Cybersecurity in the Industry 4.0 Era
MIlton D'Silva explains how Industrial organisations require cybersecurity to maintain cyber and operational resilience.
Representative image of a hacker. Image source: freepik
Mention cybersecurity and chances are most people would think of a computer virus and associate it with the Internet and the Industry 4.0 ecosystem of connected plants and networked systems. Consider the recent spate of spectacular attacks like the Colonial Pipeline ransomware attack of May 2021 in the US or the even more spectacular malware attack on snack giant Mondelez in 2017, also in the US. The latter was dubbed as the most destructive and costliest cyberattack in history by the US government and cost the company over USD 100 million in damages.
The computer virus, which is a type of malicious software or malware, infects computers and corrupts their data and software. Injecting malware into a computer network by gaining unauthorised access is one of the most common forms of cyberattacks. The virus or malicious software comprises several different types of attacks such as ransomware, spyware, command and control, and more. Yet, cyber attack is not just limited to the computer virus, but more of this later.
The fact is cybercrime is not a recent phenomenon, nor is it caused just because of the Internet or networked systems. In fact the first recorded case of a cyberattack dates back to 1834 when there was no Internet and the term cyberattack did not exist. It was a case of unauthorised access where attackers stole financial information in France by accessing the country’s telegraph system.
The idea of a computer virus that can damage machines just like the biological virus harms living organisms was first elucidated by mathematician and computer pioneer John von Neumann in the late 1940s. This was further elaborated upon by him in a paper published in 1966, Theory of Self-Reproducing Automata. Within 5 years, in 1971, the first computer virus, referred to as the Creeper Virus, was created for research purposes by Bob Thomas at BBN technologies. Designed as a security test to see if a self-replicating program was possible, Creeper succeeded in doing just that, and in the process proved its destructive potential.
The Internet just made it easy to propagate it at the click of the mouse from the safety of the Dark Web or hostile enemy territory. The world, it appears, has to live with the good while accepting the fact that evil forces are always lurking around. It is a concept that exists in most religious beliefs with the good prevailing over the evil, but in reality, a cat-and-mouse game, a never ending contest! In the present context, this game is played between the hostile actors, represented by the cyber attackers, and the affected users deploying cybersecurity measures to thwart those attempts.
USB flash drives or pen drives are a significant threat. Image source: Esa Riutta, Pixabay
IBM describes cyberattack as any intentional effort to steal, expose, alter, disable, or destroy data, applications or other assets through unauthorised access to a network, computer system or digital device. Common types of cyberattacks include malware (ransomware, scareware, spyware, etc.), Denial-of-Service (DoS) attacks, phishing/spoofing, stealing of identity, code injection, and insider threats and IoT-based attacks. These attacks are initiated by many different actors for various reasons, but broadly fall into three categories:
i. Criminal – where attackers seek financial gain
ii. Personal – often launched by present or former employees out of personal grievances, and
iii. Political – where State actors are involved in full scale cyber warfare with tacit or active backing of governments.
According to Kaspersky, a private international cybersecurity company, Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Gartner, a company with over 40 years providing insights and expert guidance to clients’ enterprises worldwide describes cybersecurity as the practice of deploying people, policies, processes and technologies to protect organisations, their critical systems and sensitive information from digital attacks.
Cyberattacks have the potential to cause immense damage and in extreme cases can even destroy a business. An example is UK-based telemarketing firm, The Heritage Company, which, after running successfully for 61 years, announced an unexpected shut down in December 2019 after facing a ransomware attack and suffering huge losses. According to the ‘Cost of a Data Breach Report 2023’ published by IBM Security, the average cost of a data breach in 2022 was US$4.35 Mn.
This includes the costs of discovering and responding to the violation, downtime and lost revenue, and the long-term reputational damage to a business and its brand. Although cyberattacks are today growing in sophistication and hence becoming harder to prevent, countermeasures exist and are effectively deployed to block the attempts. More importantly, as is well known from the 2020 study done by Stanford University Professor Jeff Hancock and security firm Tessian, approximately 88 percent of all data breaches are caused by an employee mistake. More recent findings mentioned in the IBM Cyber Security Intelligence Index Report based on interviews with thousands of IBM customers in 130 countries concluded that “human error was a major contributing cause in 95% of all breaches.”
Honeywell SMX is designed to provide advanced threat detection for critical
Human error thus is the weakest link in the cybersecurity chain. For example, the USB flash drive, commonly referred to as pen drive, is a significant threat. It is widely believed that the 2007 attack on an Iranian nuclear facility was spread by an infected USB drive. Global automation major Honeywell in a 2022 USB threat report indicates that 52% of threats were specifically designed to utilise removable media, up from 32% the previous year and more than double the 19% reported in the 2020 study.
