individual or organization. Intellectual property is protected in the United States through patents, copyrights, and trademarks.
IP. A group of digital communication standards that allow computing devices to interpret and send digital information over the internet. The Internet Protocol was first developed as part of the Transmission Control Protocol (TCP), an early standard that enabled communication between computer networks.
Internet Protocol address
IP address. A unique numeric identifier for each node on a network. An Internet Protocol address is used to communicate with a device using an internet protocol.
Intrusion Detection and Prevention System
IPS. A hardware or software tool that can monitor activity on digital systems to detect cyber threats and take actions to prevent them. Intrusion Detection and Prevention Systems that utilize machine learning AI can help identify and prevent unknown threats.
A software or hardware tool that records keystrokes made by a user on a computer keyboard. Keyloggers are often used by criminal hackers to capture passwords or other sensitive information.
The process that enables a digital system to analyze data in order to build predictive models and make decisions autonomously. Machine learning is a key benefit of Industry 4.0.
Any malicious code or software that can potentially harm a computer, device, or network, or retrieve data from the network or device without authorization. Malware often exists undetected on systems for extended periods of time.
A cyber attack method in which a hacker secretly observes and records data exchanged between digital systems across a network without affecting or altering system functionality. A passive attack, which is sometimes referred to as eavesdropping, is often carried out by hackers using public WiFi to steal sensitive data.
A series of characters, known only by authorized users, that allow the users to access an otherwise locked digital system. Passwords effectively prevent unauthorized access as long as they are not shared or discovered by unauthorized users.
A security feature that uses a unique series of characters known only to authorized users to protect a digital system. Basic password protection can prevent unauthorized users from accessing a digital device or data stored on the device.
A social engineering tactic often employed by hackers that uses electronic communications intended to trick users into providing information or downloading malware. Phishing attacks are usually conducted via email messaging.
Belonging to a specific company that holds exclusive rights. Proprietary information can be used only with the permission of the owner.
red hat hacker
A type of hacker who uses computer coding and other skills to track activities of criminal hackers and take actions against them. Red hat hackers may use the same tactics as criminal hackers in attempt to disrupt or disable their systems.
An unskilled criminal hacker who uses malware or other tools created by skilled hackers to disrupt digital systems. Script kiddies may attempt to use phishing or other methods to carry out attacks.
secure web gateway
A hardware device that can monitor and direct network traffic and detect potential cyber threats. Secure web gateways can be configured to block both incoming and outgoing network traffic based on certain parameters and can even prohibit users on the network from conducting actions on their devices that violate specified cybersecurity policies.
A software fix that corrects coding flaws or improves vulnerabilities. Security patches are often included with software updates.
Any computer program designed to protect data privacy and prevent data loss or damage to a system or network. Security software can include antivirus, anti-malware, and firewall software.
Technologically integrated manufacturing that creates and uses data in real time to address the needs of the factory, supplier, and customer. Smart manufacturing is an advancement of traditional manufacturing automation.
A computing technology that can send and receive data without human intervention. Smart technology generally requires internet connectivity to enable data processing.
A type of active cyber attack in which hackers subtly try to gain access to a system by manipulating a human actor. Social engineering tactics often aim to influence human emotions to drive a desired action.
A type of malware that can collect data from a system without authorization once installed. Spyware is often installed using a worm or virus.
A type of malware that poses as another trusted software application. Trojans do not make copies and must instead be run by a user in order to function.
uniform resource locator
URL. An address to a website. Uniform Resource Locators display when the user hovers over a link to the page in most web browsers.
unsecured network connection
A type of internet connection that can usually be accessed by anyone in range and does not encrypt data exchanged across the connection. Unsecured network connections are usually used by public wireless networks (WiFi) but can also be used by private networks with no active password protection or security features.
user interface redress
UI redress. An attack in which a hacker tricks an internet user into clicking on hidden browser links unintentionally. A user interface redress, or clickjacking, attack is usually accomplished by first embedding the URL of an unprotected webpage on the hacker's webpage.
virtual private network
VPN. A secure, encrypted connection that extends a private network through the internet to allow users to connect to the network remotely. Virtual private networks are essential to keep data on a private network secure when accessing the data remotely, especially from a public internet connection.
A flaw within an operating system, application, or hardware. System vulnerabilities can be leveraged by hackers to make a system behave in unintended ways.
A program used to access and navigate the internet. Web browser software can potentially be hacked or infected with malware.
white hat hacker
A type of hacker who uses computer coding and other skills to expose system vulnerabilities. White hat hackers, or ethical hackers, help organizations improve cybersecurity by addressing vulnerabilities to prevent criminal hackers from exploiting them.
A network that uses radio waves instead of copper or fiber optic cable. In wireless networks, devices transmit a radio signal through an antenna.