When it comes to motorsports, the need for speed isn’t only on the racetrack. Engineers who support race teams also need to work at a breakneck pace to fix problems, and that’s something Aakhilesh Singhania relishes.

Singhania is a senior applications engineer at Bosch Engineering, in Novi, Mich. He develops and supports electronic control systems for hybrid race cars, which feature combustion engines and battery-powered electric motors.

Aakhilesh Singhania

Employer:

Bosch Engineering

Occupation:

Senior applications engineer

Education:

Bachelor’s degree in mechanical engineering, Manipal Institute of Technology, India; master’s degree in automotive engineering, University of Michigan, Ann Arbor

His vehicles compete in two iconic endurance races: the Rolex 24 at Daytona in Daytona Beach, Fla., and the 24 Hours of Le Mans in France. He splits his time between refining the underlying technology and providing trackside support on competition day. Given the relentless pace of the racing calendar and the intense time pressure when cars are on the track, the job is high octane. But Singhania says he wouldn’t have it any other way.

“I’ve done jobs where the work gets repetitive and mundane,” he says. “Here, I’m constantly challenged. Every second counts, and you have to be very quick at making decisions.”

An Early Interest in Motorsports

Growing up in Kolkata, India, Singhania picked up a fascination with automobiles from his father, a car enthusiast.

In 2010, when Singhania began his mechanical engineering studies at India’s Manipal Institute of Technology, he got involved in the Formula Student program, an international engineering competition that challenges teams of university students to design, build, and drive a small race car. The cars typically weigh less than 250 kilograms and can have an engine no larger than 710 cubic centimeters.

“It really hooked me,” he says. “I devoted a lot of my spare time to the program, and the experience really motivated me to dive further into motorsports.”

One incident in particular shaped Singhania’s career trajectory. In 2013, he was leading Manipal’s Formula Student team and was one of the drivers for a competition in Germany. When he tried to start the vehicle, smoke poured out of the battery, and the team had to pull out of the race.

“I asked myself what I could have done differently,” he says. “It was my lack of knowledge of the electrical system of the car that was the problem.” So, he decided to get more experience and education.

Learning About Automotive Electronics

After graduating in 2014, Singhania began working on engine development for Indian car manufacturer Tata Motors in Pune. In 2016, determined to fill the gaps in his knowledge about automotive electronics, he left India to begin a master’s degree program in automotive engineering at the University of Michigan in Ann Arbor.

He took courses in battery management, hybrid controls, and control-system theory, parlaying this background into an internship with Bosch in 2017. After graduation in 2018, he joined Bosch full-time as a calibration engineer, developing technology for hybrid and electric vehicles.

Transitioning into motorsports required perseverance, Singhania says. He became friendly with the Bosch team that worked on electronics for race cars. Then in 2020 he got his big break.

That year, the U.S.-based International Motor Sports Association and the France-based Automobile Club de l’Ouest created standardized rules to allow the same hybrid race cars to compete in both the Sportscar Championship in North America, host of the famous Daytona race, and the global World Endurance Championship, host of Le Mans.

The Bosch motorsports team began preparing a proposal to provide the standardized hybrid system. Singhania, whose job already included creating simulations of how vehicles could be electrified, volunteered to help.

“I’m constantly challenged. Every second counts, and you have to be very quick at making decisions.”

The competition organizers selected Bosch as lead developer of the hybrid system that would be provided to all teams. Bosch engineers would also be required to test the hardware they supplied to each team to ensure none had an advantage.

“The performance of all our parts in all the cars has to fall within 1 percent of each other,” Singhania says.

After Bosch won the contract, Singhania officially became a motorsports calibration engineer, responsible for tweaking the software to fit the idiosyncrasies of each vehicle.

In 2022 he stepped up to his current role: developing software for the hybrid control unit (HCU), which is essentially the brains of the vehicle. The HCU helps coordinate all of the different subsystems such as the engine, battery, and electric motor and is responsible for balancing power requirements among these different components to maximize performance and lifetime.

Bosch’s engineers also designed software known as an equity model, which runs on the HCU. It is based on historical data collected from the operation of the hybrid systems’ various components, and controls their performance in real time to ensure all the teams’ hardware operates at the same level.

In addition, Singhania creates simulations of the race cars, which are used to better understand how the different components interact and how altering their configuration would affect performance.

Troubleshooting Problems on Race Day

Technology development is only part of Singhania’s job. On race days, he works as a support engineer, helping troubleshoot problems with the hybrid system as they crop up. Singhania and his colleagues monitor each team’s hardware using computers on Bosch’s race-day trailer, a mobile nerve center hardwired to the organizers’ control center on the race track.

