Rising to the Industry 4.0 cybersecurity challenge

3 min read

Greater connectivity is transforming industry in mostly positive ways, but as more and more devices talk to each other keeping data safe has arguably never been more challenging. Andrew Cooke from Airbus CyberSecurity offers some advice. 

Industry 4.0 is the next phase in modern manufacturing. The term describes the fourth industrial revolution where, driven by the Internet of Things (IoT), physical devices within industrial plants are being fused with the internet so that processes can be carried out through automation.

Industry 4.0 essentially means that manufacturing plants are getting ‘smarter’ as all physical devices are becoming connected, where they can talk to each other, become more efficient and trigger actions with minimal human involvement.

It is imperative that manufacturing plants looking to adopt Industry 4.0 take steps to improve security and ensure they are not exposing their systems to cybercriminals.

The benefits from Industry 4.0 are far reaching. Manufacturing plants can see improvements in efficiency and productivity due to the consistent monitoring and computer controlled assessments, which have the ability to identify issues before they become a problem. Similarly, Industry 4.0 also offers a number of health and safety benefits as human intervention can be completely eradicated in certain processes, particularly for jobs in hostile working environments.

The results for many organisations looking to adopt Industry 4.0 could be increased revenues, greater profit margins and even an advantage over competitors.

However, as with any change in working practices, there are also some associated risks which must not be ignored.

The disadvantages of connectivity

With Industry 4.0, physical entry terminals all have IoT embedded into them, which ultimately means that they are vulnerable to cyberattack. While this added connectivity helps improve productivity, it is also a weak point in the network which cybercriminals can take advantage of.

Cybercriminals understand the sensitivity of these networks and are also fully aware of the devastating consequences a successful attack can have – from lost revenues, a fall in profits, irreparable brand damage, or the devastating threat to people and assets.

It is therefore imperative that manufacturing plants looking to adopt Industry 4.0 take steps to improve security and ensure they are not exposing their systems to cybercriminals.

One of the key challenges with cybersecurity within manufacturing plants is that attacks are extremely difficult to identify on Operational Technology (OT) environments.  Consider a plant where, for an unknown reason, a certain component suddenly stopped working. The chances are a ‘cyberattack’ is not going to be the first consideration when trying to work out what has gone wrong. In nine out of 10 cases the root cause is likely to be benign. But what about that one time when there was a more sinister root cause?

Industry 4.0 cybersecurity
Attacks on operational technology environments are difficult to identify

While monitoring services exist for OT environments, they have limited application due to the necessity for network zones, or segmentation. This means that sensors need to be placed at a number of different layers within the network in order to monitor activity. Another contributing factor is complacency, even if network traffic is being captured. Many organisations are completely focused on getting systems up and running again, rather than mining through vast data sets to determine categorically what went wrong.

Cybersecurity best practices

As organisations adopt Industry 4.0 working practices, cyber security is increasingly paramount.

With this in mind, here are five cyber security best practices to help protect connected manufacturing plants from cyberattacks:

Default credentials: Factory set usernames and passwords are a major security risk and provide attackers with a very easy entry point. Before connecting a device, ensure that these credentials have been reset.

Patching: When code flaws - i.e. zero-day vulnerabilities, are found in software, updates will be released. Organisations need to determine how these can be implemented and rolled out to affected devices within the environment.

Network maps: Understand the complete profile of the network. This includes defining how OT and Industrial Internet of Things (IIoT) are connected and the risk that exists within the process.

Asset identification: Determine what processes and assets are critical to the organisations ability to operate and what the threat vectors might be. Draw a map detailing processes, correlated against a network map, to get a comprehensive view. You can’t manage risks to assets or devices that you don’t know about.

Upskilling: Understand the ‘blue-collar’ workforce and how working practices have changed. Many now use technology to perform tasks, so make them aware of the cyber threats they face. For example, engineers should not be able to just plug in a USB stick without first checking that it is free of malware and its operating system is up to date.

Andrew Cooke is head of ICS Consultancy at Airbus CyberSecurity, a unit of Airbus Defence and Space