Honeywell offers Secure Media Exchange (SMX), which is designed to provide advanced threat detection for critical infrastructure by monitoring, better protecting and logging use of removable media throughout industrial facilities. Other vendors have similar solutions. Many enterprises have simply banned the use of USB flash drives and SD cards to eliminate the threat.
Ironically, there are a few simple steps that can go a long way in protecting organisations against cyberattacks. For example, Kaspersky lists a few top cyber safety tips, which in brief, are as follows:
i. Update your software and operating system.
ii. Use anti-virus software, keep it updated.
iii. Use strong passwords.
iv. Do not open email attachments from unknown senders.
v. Do not click on links in emails from unknown senders or unfamiliar websites.
vi. Avoid using unsecured WiFi networks in public places.
Dr Shekhar Pawar, Founder/CEO of SecureClaw Inc., USA; and GrassDew IT Solutions Pvt Ltd, Mumbai (India).
Cyberattacks on Manufacturing Industries
While no organisation, institution or business is immune from cyberattacks, it is the manufacturing industry that is particularly vulnerable, which makes it an attractive target of sinister forces. The IBM Security report mentioned earlier also says manufacturing is the industry most targeted by cybercriminals and the average cost of a data breach here is higher at US$4.47 Mn in 2022, which is an increase of US$ 5.4% over the previous year.
The relationship between Industry 4.0 and cybersecurity is significant and complex due to the integration of advanced technologies, connectivity, and automation in modern industrial processes. Industry 4.0 involves the digital transformation of manufacturing and industrial processes through the integration of technologies like the Internet of Things (IoT), big data, artificial intelligence (AI), cloud computing, and more. IIoT is the vital element that links all the industrial equipment, assets, processes and events that form the operating technology (OT). This connectivity in turn leads to a high level of dependence on information technology (IT). Unfortunately, in many organisations these two important divisions often operate in silos, and create even more vulnerabilities. It helps if organisations are proactive with good coordination between different departments as is evident from the example quoted below.
At the peak of the Covid pandemic, Schmersal, a well known German company engaged in manufacturing safety switchgear for personal and machine protection, was crippled by a cyberattack in mid-2020. Schmersal was fortunate to have received an official communication warning them that cyber criminals were planning to launch a targeted attack on the company’s network. Thinking fast, the IT managers swung into action and terminated the internet within ten minutes, and in the next 90 minutes the company’s global IT network was offline, including the entire ERP system infrastructure, as well as the entire production process and fully automated storage, at all locations. The quick action actually stopped the criminals from completing the attack. Systems were gradually restored over the following two weeks. Commenting on the incident four weeks after the attempted cyberattack, Philip Schmersal, Managing Director said, “Situations like these really highlight how dependent companies now are on IT. Making telephone calls, e-mails, accepting orders – we had to find alternative channels for every process. We worked extremely hard to keep in contact with our customers in every conceivable way and to keep them up to date.” It was a close call indeed.
It is pertinent to see how exactly Industry 4.0 and cybersecurity are related when it comes to the manufacturing industry:
- Increased Connectivity: Industry 4.0 relies heavily on interconnected devices and systems that communicate and share data in real-time. While this connectivity offers numerous benefits in terms of data-driven insights and improved efficiency, it also expands the attack surface for potential cyber threats.
- Data Vulnerability: The massive amount of data generated and exchanged within Industry 4.0 environments can be sensitive and valuable. Protecting this data from breaches and unauthorised access is crucial to maintaining the integrity and competitiveness of the organisation.
- IoT Devices and Sensors: Industry 4.0 heavily employs IoT devices and sensors to gather data from various points within industrial processes. These devices are often resource-constrained and might lack robust security measures, making them potential targets for cyberattacks.
- Remote Monitoring and Control: Industry 4.0 enables remote monitoring and control of industrial processes, which can be a double-edged sword. While remote access offers convenience and efficiency, it also presents security challenges, as unauthorised access could disrupt operations or manipulate processes.
- Cyber-Physical Systems: Industry 4.0 blurs the lines between the cyber and physical worlds, with cyber-physical systems (CPS) playing a pivotal role. Attacks on CPS can have real-world consequences, such as compromising the functionality of critical infrastructure or manufacturing processes.
Besides, there are Supply Chain Risks as weak cybersecurity practices within one part of the chain can potentially impact the entire ecosystem. Also the fast-paced development and deployment of new technologies in Industry 4.0 can lead to security gaps if cybersecurity measures are not integrated into the design and implementation processes from the start.
IBM Security Command Center for cybersecurity training. Image source: IBM
Mitigating cybersecurity risks
The Wipro State of Cybersecurity Report 2023 notes how major technological, geopolitical and economic disruptions have forced organisations to change their approach to cybersecurity threats and risk management. According to this report, 38% of the organisations in the manufacturing sector have experienced at least one breach in the last 3 years. Among the respondents, 81% view ransomware attacks as their top risk while 74% view email phishing as their top risk. When it comes to cybersecurity, 17% are highly confident about protecting their systems from an attack with appropriate cyber control measures, but only 7% are confident in recovering quickly from a cyberattack.