“We are continuously looking at all the telemetry data coming from the hybrid system and analyzing [the system’s] health and performance,” he says.

If the Bosch engineers spot an issue or a team notifies them of a problem, they rush to the pit stall to retrieve a USB stick from the vehicle, which contains detailed data to help them diagnose and fix the issue.

After the race, the Bosch engineers analyze the telemetry data to identify ways to boost the standardized hybrid system’s performance for all the teams. In motorsports, where the difference between winning and losing can come down to fractions of a second, that kind of continual improvement is crucial.

Customers “put lots of money into this program, and they are there to win,” Singhania says.

Breaking Into Motorsports Engineering

Many engineers dream about working in the fast-paced and exciting world of motorsports, but it’s not easy breaking in. The biggest lesson Singhania learned is that if you don’t ask, you don’t get invited.

“Keep pursuing them because nobody’s going to come to you with an offer,” he says. “You have to keep talking to people and be ready when the opportunity presents itself.”

Demonstrating that you have experience contributing to challenging projects is a big help. Many of the engineers Bosch hires have been involved in Formula Student or similar automotive-engineering programs, such as the EcoCAR EV Challenge, says Singhania.

The job isn’t for everyone, though, he says. It’s demanding and requires a lot of travel and working on weekends during race season. But if you thrive under pressure and have a knack for problem solving, there are few more exciting careers.

HMIs (Human Machine Interfaces) can be broadly defined as just about anything that allows humans to interface with their machines, and so are found throughout the technical world. In OT environments, operators use various HMIs to interact with industrial control systems in order to direct and monitor the operational systems. And wherever humans and machines intersect, security problems can ensue.

Protecting HMI in cybersecurity plans, particularly in OT/ICS environments, can be a challenge, as HMIs offer a variety of vulnerabilities that threat actors can exploit to achieve any number of goals, from extortion to sabotage.

Consider the sort of OT environments HMIs are found in, including water and power utilities, manufacturing facilities, chemical production, oil and gas infrastructure, smart buildings, hospitals, and more. The HMIs in these environments offer bad actors a range of attack vectors through which they can enter and begin to wreak havoc, either financial, physical, or both.

What’s the relationship between HMI and SCADA?

SCADA (supervisory control and data acquisition) systems are used to acquire and analyze data and control industrial systems. Because of the role SCADA plays in these settings — generally overseeing the control of hugely complex, expensive, and dangerous-if-misused industrial equipment, processes, and facilities — they are extremely attractive to threat actors.

Unfortunately, the HMIs that operators use to interface with these systems may contain a number of vulnerabilities that are among the most highly exploitable and frequently breached vectors for attacks against SCADA systems.

Once an attacker gains access, they can seize from operators the ability to control the system. They can cause machinery to malfunction and suffer irreparable damage; they can taint products, steal information, and extort ransom. Even beyond ransom demands, the cost of production stoppages, lost sales, equipment replacement, and reputational damage can swallow some companies and create shortages in the market. Attacks can also cause equipment to perform in ways that threaten human life and safety.

Three types of HMIs in ICS that are vulnerable to attack

HMI security has to account for a range of “vulnerability options” available for exploitation by bad actors, such as keyboards, touch screens, and tablets, as well as more sophisticated interface points. Among the more frequently attacked are the Graphical User Interface and mobile and remote access.

Graphical User Interface

Attackers can use the Graphical User Interface or GUI to gain complete access to the system and manipulate it at will. They can often gain access by exploiting misconfigured access controls or bugs and other vulnerabilities that exist in a lot of software, including GUI software. If the system is web- or network-connected, their work is easier, especially if introducing malware is a goal. Once in, they can also move laterally, exploring or compromising interconnected systems and widening the attack.

Mobile and remote access

Even before COVID-19, mobile and remote access techniques were already being incorporated into managing a growing number of OT networks. When the pandemic hit hard, remote access often became a necessity. As the crisis faded, however, mobile and remote access became even more entrenched.

Remote access points are especially vulnerable. For one, remote access software can contain its own security vulnerabilities, like unpatched flaws and bugs or misconfigurations. Attackers may find openings in VPNs (virtual private networks) or RDP (remote desktop protocol) and use these holes to slip past security measures and carry out their mission.

Access controls

Attackers can compromise access control mechanisms to acquire the same permissions and privileges as authorized users, and once they gain access, they can do pretty much anything they want regarding system operations and data access. Access can be gained in many of the usual ways, such as an outdated VPN or stolen or purchased credentials. (Stolen or other credentials are readily available through online markets.)

