Cybersecurity Threats and Attacks in Modern Manufacturing
2025-04-26 , Seminar Room 7

Modern manufacturing relies heavily on highly integrated IT systems. While various terms -- such as Industry 4.0, Cyber-Physical Production Systems, and the Industrial Internet of Things (IIoT) -- describe these systems, they all share a common characteristic: the fusion of enterprise software with sensors and actuators. This creates a complex IT landscape comprising devices with diverse computational capabilities, operating systems, and software versions. Additionally, many manufacturing environments must integrate legacy systems that were never designed to be connected to the internet, further complicating security efforts.

Beyond the inherent challenges of securing such heterogeneous environments, cyberattacks on manufacturing systems can have severe real-world consequences, extending beyond data breaches to physical disruptions and costly damages.

In this talk, I will first provide a brief introduction to modern manufacturing systems. I will then explore key cybersecurity threats, with a particular focus on attacks targeting process logic vulnerabilities that can be exploited by both external threat actors and insiders. As far as possible, identified threats will be illustrated by real world attacks. I will conclude the talk with a brief outlook on ongoing research developing tools to detect (and mitigate) cybersecurity threats in modern manufacturing.


URL:

https://logicalhacking.com

Spiciness Level:

1 - Complete beginner friendly. Suited to anyone including younger people, newbies, parents etc.

Organisation or Affiliation?:

University of Exeter

Achim is a Professor in Computer Science (Chair in Cybersecurity) and Head of the Cybersecurity Group at the University of Exeter, UK.

He has over 20 years of professional experience in cyber security in
general, and, in particular, in research and development of safety
and security critical systems. In his work, he particularly focuses
on techniques, methods, and tools for ensuring the safety, security,
correctness, and trustworthiness of advanced systems.

His industry experience includes being a Security Architect and
Security Testing Strategist for SAP SE. In this role, he defined the
risk-based security testing strategy of SAP that combines static,
dynamic, and interactive security testing methods and integrates
them deeply into SAP's Secure Software Development Life Cycle.

He is supporting security initiatives and events in the South West,
building bridges between industry, academia, and the local
community. Amongst others, he is a member of the SWCSC Steering
Committee and the BSides Exeter Steering Committee.