To mitigate these cybersecurity risks in Industry 4.0 environments, organisations need to adopt a proactive and multi-faceted approach, such as:
- Security by Design: Integrate security considerations into the design phase of systems and devices to build robust cybersecurity measures from the ground up.
- Network Segmentation: Segment networks to limit the lateral movement of attackers and reduce the impact of potential breaches.
- Regular Updates and Patching: Keep all software, firmware, and hardware components up to date with the latest security patches to address known vulnerabilities.
- Access Control: Implement strict access controls and authentication mechanisms to ensure that only authorised individuals can access critical systems.
- Encryption: Encrypt data both in transit and at rest to protect it from unauthorized access.
- Monitoring and Detection: Employ continuous monitoring and intrusion detection systems to detect and respond to potential threats in real-time.
- Employee Training: Educate employees about cybersecurity best practices and the potential risks associated with Industry 4.0 technologies.
In summary, the integration of advanced technologies in Industry 4.0 brings significant benefits to industrial processes, but it also introduces new and complex cybersecurity challenges. A holistic and proactive cybersecurity approach is essential to ensure the continued success and safety of Industry 4.0 implementations.
State regulations and an expert view
As the threats continue to grow in severity and enormity, often with active participation of hostile governments, various countries are adopting stricter regulations to counter the menace. The Securities and Exchange Commission (SEC) in the US has recently issued a final rule that requires registrants to provide enhanced and standardised disclosures regarding “cybersecurity risk management, strategy, governance, and incidents.” Similar is the case with the European Union and other nations.
The moot point is, are such regulations adequate for preventing cyber-attacks? To this and a couple of other questions, Dr Shekhar Pawar, DBA in Cybersecurity domain at SSBM, Switzerland and Founder/CEO of SecureClaw Inc., USA, and GrassDew IT Solutions Pvt Ltd, Mumbai (India), has provided an expert view in this regard. “As a researcher, I know that cybersecurity regulations, such as digital data protection and similar laws, differ from country to country. Here, we need to look at a few factors to understand how the different countries consider cybersecurity regulations for themselves,” he says.
According to Dr Shekhar Pawar, technically, almost all countries share the same inherent cybersecurity vulnerabilities or risks associated with international digital products. Governments, however, use a variety of tactics to address these worries, including enacting import restrictions, pre-requirements for market access, and post-sale service requirements to manage possible cybersecurity threats. International enterprises are forced to negotiate a disjointed system of laws and regulations that vary from nation to nation and even day to day, posing serious hazards to the businesses trying to follow them.
Schneider Electric cybersecurity solutions to secure industrial operations. Image source: Schneider Electric
Leading players in cybersecurity @ Industry 4.0
There are several leading vendors that provide cybersecurity solutions tailored for the manufacturing industry. Featured below are some of the more prominent ones with extensive engagement with the industry and a global clientele among the discrete manufacturing and process industries:
IBM: IBM Security works with user industries to help protect their business with an advanced and integrated portfolio of enterprise cybersecurity solutions and services infused with AI. In early 2022, IBM announced a multi-million dollar investment in its resources to help businesses prepare for and manage the growing threat of cyberattacks to organisations across the Asia Pacific (APAC) region. The centerpiece of this investment is the new IBM Security Command Center, the first of its kind in the region, for training cybersecurity response techniques through highly realistic, simulated cyberattacks.
Rockwell Automation: Known for industrial automation solutions, Rockwell Automation also provides cybersecurity services and products tailored for manufacturing environments. Rockwell Automation PartnerNetwork™ brings world-class cybersecurity solution partnerships to meet the most complex challenges and secure industrial systems for organisations of all sizes across all industries. These partnerships include well known names like Cisco, Claroty, Microsoft, Dragos, CrowdStrike and ODVA, with proven cybersecurity solutions.
Siemens: Siemens offers industrial cybersecurity solutions that aim to protect critical infrastructure and manufacturing processes from cyber threats. With “Defense in Depth,” Siemens provides a multilayer security concept that gives plants both all-round and in-depth protection as recommended by the international standard IEC 62443. It is aimed at plant operators, integrators, and component manufacturers alike, and covers all security-related aspects of industrial cybersecurity.
Schneider Electric: Schneider Electric provides cybersecurity solutions designed to secure industrial operations and critical infrastructure against cyberattacks across all industries. The company’s EcoStruxure Plant is a value-focused, Industrial Internet of Things-enabled, open and interoperable system architecture that helps manage cybersecurity risk, safety risk (including environmental risks) and reliability risk, with assessment, planning, policy management and defense methodologies to counter these threats.