The initial attack may just be a toe in the network while reconnaissance for holes in the access control system is conducted. Weak passwords, unnecessary access rights, and the usual misconfigurations and software vulnerabilities are all an attacker needs. As further walls are breached, attackers can then escalate their level of privilege to do whatever a legitimate user can do.

Understanding attack techniques in ICS HMI cybersecurity

Code injection

When attackers insert or inject malicious code into a software program or system, that’s code injection, and it can give the attacker access to core system functions. The resulting mayhem can include manipulation of control software, leading to shutdowns, equipment damage, and dangerous, even life-threatening situations if system changes result in hazardous chemical releases, changed formulas, explosions, or the misbehavior of large, heavy machinery. Code injections can corrupt, delete, or steal data and may result in compliance failure and fines in certain situations.

Malware virus infection

Malware can enter a network through various access points in addition to HMIs, even ones no one would ever expect, such as manufacturer-provided software updates or factory-fresh physical assets added to the production environment. A technician connecting a laptop or an employee plugging in a flash drive without knowing it’s infected will work just as well. As the walls between IT and OT thin, that attack surface widens as well. Once in the network, the attacker can escalate privileges, look around a bit, and see what’s worth doing or stealing. When enough has been learned, the attacker executes the malicious code, which can include ransomware or spyware. As in other attacks, operations can be interfered with, sometimes dangerously so.

Data tampering

Data tampering simply means that data is altered without authorization, including data used to operate, control, and monitor industrial systems. Attackers gain access through vulnerabilities in the system software or HMI devices or through passageways between IT and OT. Once in, they can explore the system to give themselves even greater access to more sensitive areas, where they can steal valuable and confidential system data, interrupt operations, compromise equipment, and damage the company’s business interests and competitive advantage.

Memory corruption

Memory corruption can happen in any computer network and may not represent anything nefarious. Yet memory corruption has also been used as an attack technique that can be deployed against OT networks and is thus potentially extremely damaging since data controls machinery, processes, formulas, and other essential functions. Attackers find software vulnerabilities in HMI or other access points through which the memory of an application or system can be reached and corrupted. This can lead to crashes, data leakage, denial of services (DoS), and even attacker takeovers of ICS and SCADA systems.

Spear phishing

Spear phishing attacks are generally launched against IT networks, which can then be used to open a corridor to the OT network. Spear phishing is basically a more targeted version of phishing attacks, in which an attacker will impersonate a legitimate, trusted source via email or web page, for example. In 2014, attackers targeted a German steel mill with an email suspected of carrying malicious code. They then used access to the business network to get to the SCADA/ICS network, where they modified the PLCs (programmable logic controllers) and took over the furnace’s operations. The physical damage they inflicted forced the plant to shut down.

DoS and DDoS attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) work by overwhelming HMI points with excessive traffic or requests so they are unable to handle authorized control and monitoring functions. In 2016, some particularly vicious malware dubbed Industroyer (also Crashoveride) was deployed in an attack against Ukraine’s power grid and blacked out a substantial section of Kyiv. Industroyer was developed specifically to attack ICS and SCADA systems. The multipronged attack began by exploiting vulnerabilities in digital substation relays. A timer regulating the attack executed a distributed denial-of-service (DDoS) attack on every protection relay on the network that used any of four specific communication protocols. Simultaneously, it deleted all MicroSCADA-related files from the workstations’ hard drives. As the relays stopped functioning, lights went out across the city.

Exploiting remote access

The growing use of remote access to HMI systems during and after COVID-19 has provided threat actors with a wealth of newly available attack vectors. Less-than-airtight remote access security protocols make them very enticing for ICS-specific malware. HAVEX malware, for example, uses a remote access trojan (RAT) downloaded from OT vendor websites. The RAT can then scan for devices on the ports commonly used OT assets, collect information, and send it back to the attacker’s command and control server. A long-term attack used just such a method to gain remote access to energy networks in the U.S. and internationally, during which data thieves collected and “exfiltrated” (stole) enterprise and ICS-related data.

Credential theft

Obtaining unauthorized credentials is not all that difficult these days, with a robust online marketplace making it easier than ever. Phishing and spear phishing, malware, weak passwords, and vulnerabilities or misconfigurations that grant access to places where unencrypted credentials are all sources. With credentials in hand, attackers can move past security, including MFA (multifactor authentication), conduct reconnaissance, and give themselves whatever level of privilege they need to complete whatever their mission is. Or they simply persist and observe, learning all they can before finally acting against the ICS or SCADA system.

