The way in which technology has invaded our lives can sometimes feel overwhelming. We now carry our own small mobile computers in our pockets and bags with us everywhere – we can no longer truly call them, just a phone. Our TV sets are digitized and connected up to streaming media. Even our own bodies are beginning to have a digital layer applied to them, through the use of health devices like Fitbit. Our industrial sectors are no exception; the digitization of manufacturing, the construction industry, and utility firms is forging ahead, with early adopters of technology reaping the benefits with increased customer adoption. Initiatives like the EU 7th Framework (now part of Horizon 2020) to encourage SME manufacturers to use ICT in their business processes, Industrie 4.0 a German government project to forward the pace of Industry 4.0, and the Hannover Messe fair, which showcases and encourages digitization of industry and is the world’s largest industrial fair, are taking industry and manufacturing into a new world order known as Industry 4.0.
There are a number of drivers pushing industry into this new era. Arguably the foundation stone for this change is increased connectivity as Internet communications have become faster and more robust; globalization is also likely a factor contributing to the importance of highly distributed connectivity on industry. Also in the mix is the ability to deal with the massive increase in data generated through this communication channel – analytics and business intelligence is a key tool giving the data, value. Then there are the advances in technology such as 3D printing, robotics and simulation and modelling systems, such as Building Information Management (BIM) in construction. To add even more steam to the train of progression, the Internet of Things (IoT) has taken already high connectivity into a new sphere and really given wings to the digitization of industry and manufacturing. On the subject of drivers for Industry 4.0, the Boston Consulting Group in their report, “Industry 4.0: The Future of Productivity and Growth Manufacturing Industries” have set out nine transforming technologies pushing Industry 4.0, this includes those mentioned above but it also includes the area of cyber security, which we will discuss later on.
What Does Industry 4.0 Look Like – The ‘Smart Factory’
We can characterize the concept of Industry 4.0 using a number of key terms. These terms are outlined in the article ‘Chancen und Risiken 4.0’ as being:
“…automation, autonomy, flexibility and individualization, while a very complete crosslinking and an increase of effectiveness and efficiency are central. The industry 4.0’s core is the Smart Factory, an intelligent factory. The smart factory is operated by cyber-physical system (consisting of physical components, receiving virtual inputs and source of physical products) and innovative industrial robots and is meanwhile connected to its environment.”
The introduction of the ‘Smart Factory’ brings with it new security challenges. The Smart Factory by its very nature needs to be interconnected to many other systems. It is part of a much larger eco-system. Any extended eco-system is complex and with complexity comes significant increases in points of failure. Smart is not just about creating more opportunities and building faster and more valuable communications, it is also about making your infrastructure responsible for those gains, and building robustness into the framework. In a world where cyber security and privacy concerns are at a peak, we need to ensure Industry 4.0 encompasses these issues as part of the whole.
Top Security Threats Facing Industry 4.0
Industry 4.0 participants suffer many of the same cyber threats as other organizations do. They have to counter the same external and insider threats as all businesses, of all sizes, have to contend with in today’s vastly complicated and sophisticated cyber security landscape. They do, however also have some threats, which although perhaps not unique to Industry 4.0, are perhaps more of an issue. The following are some of those threats that Industry 4.0 players need to focus on and mitigate.
Advanced Persistent Threats and Cyber-Espionage
The use of security threat mechanisms known as an Advanced Persistent Threat (APT) is nothing new in the manufacturing sector. APT’s have been used for many years as a clandestine way of using malware, over a long period of time, to extract sensitive data. We are now seeing the development of well-funded, sometimes state-funded, cyber criminal groups who use APT’s to perform cyber-espionage. These groups are run like a well-oiled software development team and have excellent skills. They put these skills to use targeting specific industries, going after proprietary information and intellectual property. One such group is the Black Vine group who focuses on industries such as aerospace and utilities. Many of these types of groups exist – for example, in a recent series of allegations, the U.S. steel industry has accused the Chinese government of stealing intellectual property though a sustained hacking campaign, which is likely to affect Chinese imports. Groups like Black Vine often use APT type malware that exploits zero-day vulnerabilities to slowly steal, often over months, sensitive company data. Industry 4.0 is more vulnerable to cyber-espionage because of the smart and connected business processes that underlie it so we are likely to see this type of cyber threat increase.
Possibly one of the most feared types of cyber threat that we face today is cyber-terrorism; where the cybercriminal morphs into a digital terrorist. The definition of cyber-terrorism covers a multitude of impacts, from data exposure to physical damage. But in general, it can be seen to be politically motivated. Current terrorist groups are known to be actively working on cyber-terrorist techniques and ISIS has a dedicated forum where they swap cyber security information on how to create a catastrophic effect on critical infrastructure components such as utilities. An analysis on the threat of cyber-terrorism by ISIS, “ RISKS OF ISIS-CYBER-TERRORISM” found that one of the key determinants was the fact that modern industry, aka Industry 4.0, is Internet enabled and as such vulnerable to incoming attacks.
Supply Chain and the Extended Eco-System
One of the key features of Industry 4.0 is the ability to interconnect across environments, which has the potential to make the supply chain more efficient. However, supply chain security issues are well known and exploited to great effect by cybercriminals. Many of the biggest security breaches have started with a supplier, often being spear phished and privileged credentials being stolen, resulting in mass data exposure. Industry 4.0 gives the cybercriminal more opportunity to dig into the top of the supply chain, reaching into the Smart factory through its dependent actors. Only by utilizing modern cyber security counter measures, like adaptive authentication and behavioural analysis can be hope to stem the flow of supply chain initiated Industry 4.0 hacks.
Challenges of the Internet of Things
The IoT is a challenge. It creates a multitude of points of entry that can be potentially exploited. The IoT in and of itself has issues with security at a low level, which may end up being inherited as the IoT is used to underpin Industry 4.0 processes. The security guru, Bruce Schneier, in a recent blog post on the IoT and highly connected devices, stated that he believed that we are in a situation whereby we have ‘…retrofit security in after the fact”. Not having a security layer built into the IoT as a pre-requisite, has left the whole system open to serious vulnerabilities, which are like a red rag to a bull as far as cybercriminals are concerned. The reliance of Industry 4.0 means that manufacturing companies will inherit these vulnerabilities unless we take special precautions, such as more adaptive authentication measures, to mitigate them.
Smart Security and the Smart Factory
We cannot turn the clock back. Just as the industrial revolution of the 18th and 19th centuries saw massive and sweeping industrial and societal changes, so Industry 4.0 will also bring forth these major changes in how we work and how our industries collaborate and innovate. This is a good thing. Highly connected industries can offer improvements across all of our manufacturing industries, utilities, and even healthcare manufacturers. Big data generated through the use of the IoT can give us insights into how things work and can be improved that normally we would never see. But as with all new things, there are those waiting in the wings to exploit them. Cybercriminals and terrorists are actively working to ensure that they get their share of Industry 4.0. Tried and tested techniques, like social engineering, are even more powerful when you are ‘always on’ as the highly connected Smart Factory is, by default. Only by using Smart Security, within the context of the Smart Factory will we be able to stem the tidal wave that is building against our factories, utilities, and construction industries.
Michael Liebi ist Gründer und nun als Board Member bei United Security Providers tätig.