To What Level Should A CAD Engineer Be Aware Of New Cyber Threats?
Less than two decades ago, the primary goal of most CAD organizations was to provide up-to-date CAD workstations and a pleasant working environment for their CAD engineers and designers. Even today, the training of a CAD engineer focuses on equipping the engineer with the ability to define engineering problems and to use CAD tools to solve the problems.
When a new CAD engineer is recruited by a CAD company, some of the most important lessons that the engineer may learn during orientation and training include the following:
- Design projects should be performed with specific company-approved Suitable CAD workstations, and design tasks should be performed under well-defined company guidelines,
- Security guidelines should be followed religiously in order to protect company information, and the exchange of design information should occur within well-established protocols,
- Workstations and the work environment are fenced by a company firewall, and any attempts to work outside the system are considered as violation of company policy.
The fact is that within the last decade, cyberterrorism has become prevalent and sophisticated. It is not only national governments and national defense systems, financial institutions, or infrastructure systems which are targets for cyberterrorism. CAD companies also spend money and resources to protect themselves from cyberterrorism.
In this article, we try to answer the question: “To what level should a CAD engineer be aware of new cyber-threats?” Because a complete answer to the question is not within the scope of this article, only these topics will be considered:
- What is a cyber-attack?
- How could a cyber-attack be waged on a CAD system?
- What damages could a CAD company suffer from cyberterrorism?
- How could cyber-attacks on CAD organizations be prevented or minimized?
What is a Cyber-Attack?
A cyber-attack is malicious action which is designed to disrupt or cripple the computer systems of infrastructures, computer networks, or personal computing devices. The attacker or cyber-terrorist uses sophisticated methods to avoid detection, because the attacker’s intention to establish a foothold in the targeted computer system in order to steal, alter or destroy information in the system.
The methods used by cyber-terrorists include the planting of malicious software (malware) or viruses in the targeted system. When a cyber-attack on a CAD organization succeeds, the criminal or intruder could do the following:
- Steal software or identities from the CAD organization,
- Create denial of service to CAD engineers,
- Steal or destroy intellectual property.
How Could a Cyber-Attack Be Waged on a CAD System?
Because methods of cyber-attacks have become increasingly sophisticated, it is necessary for IT engineers who work for CAD organizations to stay up to date with new cyber-attack methods.
The CAD engineer is too busy performing design tasks to become pre-occupied with cyber- attacks. Nevertheless, the CAD engineer should be keenly aware of avenues or entry points which could be open to the cyber-terrorist. These avenues could become open to the cyberterrorist by performing these seemingly innocent practices:
- Opening email attachments which could include malicious malware,
- Downloading software, multimedia material, or unknown data from the web.
- Inserting flash drives into USB ports.
Once a cyber-terrorist accesses the intended target, the criminal can quickly accomplish several tasks.
- Probe for vulnerabilities and additional network access within the organization,
- Use malware to establish additional breach points, so that the cyber-attack will be difficult to remove completely, even if the original point of attack is removed.
- Establish network access; gather data such as account names and passwords. If the cyber-terrorist succeeds in cracking passwords, data can easily be collected from the victimized target.
- Disguise the presence of planted malware on the network, in order to make it easier to return and steal more information, or to cause damage to the network.
What Damages Could a CAD company Suffer From Cyberterrorism?
It is not too difficult to imagine what types of damage a cyber-terrorist can cause to a CAD organization.
The main types of damage which could ruin or severely damage a CAD organization include:
- Having designs stolen or destroyed. Even designs which are backed up within a cloud system will lose their proprietary status and could be exploited by competing organizations.
- Suffering a denial-of-service attack which prevents CAD engineers from performing their work,
- Having the network system brought down
Rather than try to enumerate other types of damage, it will suffice to mention vulnerabilities within CAD systems which have been exploited, or could be exploited by cyber terrorists.
- The Stuxnet worm virus was used to target and damage Iranian centrifuges used to enrich uranium. The malware was sophisticated enough to make the technicians believe that the centrifuges were operating normally, while they were actually destroying themselves.
- Malware in Bluetooth-enabled insulin pumps altered the dosage of insulin administered to a patient, with the intention of causing injury or death to the patent.
- Malware planted within the software of a production machine could create defective parts, while deceiving the production personnel into believing that they were producing acceptable parts.
- The STL file format used for 3D Printing or AM (Additive Manufacturing) can be easily altered by malware so that 3D printers produce defective parts.
How Could Cyber-Attacks on CAD Organizations Be Prevented Or Minimized?
Cybersecurity or the ability to prevent new cyber-attacks or threats is a never-ending battle for IT professionals, because cyber crooks and terrorists are well trained, and they are always looking for new methods to practice their criminal behavior. According to the viewpoint of a cybersecurity expert at CBIS (Washington DC-based Center for Strategic and International Studies), it may be more profitable for businesses to concentrate on detecting malware and on minimizing the damage they can cause.
CAD organizations could take additional steps to thwart the efforts of cyberterrorists. Some of these steps are:
- CAD engineers should stay vigilant, and should report any changes in the software environment to IT personnel.
- CAD engineers should not open email attachments which do not come from well-known sources.
- CAD engineers should not download data from sources outside their organization without the approval of IT personnel.
- All USB or flash drives should be scanned for malware before they communicate with workstations.
- CAD organizations should create segmented networks.
- CAD organizations should promptly identify and quarantine unrecognized data within the network until the data has been cleared for safety.