Zero-day attacks

Zero-day attacks got their name because they’re generally carried out against a previously existing yet unknown vulnerability; the vendor has zero days to fix it because the attack is already underway. Vulnerabilities that are completely unknown to either the software developer or the cybersecurity community exist throughout the software world, including in OT networks and their HMIs. Unsuspected and thus unpatched, they give fast-moving threat actors the opportunity to carry out a zero-day attack without resistance. The 2010 Stuxnet attack against Iran’s nuclear program used zero-day vulnerabilities in Windows to access the network and spread, eventually destroying the centrifuges. One thousand machines sustained physical damage.

Best practices for enhancing HMI security

Network segmentation for isolation

Network segmentation should be a core defense in securing industrial networks. Segmentation creates an environment that’s naturally resistant to intruders. Many of the attack techniques described above give attackers the ability to move laterally through the network. Segmenting the network prevents this lateral movement, limiting the attack radius and potential for damage. As OT networks become more connected to the world and the line between IT and OT continues to blur, network segmentation can segregate HMI systems from other parts of the network and the outside world. It can also segment defined zones within the OT network from each other so attacks can be contained.

Software and firmware updates

Software and firmware updates are recommended in all cybersecurity situations, but installing patches and updates in OT networks is easier said than done. OT networks prioritize continuous operations. There are compatibility issues, unpatchable legacy systems, and other roadblocks. The solution is virtual patching. Virtual patching is achieved by identifying all vulnerabilities within an OT network and applying a security mechanism such as a physical IPS (intrusion prevention system) or firewall. Rules are created, traffic is inspected and filtered, and attacks can be blocked and investigated.

Employee training on cybersecurity awareness

The more employees know about network operations, vulnerabilities, and cyberattack methods, the more they can do to help protect the network. Since few organizations have the internal staff to provide the necessary training, third-party training partners can be a viable solution. In any event, all employees should be trained in a company’s written policies, the general threat landscape, security best practices, how to handle physical assets like flash drives or laptops, how to recognize an attack, and what the company’s response protocol is. Specific training should be provided for employees who work remotely.

The evolving HMI security threat landscape

Concrete predictions about future threats and responses are hard to make, but the HMI security threat landscape will most likely evolve much the same way the entire security landscape will, with one major addition.

Air-gapped environments are going away

For a long time, many OT networks were air-gapped off from the world, physically and digitally isolated from the risks of contamination. Data and malware transfer alike required physical media, but inconvenience was safety. As OT networks continue to merge with the connected world, that kind of protection is going away. Remote work is becoming more prevalent, and the very connected IoT (Internet of Things) is now all over the automated factory floor. If wireless access points are left hanging from equipment, no one gives it a thought, except threat actors looking for a way in. (This is where basic employee training might help.)

Threat actors are innovators

Threat actors are becoming increasingly sophisticated. They devote much more time and thought to innovative ways to penetrate HMI and other OT network points than the people who operate them. AI and machine learning techniques are further empowering bad actors.

The statistics bear this out, especially as IT and OT networks continue to converge. In a study on 2023 OT/ICS cybersecurity activities, 76% of organizations were moving toward converged networks, and 97% reported IT security incidents also affected OT environments. Nearly half (47%) of businesses reported OT/ICS ransomware attacks, and 76% had significant concerns about state-sponsored actors.

On the positive side, however, pressure from regulators, insurance companies, and boards of directors is pushing organizations to think and act on cybersecurity for HMI points and throughout the network far more aggressively than many currently do. According to the study, 68% of organizations were increasing their budgets, 38% had dedicated OT security teams, and 77% had achieved a level-3 maturity in OT/ICS security.

Complete OT security

Cybersecurity in industrial environments presents challenges far different than those in IT networks. TXOne specializes in OT cybersecurity, with OT-native solutions designed for the equipment, environment, and day-to-day realities of industrial settings.

The post Enhancing HMI Security: How To Protect ICS Environments From Cyber Threats appeared first on Semiconductor Engineering.

HMIs (Human Machine Interfaces) can be broadly defined as just about anything that allows humans to interface with their machines, and so are found throughout the technical world. In OT environments, operators use various HMIs to interact with industrial control systems in order to direct and monitor the operational systems. And wherever humans and machines intersect, security problems can ensue.

Protecting HMI in cybersecurity plans, particularly in OT/ICS environments, can be a challenge, as HMIs offer a variety of vulnerabilities that threat actors can exploit to achieve any number of goals, from extortion to sabotage.

Consider the sort of OT environments HMIs are found in, including water and power utilities, manufacturing facilities, chemical production, oil and gas infrastructure, smart buildings, hospitals, and more. The HMIs in these environments offer bad actors a range of attack vectors through which they can enter and begin to wreak havoc, either financial, physical, or both.

