As Industry 4.0 Marches on, the Manufacturing Sector Must be Better Prepared for Cyber-Attacks

Written by

The idea of factories full of driverless forklifts and collaborating robot workers was once the stuff of pure science fiction, but has now become the common reality for smart factories around the world. The futuristic new order of things was demonstrated at this years’ Hannover Messe, the leading international trade fair for industrial technology.

Anyone attending the trade fair would have been treated to demonstrations of fully developed “Industry 4.0” techniques which are pushing the manufacturing industry towards fully digitized, intelligent manufacturing plants. First coined at the Hannover Messe back in 2011, Industry 4.0 is the fourth industrial revolution, with data and automation taking over from steam and electricity as the new transformative forces. New developments in the field at this year’s show ranged from mobile ultrasound measuring devices for foresighted machine maintenance, to smart liquid analysis.

It is already apparent that to remain competitive for the future, organizations need to invest in the full potential of digitization. With the increased fusion of IT and automated engineering, intelligent collaboration of all components involved in the production process has resulted in an increase in efficiency, flexible resource management and the individualization of mass production.

The Threats Posed by Increased Digitization
As with most things, there is a downside to the smart factory revolution. With new techniques and equipment all being connected to a central IT system, it creates numerous potential cybersecurity issues. As so much of the factory is digitized it opens up any number of ways for cyber-criminals to access the system. Unfortunately, most of the existing industrial facilities are not designed for connecting to the internet and don’t have a special focus on IT security. There are, however, some production facilities which do have higher protection through advanced monitoring and alarm systems.

Protecting data and applications is often overlooked, leaving the system vulnerable to hacking attacks and cybercrime. Manipulation of machines or manufacturing processes is possible once the attackers gain access, opening up the possibility of everything from interference to the production process to a complete loss of production, theft of sensitive corporate data and full-blown industrial espionage.

Evidence of these risks was demonstrated in 2010 when a computer worm called Stuxnet infiltrated a uranium enrichment infrastructure in Iran. Another example was in 2014, when cyber-criminals gained access to the furnace of a German steelworks and successfully shut it down. It has since been discovered in a study conducted by Verband Deutscher Maschinen-und Anlagenbau e.V (VDMA), that around 70% of all German businesses are affected by plagiarism with reverse-engineering being the most common cause. Illegal reproduction of software and machines also creates losses of 7.3 billion Euros each year.

Securing Connected Production Technology
For companies wanting to reap the benefits long-term from the idea of Industry 4.0 and use it to their advantage, it will be necessary to upgrade their current production facilities and refresh their existing IT security standards. Standard methods of protecting against traditional threats will still be essential, but will need to be adapted to protect against the new wave of digitization. Traditional anti-virus and anti-spam solutions, firewalls and static encryption programs may not be effective against newer threats to the connected infrastructure, and instead security measures directly inserted into applications and programs are increasingly valuable. What the industry needs are security solutions that strengthen single applications and embedded systems and enable them to self-protect against tampering, reverse-engineering and malware insertion. 

As there is a need to be able to access systems and critical data 100% of the time, tension arises between access and protection. Any security measures which are in place must never impair the performance of critical applications and downloading a security update should not interfere with any flow in production. If all applications involved in the production process were able to intelligently detect threats and defend themselves, security could be more guaranteed.

With digitization progressing rapidly and finding its way into our factories, the risk of security breaches is ever increasing. Companies need to be aware of their responsibilities and create a security model which focuses industrial plants and their software along with addressing all forms of malware. This is the only way that Industry 4.0 can truly be secure.

What’s hot on Infosecurity Magazine?