Intelligent and interconnected technologies that meet consumers’ and companies’ demands for fast and efficient logistics define smart warehouses. But intensive process automation, IoT, and IIoT (industrial internet of things) devices demand a new concept for an integrated security system. Why? Because industrial IoT and IIoT applications and components create a larger attack surface. Modern warehouses afford cyber attackers new opportunities and are more vulnerable to attack than classic ‘air-gapped’ industrial plants.
Secure warehousing is thriving, and not just against the backdrop of the Covid pandemic. In 2018, warehouses accounted for around a quarter of Germany's newly built floor space. So, it's no surprise that warehouses remain a business-critical point in secure storage, inventory and capacity buffers, distribution, and supply chains. Virtually every company depends on them for incoming materials or outgoing products. They typically stock thousands or tens of thousands of manufacturing components and finished products worth millions. In times of booming e-commerce, their security, efficient operation, and fast throughput play an essential role in economic stability.
For online consumers, delivery speed has long been a deciding factor. How quickly can you get that new shirt you’ve had your eye on? In the highly competitive retail world, near-instant gratification – that shirt delivered to your home the next day, has become the expected norm. And talking of shirts – if it doesn’t suit you, the supply chain works in two directions. Warehouses don’t only receive manufactured goods for delivery to online shoppers and bricks and mortar retailers; they also process customer returns. This is known as reverse logistics, and it’s a costly and resource-heavy business. In 2021, the National Retail Federation reported a staggering 20.8 percent of online returns.
Warehousing and intralogistics – which is concerned with controlling every function inside a warehouse or distribution center’s four walls – are also critical in the B2B space, especially in manufacturing. Global supply chains and just-in-time delivery are inconceivable without efficient warehousing systems. These days, no employee can hope to find an item in a warehouse manually. Three-dimensional shelving spreads over acres in high-bay buildings. Automated conveyor belts, autonomous forklifts, AI-powered robot warehouse pickers, and even drones work alongside human workers guaranteeing both manufacturing production and delivery capabilities.
In the logistics sector, digital transformation has arrived. Advanced systems optimize processes, automating and controlling almost every step. Industrial internet of things (IIoT) systems and components such as intelligent sensors, scanners, and cameras whirr and hum busily, capturing and analyzing information in real time. Common industrial technologies include mobile data capture (MDC), with connectivity over WLAN, soon to be replaced with 5G. Proprietary radio technologies, radio frequency identification (RFID) detection, RFID tags, and barcodes all play a core role in the daily life of a smart warehouse.
And a decade into the fourth industrial revolution - Industry 4.0, we are now witnessing Logistics 4.0, the almost total digitalization of the supply chain.
Technologies used in logistics 4.0 include autonomous warehouse systems that rely on driverless transport systems, such as automated guided vehicles (AGVs) and autonomous mobile robots (AMRs). A sightless but all-seeing cast of actors, robots, and drones can complete any task without human intervention, from storing products at specified storage locations to preparing customer orders for dispatch.
Barcode scanners enable near-instant identification of an item at any stage of its journey across the supply chain. The software registers and updates the item’s precise location against its corresponding barcode. This ensures it can be found again and provides the control room transparency over inventory. Modern supply chain managers use such systems to capture critical information like storage locations, capacity utilization, and storage or throughput times to ensure a smooth supply chain. Without IT support, process optimization, and operational technology (OT), operational efficiency and real-time analytics in vast distribution centers would be near impossible or demand an army of human workers.
Is this the heyday of IT and operational technology (OT)? Not quite yet. The convergence of IT systems and OT components is precisely what makes warehousing systems potentially susceptible to interference. Even the outage of individual technologies or devices can lead to grave operational failures in the company, cascading across the entire supply chain. For example, the failure of transport systems used to access the upper levels of the high-bay warehouses means the items are, quite literally, beyond reach. Failed software updates can trigger these outages, but increasingly professional cybercriminals are setting their sights on industrial systems. Current studies show that around half of all cyberattacks are not of a classic IT nature and are targeting operational technology or process automation.