What’s the relationship between HMI and SCADA?

SCADA (supervisory control and data acquisition) systems are used to acquire and analyze data and control industrial systems. Because of the role SCADA plays in these settings — generally overseeing the control of hugely complex, expensive, and dangerous-if-misused industrial equipment, processes, and facilities — they are extremely attractive to threat actors.

Unfortunately, the HMIs that operators use to interface with these systems may contain a number of vulnerabilities that are among the most highly exploitable and frequently breached vectors for attacks against SCADA systems.

Once an attacker gains access, they can seize from operators the ability to control the system. They can cause machinery to malfunction and suffer irreparable damage; they can taint products, steal information, and extort ransom. Even beyond ransom demands, the cost of production stoppages, lost sales, equipment replacement, and reputational damage can swallow some companies and create shortages in the market. Attacks can also cause equipment to perform in ways that threaten human life and safety.

Three types of HMIs in ICS that are vulnerable to attack

HMI security has to account for a range of “vulnerability options” available for exploitation by bad actors, such as keyboards, touch screens, and tablets, as well as more sophisticated interface points. Among the more frequently attacked are the Graphical User Interface and mobile and remote access.

Graphical User Interface

Attackers can use the Graphical User Interface or GUI to gain complete access to the system and manipulate it at will. They can often gain access by exploiting misconfigured access controls or bugs and other vulnerabilities that exist in a lot of software, including GUI software. If the system is web- or network-connected, their work is easier, especially if introducing malware is a goal. Once in, they can also move laterally, exploring or compromising interconnected systems and widening the attack.

Mobile and remote access

Even before COVID-19, mobile and remote access techniques were already being incorporated into managing a growing number of OT networks. When the pandemic hit hard, remote access often became a necessity. As the crisis faded, however, mobile and remote access became even more entrenched.

Remote access points are especially vulnerable. For one, remote access software can contain its own security vulnerabilities, like unpatched flaws and bugs or misconfigurations. Attackers may find openings in VPNs (virtual private networks) or RDP (remote desktop protocol) and use these holes to slip past security measures and carry out their mission.

Access controls

Attackers can compromise access control mechanisms to acquire the same permissions and privileges as authorized users, and once they gain access, they can do pretty much anything they want regarding system operations and data access. Access can be gained in many of the usual ways, such as an outdated VPN or stolen or purchased credentials. (Stolen or other credentials are readily available through online markets.)

The initial attack may just be a toe in the network while reconnaissance for holes in the access control system is conducted. Weak passwords, unnecessary access rights, and the usual misconfigurations and software vulnerabilities are all an attacker needs. As further walls are breached, attackers can then escalate their level of privilege to do whatever a legitimate user can do.

Understanding attack techniques in ICS HMI cybersecurity

Code injection

When attackers insert or inject malicious code into a software program or system, that’s code injection, and it can give the attacker access to core system functions. The resulting mayhem can include manipulation of control software, leading to shutdowns, equipment damage, and dangerous, even life-threatening situations if system changes result in hazardous chemical releases, changed formulas, explosions, or the misbehavior of large, heavy machinery. Code injections can corrupt, delete, or steal data and may result in compliance failure and fines in certain situations.

Malware virus infection

Malware can enter a network through various access points in addition to HMIs, even ones no one would ever expect, such as manufacturer-provided software updates or factory-fresh physical assets added to the production environment. A technician connecting a laptop or an employee plugging in a flash drive without knowing it’s infected will work just as well. As the walls between IT and OT thin, that attack surface widens as well. Once in the network, the attacker can escalate privileges, look around a bit, and see what’s worth doing or stealing. When enough has been learned, the attacker executes the malicious code, which can include ransomware or spyware. As in other attacks, operations can be interfered with, sometimes dangerously so.

Data tampering

Data tampering simply means that data is altered without authorization, including data used to operate, control, and monitor industrial systems. Attackers gain access through vulnerabilities in the system software or HMI devices or through passageways between IT and OT. Once in, they can explore the system to give themselves even greater access to more sensitive areas, where they can steal valuable and confidential system data, interrupt operations, compromise equipment, and damage the company’s business interests and competitive advantage.

Memory corruption

Memory corruption can happen in any computer network and may not represent anything nefarious. Yet memory corruption has also been used as an attack technique that can be deployed against OT networks and is thus potentially extremely damaging since data controls machinery, processes, formulas, and other essential functions. Attackers find software vulnerabilities in HMI or other access points through which the memory of an application or system can be reached and corrupted. This can lead to crashes, data leakage, denial of services (DoS), and even attacker takeovers of ICS and SCADA systems.

