How safe is your data in Industry 4.0?
Manufacturing is one of the most targeted industries for cyber-attacks
Automation / Robotics
With the growth of smart, connected technology in Industry 4.0 initiatives, data is more available than ever. But, how safe is your data when you are connecting machines to the cloud? Leaving your operation vulnerable to cyber-attack can be disastrous. Appropriate measures need to be taken to protect the operation.
Unfortunately, there is not one cure-all answer that can help protect your operation against every unsafe threat. Rather, you must implement data protection as an overall strategy.
Industry 4.0 refers to the Fourth Industrial Revolution, a super trend that is affecting much of manufacturing right now. The first two so-called revolutions were the advent of steam power and electricity. The third revolution was the development of computers into production with PLCs, historians, etc. Industry 4.0 is the revolution of data and connectedness that is becoming possible with new technology. It encompasses such terms such as the Industrial Internet of Things (IIoT), Smart Manufacturing, Machine Learning, and Artificial Intelligence (AI).
A core tenet of Industry 4.0 is unobstructed data flow for rapid, deep understanding of processes. The goal of availability and connectedness must be balanced with the risk of cyber-attack.
Manufacturing is, unfortunately, one of the most targeted industries for cyber-attacks. In a recent survey, MakeUK found that “48% of manufacturers have been subject to a cyber-attack”. These attacks wreak havoc on the manufacturers, costing billions of dollars worldwide. A study in 2018 estimated a $50 billion cost in cyber-attacks on German manufacturing.
The attacks can come in many forms. Phishing scams can dupe unwitting workers via email. Ransomware can control systems until hackers are paid a ‘ransom’ to remove the infection. Some attackers look to steal intellectual property and sell to competitors. Hackers can potentially even directly control process machinery.
Malicious software can also infect ‘air-gapped’ equipment via USB (perhaps the most famous cyber-attack on an industrial process was a version of this attack called Stuxnet). In fact, manufacturing is attacked from USBs at a higher rate than other sectors. Research from TrendMicro found that in the second half of 2018 “25.77 percent of USB worm detections occurred in the sector which was almost double that of government (13.49%) and education (12.73%)”
The Stakes Are Higher with The Switch to Industry 4.0
Engineers are familiar with the principle that, as a system gets more complex, the number of ways in which it can fail also increases.
That is what happens when you decide to introduce predictive maintenance and Industry 4.0 to any production environment. While this added layer of complexity undoubtedly brings numerous benefits, it also makes you more vulnerable to cybersecurity threats – and stats mentioned in the last section clearly reflect that.
And when everything is connected, even a single breach can be devastating. Stealing or deleting important data you have stored aside, the risks are nicely described by functional safety consultant Rafal Selega in this article:
“The underlying principle of Industry 4.0 is that all systems, including those devices utilizing Internet-protocol addresses, are connected to the globally accessible Internet infrastructure. It is frightening to imagine what could happen if a cybercriminal broke into an Industry 4.0 plant system environment to access and control each and every device associated with the local area network.”
Solving the Issue
There is not a quick fix solution to the ever-growing problem of data security. The process of securing the operation against threats is a continual progression. An overarching approach should be developed and maintained.
- Develop a Security Strategy Early
Make cybersecurity part of your Industry 4.0 strategy and do it early! You don’t want to be making drastic changes to your Industry 4.0 projects after they have been deployed. If needed, involve industry experts and make an investment into cybersecurity at your facility.
- Map the System
Build a map of all connected devices and conduct a thorough risk assessment of those devices. Pay particular attention to outdated equipment. Form a plan to upgrade or remove the old devices from your network. Reassess the network at regular intervals.
- Follow Industry Standards
There are industry standards for cybersecurity that can aid your business in securing its data. Make the standard a requirement for any technology used at your site.
There are many specific practices that can be enacted to safeguard your data and processes. Develop an internal process for new Industry 4.0 projects which specifically reviews their vulnerability. Enable multi-factor authentication for user logins. Develop user access directory groups and review them regularly. Apply software patches frequently to ensure security flaws are corrected. Use encryption and data masking techniques. Audit these practices and maintain documentation of the audit process.
- Pick your software providers carefully
We need different software solutions to manage the increasing complexity that comes with Industry 4.0. For an added piece of mind, you should only choose software providers that can explain which measures they have implemented to prevent possible exploits.
With Industry 4.0 initiatives, your data is as safe as you make it. Your operation needs to be considering cybersecurity as part of its Industry 4.0 plan. Threats are evolving every day and businesses cannot ignore them. By not securing your data, you risk huge losses. Fortunately, there is much guidance and practice on this topic, so any business looking to secure its Industry 4.0 can get help if they are not ready to face the risks.
Bryan Christiansen, founder and CEO of Limble CMMS, a modern, easy to use mobile CMMS software that takes the stress and chaos out of maintenance by helping managers organize, automate, and streamline their maintenance operations.