The growing need for cybersecurity vigilance in electro-hydraulic systems

17 December, 2024

At the heart of this issue is the fact that most electro-hydraulic systems were not designed with cybersecurity in mind. Many of these systems were developed in an era when industrial machines operated in relative isolation, with no expectation of remote access or internet connectivity. As a result, when companies integrate these systems into modern, connected infrastructures, they’re often left scrambling to retrofit cybersecurity features. This approach is not only inefficient but also creates vulnerabilities, as existing systems are seldom equipped to handle the layers of security needed to prevent cyberattacks. It’s somewhat like trying to add a lock to an open door, rather than having it built into the frame.

One major vulnerability stems from the communication protocols used in electro-hydraulic systems. Protocols such as Modbus, Ethernet/IP, and CANbus are common in industrial settings, allowing components to communicate with each other and with control systems. However, many of these protocols were developed without cybersecurity in mind, which means they often lack features like encryption and authentication that are crucial in today’s digital landscape. Consequently, a determined hacker could exploit these communication pathways to intercept data, alter commands, or even take control of machinery. For companies relying on electro-hydraulic systems to perform sensitive or hazardous tasks, the potential consequences of such an attack are considerable.

Cybersecurity vulnerabilities

Cybersecurity vulnerabilities within electro-hydraulic systems also extend beyond communication protocols. The human element—typically the weakest link in cybersecurity—plays a significant role here as well. Operators and maintenance staff may inadvertently create security gaps through practices such as using default passwords, neglecting software updates, or relying on outdated systems. Furthermore, as these systems require a blend of mechanical and software expertise, the individuals managing them may not always have specialised knowledge in cybersecurity. Training gaps can leave systems exposed to risks that could have otherwise been mitigated through better awareness and understanding.

The regulatory landscape adds another layer of complexity. Many industries that utilise electro-hydraulic systems are subject to strict regulations concerning operational safety and environmental impact, but cybersecurity standards have not always kept pace with the digital evolution of these systems. For example, safety standards governing hydraulic systems may dictate specifications for pressure limits or fail-safe mechanisms but may overlook cybersecurity requirements entirely. In the absence of mandatory cybersecurity guidelines, companies may find themselves unprepared to tackle emerging threats, especially in sectors where there’s a significant reliance on legacy systems. While newer standards, such as those from the International Electrotechnical Commission (IEC), are beginning to address cybersecurity in industrial automation, these standards are not yet universally adopted, and compliance can be inconsistent across different sectors and regions.

Addressing cybersecurity in electro-hydraulic systems will require a multifaceted approach. First, manufacturers of these systems must integrate cybersecurity measures from the design phase. Rather than treating cybersecurity as an add-on, it should be an integral part of the system architecture. This includes using secure communication protocols, building in mechanisms for regular software updates, and ensuring that authentication and encryption are core features rather than optional extras. By adopting a “security by design” approach, manufacturers can create systems that are inherently more resistant to cyberattacks.