On reflecting upon the visit, Dr O’Mahony said, “This was an incredibly enjoyable week with my Cyber Skills colleagues at the Confirm SFI Research Centre for Smart Manufacturing. I thoroughly enjoyed getting the opportunity to pen-test some real-world OT equipment and develop a real-world representative IT/OT network using the Airbus Cyber Range. The week really showed what can be accomplished with the right physical and virtual infrastructure, some great teammates, a highlighted goal and some good fun. “

The main aim of the visit was to demonstrate a specific service that we offer – a cyber resilience assessment of real-world manufacturing equipment. Towards this goal, our team developed a representative Information Technology/Operational Technology (IT/OT) network, including example user, engineering and OT networks, DMZ, perimeter and internal firewalls, OT industry website and email system, using our Airbus Mobile Cyber Range. This state-of-the-art piece of equipment provides us with a secure environment to test cyber resilience of digital systems on-site with a client. The Airbus cyber range features enable the development of accurate representative industry networks that include simulated network(s), connected systems, complex system interactions between humans (attack, defender, users), software, hardware and network traffic. In this way, we can identify and address vulnerabilities before cyber criminals can take advantage of them. The mobile Cyber Range provides critical capability, unique in Ireland, for our R&D services for the Smart Manufacturing industry.

After developing a representative network using the Cyber Range, we connected it to an example piece of real-world Operational Technology such as that might be found on a factory floor – in this case, a robotic arm. Next, our team created a realistic attack scenario that could occur in the Smart Manufacturing Industry. During their time at the CONFIRM Centre, our team worked collaboratively to develop and improve these components, so that we could ensure all the real-world aspects of such a cyber-attack were considered. As a result, the team demonstrated a real-world attack using example Tactics, Techniques and Procedures (TTPs) of Advanced Persistence Threats (APTs) on a real-world device and representative IT/OT network. 

Our team based the design of the attack scenario on real-world events and trends. A recent threat analysis report revealed that phishing attacks, particularly spear phishing, were prevalent, with 41% of incidents using phishing for initial access and 62% employing spear phishing attachments. The manufacturing industry, being the most targeted in 2022, was selected by our team for a cyber-attack demonstration. Backdoors were found in 28% of incidents, surpassing ransomware. The top two infection vectors were spear phishing attachments and exploiting public-facing applications. Using the Metasploit framework, a PDF was weaponised to install a backdoor when delivered through a spear phishing attack on the OT engineering manager, demonstrating how sensitive information leakage, OT engineering manager information, can be used as part of a cyber-attack. The initial target machine was leveraged as a pivot point to enable lateral movement in the representative network. This enabled realistic operations and the targeting of OT equipment. The demonstration showcased the real-world impact of a cyber-attack in terms of safety and availability in the smart manufacturing industry.

This trip concluded with the development of a video which highlights the work completed by our team. In this video, we aimed to demonstrate both our technical capabilities and offering as cyber-security experts. In addition to this, we highlighted a critical truth of today’s manufacturing industry – cyber-attacks have escalated from an avoidable risk to an inevitable reality of the sector. 

Cyber Skills, in partnership with SFI CONFIRM, and the Nimbus research centre have developed a range of research services focused on accessing and improving the readiness and resilience of Ireland’s smart manufacturing industry against cyber-attacks. These services include cyber resilience assessment, test before invest, incident response and crisis management and training and education services for a range of industry sectors including the smart manufacturing industry. These services are delivered using state-of-the-art cyber range infrastructures. 

For more information on these services or to request a demonstration of our capabilities please contact Cyber Skills at: info@cyberskills.ie