The problem: while IT systems are generally protected through comprehensive IT security measures, in operational technology, the subject of security has been somewhat neglected until now. Until a few years ago, this did not present any issues, as warehouse systems were exclusively ‘internal’. The traditional ‘guards, guns, and gates’ security, such as closing and locking a building’s doors and patrolling its physical perimeters, provided a commensurate level of protection. But with increasing digitalization and connectivity, and the associated opportunities for external attacks, e.g., via systems, tools, third-party software, wireless networks, and industrial IoT, there is now new potential for attacks. Virtual access points must also be closed and locked - or at least controlled.
For hackers, a process automation environment is an Aladdin’s cave of potential targets. They will look to identify and exploit weak points in cybersecurity through which they execute malware in industrial systems. The threat actors often hide malicious code in ZIP or RAR files or attempt to penetrate a company’s defenses via USB sticks. Favorite channels for planting malware include URLs posing as news sites, which, when clicked, install malware through the back door. Ransomware is the preferred weapon of choice, taking production or management systems hostage and bringing operations to a halt until the victims pay a ransom. ‘Silent attacks’ are also common, for example, spying to obtain a company’s intellectual property and other commercially sensitive information.
Access point 1: manipulating management systems via office IT
‘Classic’ access could occur via a phishing attack allowing access to the office IT. Warehouse management systems are generally located in the office domain. Accessing the domain gives attackers a stepping-stone to these systems. Once breached, they can manipulate processes or sales orders by switching item numbers or altering order quantities. The consequences can be painful and expensive; for example, over-delivering perishable goods like deep-frozen foods or vaccines that the recipient has no room to store.
Access point 2: changing the OT network’s parameters
In a modern warehousing scenario, attackers can directly reach control systems, such as OPC-UA servers, by remote maintenance access via providers or service companies. From there, access to the control and shop floor level is possible, where our malicious actors suspend safety mechanisms by changing threshold parameters. These actions could lead to injuries to personnel or damage to infrastructure. For example, cyber-physical systems are interrupted, and autonomous robots drive into racking or people.
How can the sector mitigate the threats to security? Firstly, operators need more transparency over the implemented technologies. Greater visibility will help them to comprehend the security issues relating to all processes and make informed security-related decisions. Cybersecurity experts can help to prioritize defense measures based on the level of threat and the likely consequences of inaction.
Common vulnerabilities include unsecured remote access allowing cybercriminals to access conveyer systems and high bays, and insufficiently secured applications using radio technologies. As a first step, more stringent monitoring is essential, like that seen in a classic cyber environment.
There is also a lack of transparency regarding implemented software. The control software in supply chain components comprises many modules from various sources, with managers having no overview. For example, suppose there is a weak point in a network driver. Managers are unaware of this without a bill of materials for the implemented components. Further, they cannot trace which systems or devices are affected, assess the risks, or plan to target and patch the weak point.
As well as the technical challenges, the convergence in warehouse operations often causes headaches for those in charge. Until now, there has frequently been a lack of approaches that combine professional data collection from IoT applications and IIoT systems with the interpretation of the impact of anomalies. Although sensors and IIoT solutions can capture data in the OT network, what is the significance of the exceptions that arise? This is not something that those in charge of IT can assess. To do this, they would need the expertise of those in charge of processes. Convergence also means merging expertise within the organization.
To protect themselves against threats, those in charge must check their systems’ existing security mechanisms and tighten them as necessary. Some tried and tested IT security processes can now be adapted for an OT environment. The starting point for a future-proof security concept should be a rigorous analysis of the situation to integrate the internal responsibilities, processes, and required norms. Under specific circumstances, a critical infrastructure audit will also be necessary, for example, to store medicines. A workshop with external experts can help here.
Intrusion detection systems (IDS) are an absolute must for gaining a clear view of processes in the OT network. IDS can also ‘read’ secure warehousing protocols, such as OPC-UA, and identify and isolate anomalous traffic and packets with destructive code. Network segmentation can also minimize the impact of attacks, which can take place via modern OT firewalls. Supply chains and warehouses must also implement strong machine identities alongside the IDS and network segmentation to secure their systems. Furthermore, predictive maintenance solutions for regular remote maintenance tasks help to increase the security of connected warehouses.
