By Mirko Brandner, technical manager, Arxan Technologies
If you attended this years’ Hannover Messe, the leading international trade fair for industrial technology, you will have seen fully developed “Industry 4.0” techniques on demonstration. Coined at the Hannover Messe five years ago, Industry 4.0 represents the fourth industrial revelation, driven by data and automation.
This futuristic idea has now become a reality and these new techniques are leading the way to a fully digitised, intelligent manufacturing plant. Mobile ultrasound measuring devices for foresighted machine maintenance, smart liquid analysis, driverless forklifts and even collaborating robots – these were just a few of the new systems and equipment on show.
To remain competitive, companies need to embrace digitisation. The fusion of IT and automated engineering has resulted in intelligent collaboration of all components involved in the production process, this promises an increase in efficiency, flexible resource management and the individualisation of mass production.
The increased risk of connectivity
With the high number of sensors required and such a huge amount of data being shared between these automated machines as they work, there is the increased risk of cyberattacks. As more and more processes become automated and factories become more connected, the points at which a cybercriminal can access the system also increase.
Once access has been gained the hacker can interfere with equipment and processes, causing anything from a temporary hold up in work flow to a complete systems shut down. Any corporate data which is held is also vulnerable to being accessed. Connecting machine tools to a network or cloud-based application creates a number of vulnerabilities, which are often overlooked.
For example, network connections installed in a CNC may require a firewall to block unauthorized access while permitting outward communication. Machine tool data is especially sensitive because it involves critical information about product design.
Some modern factories have been designed with more refined production facilities and stronger protection through advanced monitoring and alarm systems. Most existing industrial facilities however were not designed to connect to the internet or to be compatible with IoT, nor were they developed with a focus on IT security.
The risks faced by smart factories became very real in 2010 when a uranium enrichment centre in Iran was infected with a computer worm called Stuxnet, and again in 2014 when cybercriminals manipulated a furnace in the German steelworks and were able to shut it down.
Rethinking IT security
For companies to benefit from Industry 4.0 in the long-term and use it to their advantage, it is essential for them to invest in technically upgrading their production facilities and also to refresh their existing IT security standards.
Traditional methods of security must still be maintained to protect against traditional threats, but they need to be adapted to stay effective against the new wave of digitisation and must be supplemented by new and innovative methods of defence. It is well known that traditional anti-virus and anti-spam solutions, firewalls and static encryption programs may not offer enough protection, nevertheless, effective security measures directly inserted into applications are extremely valuable.
What the industry needs are security solutions that strengthen single application and embedded systems and enable them to self – protect against tampering, reverse engineering and malware insertion. There are equal needs for high accessibility of critical data and system one hundred percent of the time, and robust security controls.
If all machines involved in the manufacturing process were able to intelligently identify threats and defend themselves, the security of smart factories could be more assured.
Digitisation has progressed rapidly in our very connected world and has found its way into factories. We are now facing ever-increasing levels of vulnerabilities that lead to breaches, so it is now all the more important that companies are aware of their responsibilities and design their cyber security concepts with a focus on the security of industrial plants and their software as well as forms of malware. Only when this has been achieved can the digitised, automated future of Industry 4.0 succeed.