Spear phishing

Spear phishing attacks are generally launched against IT networks, which can then be used to open a corridor to the OT network. Spear phishing is basically a more targeted version of phishing attacks, in which an attacker will impersonate a legitimate, trusted source via email or web page, for example. In 2014, attackers targeted a German steel mill with an email suspected of carrying malicious code. They then used access to the business network to get to the SCADA/ICS network, where they modified the PLCs (programmable logic controllers) and took over the furnace’s operations. The physical damage they inflicted forced the plant to shut down.

DoS and DDoS attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) work by overwhelming HMI points with excessive traffic or requests so they are unable to handle authorized control and monitoring functions. In 2016, some particularly vicious malware dubbed Industroyer (also Crashoveride) was deployed in an attack against Ukraine’s power grid and blacked out a substantial section of Kyiv. Industroyer was developed specifically to attack ICS and SCADA systems. The multipronged attack began by exploiting vulnerabilities in digital substation relays. A timer regulating the attack executed a distributed denial-of-service (DDoS) attack on every protection relay on the network that used any of four specific communication protocols. Simultaneously, it deleted all MicroSCADA-related files from the workstations’ hard drives. As the relays stopped functioning, lights went out across the city.

Exploiting remote access

The growing use of remote access to HMI systems during and after COVID-19 has provided threat actors with a wealth of newly available attack vectors. Less-than-airtight remote access security protocols make them very enticing for ICS-specific malware. HAVEX malware, for example, uses a remote access trojan (RAT) downloaded from OT vendor websites. The RAT can then scan for devices on the ports commonly used OT assets, collect information, and send it back to the attacker’s command and control server. A long-term attack used just such a method to gain remote access to energy networks in the U.S. and internationally, during which data thieves collected and “exfiltrated” (stole) enterprise and ICS-related data.

Credential theft

Obtaining unauthorized credentials is not all that difficult these days, with a robust online marketplace making it easier than ever. Phishing and spear phishing, malware, weak passwords, and vulnerabilities or misconfigurations that grant access to places where unencrypted credentials are all sources. With credentials in hand, attackers can move past security, including MFA (multifactor authentication), conduct reconnaissance, and give themselves whatever level of privilege they need to complete whatever their mission is. Or they simply persist and observe, learning all they can before finally acting against the ICS or SCADA system.

Zero-day attacks

Zero-day attacks got their name because they’re generally carried out against a previously existing yet unknown vulnerability; the vendor has zero days to fix it because the attack is already underway. Vulnerabilities that are completely unknown to either the software developer or the cybersecurity community exist throughout the software world, including in OT networks and their HMIs. Unsuspected and thus unpatched, they give fast-moving threat actors the opportunity to carry out a zero-day attack without resistance. The 2010 Stuxnet attack against Iran’s nuclear program used zero-day vulnerabilities in Windows to access the network and spread, eventually destroying the centrifuges. One thousand machines sustained physical damage.

Best practices for enhancing HMI security

Network segmentation for isolation

Network segmentation should be a core defense in securing industrial networks. Segmentation creates an environment that’s naturally resistant to intruders. Many of the attack techniques described above give attackers the ability to move laterally through the network. Segmenting the network prevents this lateral movement, limiting the attack radius and potential for damage. As OT networks become more connected to the world and the line between IT and OT continues to blur, network segmentation can segregate HMI systems from other parts of the network and the outside world. It can also segment defined zones within the OT network from each other so attacks can be contained.

Software and firmware updates

Software and firmware updates are recommended in all cybersecurity situations, but installing patches and updates in OT networks is easier said than done. OT networks prioritize continuous operations. There are compatibility issues, unpatchable legacy systems, and other roadblocks. The solution is virtual patching. Virtual patching is achieved by identifying all vulnerabilities within an OT network and applying a security mechanism such as a physical IPS (intrusion prevention system) or firewall. Rules are created, traffic is inspected and filtered, and attacks can be blocked and investigated.

Employee training on cybersecurity awareness

The more employees know about network operations, vulnerabilities, and cyberattack methods, the more they can do to help protect the network. Since few organizations have the internal staff to provide the necessary training, third-party training partners can be a viable solution. In any event, all employees should be trained in a company’s written policies, the general threat landscape, security best practices, how to handle physical assets like flash drives or laptops, how to recognize an attack, and what the company’s response protocol is. Specific training should be provided for employees who work remotely.

The evolving HMI security threat landscape

Concrete predictions about future threats and responses are hard to make, but the HMI security threat landscape will most likely evolve much the same way the entire security landscape will, with one major addition.

