Cybersecurity as a key enabler of Industry 4.0

The manufacturing industry becomes an increasingly appealing target for attackers as it continues to adopt Industry 4.0 technologies

A recent Embedded article by Johan Kraft paints a clear picture of the IT and security needs created by these new “immensely complex” Industrial Internet of Things (IIoT) or Industry 4.0 systems. As Kraft notes, “[o]ne of the defining features of Industry 4.0 is distributed sensing. This latest iteration of industrial automation sees a dramatic increase in the sensor nodes used to monitor equipment and processes, all linked up to gateway devices in a complex industrial internet of things (IIoT)…But this also requires more focus on the security of the network to ensure safe operation.”

Why is security such a critical issue with Industry 4.0 systems? Kraft explains: “Most industrial systems have been isolated in closed loop systems. Industry 4.0 opens these systems up to the wider Internet and higher risks of compromise.”

Martel agrees: “But just as these new technologies have created the opportunities for optimisation, they have also introduced new risks and security threats, creating a completely different threat vector than PC-based networks. Industry 4.0, for all its benefits, makes ‘Industry’ an appealing target for cyber-attacks. The expanded attack surface gives bad actors the opportunity to move laterally across a network, jumping across IT and OT systems for industrial espionage, intellectual property theft, IP leakage, or even production sabotage. For this reason, cybersecurity best practices must be acknowledged as one of the pillars to a successful Industry 4.0 strategy.”

The smart factory’s combination of virtual and physical systems makes interoperability and real-time capability possible, but it comes with the cost of an expanded attack surface that requires both information technology (IT) and operational technology (OT) defences. Enhanced exploitation tactics and techniques will be used to target supply chains and then make their way down to the OT and edge devices, hitting multiple attack surfaces at once. Organisations must carefully consider the security implications to have a successful Industry 4.0 journey, and in the end, best practices will be key.