ABB: ABB offers cybersecurity solutions for industrial control systems, helping to safeguard manufacturing processes from potential threats. The ABB Ability™ Cyber Security Workplace is one simplified platform for security operations instead of multiple siloed security tools that helps: manage security updates, malware protection, and system backups; set alarms and get notified when increased risk exists; risk root cause analysis and remediation playbooks to identify and neutralise risks to your production environment quickly, and much else.
Honeywell: Honeywell provides a range of cybersecurity solutions for industrial environments, including manufacturing, to protect against cyber threats and vulnerabilities. Honeywell Forge for Cybersecurity provides industrial cybersecurity software and services that help protect the world’s most critical infrastructures and strengthen measures across IIoT technologies. The company has dedicated cybersecurity resources to confidently tackle cyber-related threats and challenges with unified solutions, strong domain knowledge and advanced technology capabilities.
Cisco: While not exclusive to manufacturing, Cisco provides industrial networking and cybersecurity solutions that are relevant to securing manufacturing facilities. From ICS/OT visibility to zero trust to a converged IT/OT security strategy, Cisco offers a number of tools to help end users build their own industrial IoT security ecosystem, like: Cisco Cyber Vision; Cisco Secure Equipment Access (SEA); Cisco Secure Firewall; Cisco Identity Services Engine (ISE); Cisco security service edge (SSE); and Cisco Extended Detection and Response (XDR).
Palo Alto Networks: Palo Alto Networks offers security solutions that can be applied to industrial control systems (ICS) and manufacturing environments. The company is recognised as the only leader in the Gartner Magic Quadrant for single vendor SASE (Secure access service edge), a network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions such as secure web gateways, cloud access security brokers, firewalls, and zero-trust network access. It also runs the famed Palo Alto Networks Cybersecurity Academy.
Claroty: Industrial organisations require cybersecurity to maintain cyber and operational resilience. Both objectives, however, are growing increasingly out-of-reach. Claroty specialises in industrial cybersecurity solutions, including those tailored for manufacturing and critical infrastructure protection. It delivers purpose-built cybersecurity controls that identify, protect, monitor, and optimise all OT, IoT, and BMS assets, systems, and processes in any industrial environment.
Besides these leading vendors, there are several others like McAfee, Dell Technologies, Trend Micro, Dragos, CyberX, Indegy (now Tenable), NortonLifeRock and countless others. As the cybersecurity landscape is dynamic, new vendors enter the market and existing ones evolve into niche areas. It is a large market in terms of revenue, which is estimated to be worth USD 16.2 Bn in 2022 and poised to grow USD 20.1 Bn by 2027, according to market research agency MarketsAndMarkets.
Above all, it is more like a cat-and-mouse game with the good guys engaging the bad actors continuously. According to Dr Shekhar Pawar, cybersecurity controls implementation should be changing with the times, making cybersecurity posture adopt new controls to protect organisations against sophisticated cyberattacks. With chat GPT or AI, not only companies but also cybercriminals are getting smarter. Zero Trust framework, and various such organisation level strategies are good to adopt. For big organisations, it is possible to develop a service operation center (SOC), purchase more advanced tools, or hire cybersecurity consulting to avoid being a victim of cyber threats. “These big investments can reduce the risk of being hacked. It is not the case with small and medium companies (SME or SMB), as those have limited finance, a lack of cybersecurity-skilled resources, and various other issues. Business domain-specific least cybersecurity controls implementation (BDSLCCI) cybersecurity framework-type approaches, which keep on changing more frequently based on cyber threats statistics, are one of the good options for small and medium companies,” he advises.
To sum up, what is the best way to face the menace of cybersecurity for companies in general, the manufacturing sector in particular? Here again, Dr Shekhar Pawar concludes it succinctly: As an auditor, I have seen that management is not willing to invest in cybersecurity as they are not able to understand the need and impact of not implementing it. It is evident that starting from computer numeric control (CNC) machines till OT, or even IIoT, every component present in the cyber space of any manufacturing company is more or less exposed to cyber risk. Here is the need for manufacturing-domain-specific cybersecurity controls that will not just protect information but also provide robust cybersecurity for its various digitised machines and components. BDSLCCI cybersecurity framework-type approaches can help the manufacturing domain. Basic cyber hygiene can also make a big difference, such as keeping an eye on new threats, applying security patches on time, etc. Also, regular cybersecurity audits and fixing identified gaps can help greatly.
A parting thought is neatly encapsulated by Tony Buffomante, SVP & Global Head – Cybersecurity & Risk Services Wipro Ltd, in his opening note in the Wipro State of Cybersecurity Report 2023: “The best response to continuous disruption is continuous innovation.”