Air-gapped environments are going away

For a long time, many OT networks were air-gapped off from the world, physically and digitally isolated from the risks of contamination. Data and malware transfer alike required physical media, but inconvenience was safety. As OT networks continue to merge with the connected world, that kind of protection is going away. Remote work is becoming more prevalent, and the very connected IoT (Internet of Things) is now all over the automated factory floor. If wireless access points are left hanging from equipment, no one gives it a thought, except threat actors looking for a way in. (This is where basic employee training might help.)

Threat actors are innovators

Threat actors are becoming increasingly sophisticated. They devote much more time and thought to innovative ways to penetrate HMI and other OT network points than the people who operate them. AI and machine learning techniques are further empowering bad actors.

The statistics bear this out, especially as IT and OT networks continue to converge. In a study on 2023 OT/ICS cybersecurity activities, 76% of organizations were moving toward converged networks, and 97% reported IT security incidents also affected OT environments. Nearly half (47%) of businesses reported OT/ICS ransomware attacks, and 76% had significant concerns about state-sponsored actors.

On the positive side, however, pressure from regulators, insurance companies, and boards of directors is pushing organizations to think and act on cybersecurity for HMI points and throughout the network far more aggressively than many currently do. According to the study, 68% of organizations were increasing their budgets, 38% had dedicated OT security teams, and 77% had achieved a level-3 maturity in OT/ICS security.

Complete OT security

Cybersecurity in industrial environments presents challenges far different than those in IT networks. TXOne specializes in OT cybersecurity, with OT-native solutions designed for the equipment, environment, and day-to-day realities of industrial settings.

The post Enhancing HMI Security: How To Protect ICS Environments From Cyber Threats appeared first on Semiconductor Engineering.

Kingsley Fregene wants to keep people out of harm’s way—so much so that he has ordered his life around that fundamental goal. As director of technology integration at Lockheed Martin, in Grand Prairie, Texas, he leads a team that is actively pursuing breakthroughs designed to, among other things, allow life-saving missions to be performed in hazardous environments without putting humans at risk.

Fregene, an IEEE Fellow, has supervised the development of algorithms for autonomous aircraft used for military missions and disaster-recovery operations. He also contributed to algorithms enabling autonomous undersea vehicles to inspect offshore oil and gas platforms after hurricanes so that divers don’t have to.

Kingsley Fregene

Employer

Lockheed Martin in Grand Prairie, Texas

Title

Director of technology integration and intellectual property

Member grade

Fellow

Alma maters

Federal University of Technology in Owerri, Nigeria; University of Waterloo in Ontario, Canada

One of his recent projects was helping to design the world’s first autonomous unmanned aircraft system in which the entire vehicle—not just its rotors—spins. The micro air vehicle was inspired by the aerodynamics of maple seeds, whose twirling slows and prolongs their descent.

The benefits of unmanned aerial vehicles

In a major project more than a decade ago, Fregene and colleagues at Lockheed Martin teamed up with Kaman Aerospace of Bloomfield, Conn., on an unmanned version of its K-Max helicopter. The K-Max can ferry as much as 2,700 kilograms of cargo in a single trip. The Lockheed team created and implemented mission systems and control algorithms that augmented the control system already on the helicopter, enabling it to fly completely autonomously.

The U.S. Marine Corps used the autonomous K-Max helicopters for resupply missions in Afghanistan. It’s been estimated that those delivery flights made hundreds of ground-based convoy missions unnecessary, thereby sparing thousands of troops from being exposed to improvised explosive devices, land mines, and snipers.

The autonomous version of the K-Max also has been demonstrated in disaster-recovery operations. It offers the possibility of keeping humanitarian aid workers away from dangerous situations, as well as rescuing people trapped in disaster zones.

“It is often better to fly in lifesaving supplies instead of loading trucks with supplies to bring them along roads that might not be passable anymore,” Fregene says.

K-Max and one of Lockheed Martin’s small UAVs, the Indago, have been used to fight fires. Indago flies above structures engulfed in flames and maps out the hot zones, on which K-Max then drops flame retardant or water.

“This collaborative mission between two of our platforms means no firefighters are put in harm’s way,” Fregene says.

He and his team also helped in the development of the maple seed–inspired Samarai, the first autonomous wholly rotating unmanned aircraft system. The 41-centimeter-long drone weighs a mere 227 grams. It depends on an algorithm that tells an actuator when and how much to adjust the angle of a flap that determines its direction.

Compared with other aircraft, the spinning drone is simpler to produce, requires less maintenance, and is less complex to control because its only control surface is the trailing-edge flap.

IEEE Fellow Kingsley Fregene holds up the maple seed–inspired Samarai, the first autonomous wholly rotating unmanned aircraft system.Kingsley Fregene

Saving lives in Nigeria

Fregene’s aim to keep people safe started with his first after-school job, as a bus conductor, when he was in the sixth grade. As part of the job, in Oghara, Nigeria, then a small fishing village along the Niger River, he collected fares and directed passengers on and off the bus.

With no traffic cops or traffic lights, there often was chaos at major intersections. People would get injured, and he occasionally would get out and direct traffic.

“I, a little guy, stood out there with a bright orange shirt and started directing traffic,” he says. “It’s amazing that people paid attention and listened to me.”

Many youngsters are inspired to pursue engineering by fiddling with gadgets. Not Fregene.

“The circumstances of my childhood did not provide opportunities to get my hands on devices to tinker with,” he says. “What we had were a lot of opportunities to observe nature.”

The presence of oil and gas installations in his village, which is in the oil-producing part of Nigeria, led him to wonder how they worked and how they were remotely controlled. They didn’t remain mysterious for long.

While attending the Federal University of Technology in Owerri, Nigeria, he interned at the Nigerian National Petroleum Corp., which was installing those remote operating systems, calibrating them, and validating their operation.

After graduating first in his class in 1996 with a bachelor’s degree in electrical and computer engineering, he went on to graduate school at the University of Waterloo, in Ontario, Canada, where he researched autonomy and automatic control systems. While earning master’s and doctoral degrees, both in electrical and computer engineering, he found time to help those more needy than he was.

He joined a team of student volunteers who organized drop-in homework clubs and provided mentoring to at-risk grade school students in the community. The activity won him the university’s President’s Circle Award in 2001.

Thinking back on that time, Fregene recalls his interaction with one girl whose life he helped turn around.

“She was dragged kicking and screaming most of the time to complete these sessions,” Fregene recalls. “But she started believing in herself and what she could do. And everything changed. She ended up getting accepted to the University of Waterloo and became part of the UW tutor team I was leading.”

Fregene says his commitment to the tutoring and mentoring program came from having once been in need of academic assistance himself. Although he had excellent grades in history and language arts, he did poorly in mathematics and science. Things turned around for him in the ninth grade when a new teacher had a particular way of teaching math that “turned the light bulb on in my brain,” he says. “My grades took off right after he showed up.”

After completing his doctorate in 2002, he began working as an R&D engineer at a Honeywell Aerospace facility in Minneapolis. During six years there, he worked on the development of unmanned aerial vehicles including a drone that was used in remote sensing of chemical, biological, radiological, nuclear, and explosive hazards. The drone became the world’s first aerial robot used for nuclear disaster recovery when it flew inside the Fukushima Dai-ichi nuclear power plant in the aftermath of a 2011 tsunami that struck Japan and knocked out the plant’s power and cooling, causing meltdowns in three reactor cores.

At Honeywell he also worked on microelectromechanical systems, which are used in gyroscopes and inertial measurement units. Both MEMS tools, which are used to measure the angular motion of a body, can be found in cellphones. Fregene also worked on a control system to make corrections to the imperfections that diminished the MEMS sensors’ accuracy.

He left the company in 2008 to become lead engineer and scientist at the Lockheed Martin research facility in Cherry Hill, N.J.

IEEE membership has its benefits

Fregene became acquainted with IEEE as an undergrad by reading journals such as the IEEE Transactions on Automatic Control and the IEEE Control Systems magazine, for which he has served as guest editor.

He joined IEEE in grad school, and that decision has been paying dividends ever since, he says.

The connections he made through the organization helped him land internships at leading laboratories, starting him on his career path. After meeting researchers at conferences or reading their papers in IEEE publications, he would send them notes introducing himself and indicating his interest in visiting the researcher’s lab and working there during the summer. The practice led to internships at Los Alamos National Laboratory, in New Mexico, and at the Oak Ridge National Laboratory, in Tennessee.

The IEEE connections helped him get his first job. While working on his master’s degree, he presented a paper at the 1999 IEEE International Symposium on Intelligent Control.

“After my presentation,” he says, “somebody from Honeywell came over and said, ‘That was a great presentation. By the way, these are the types of things we do at Honeywell. I think it would be a great place for you when you’re ready to start working.’”

Fregene remains active in IEEE. He’s on the editorial board of the IEEE Robotics and Automation Society, serves as an associate editor for the IEEE Robotics and Automation Magazine, and recently completed two terms as chair of the IEEE technical committee on aerospace controls.

IEEE “is the type of global organization that provides a forum for stellar researchers to communicate the work they are doing to colleagues,” he says, “and for setting standards that define real-life systems that are changing the world every day.”