Adapting Our Cybersecurity Strategies for Industry 4.0

The content of this article is culled from the author's presentation at the maiden edition of the Cyber Security For Critical Assets (CS4CA) Canada summit. CS4CA Canada unites the country’s senior critical infrastructure leaders from major players in the Energy, Oil & Gas, Utility, Power, Water, Chemical, Healthcare & Maritime industries. The summit features dynamic presentations, case studies, panel discussions, and roundtables hosted by thought leaders from across critical industries in Canada.

Industry 4.0 - A Concept and a Paradigm Shift

Industry 4.0, the fourth industrial revolution, is a concept and paradigm shift towards digitalized and integrated smart value chains.

?"Industry 4.0" is the coinage of Siemens AG and the German government, and it was originally used to describe a future of?manufacturing where smart factories use IT technologies for the end-to-end digitalization of their processes to reap huge benefits in the form:

• Improved quality
• Lower costs
• Increased efficiency

Industry 4.0 is the digitization of operations using advanced technologies and increased interconnectivity with the end goal of operational excellence. As a paradigm shift, Industry 4.0 represents a revolutionary approach to manufacturing and production that aims to connect machines, people, and physical assets into an integrated digital ecosystem or smart value chains capable of:

• Seamlessly generating data, analyzing, and communicating data
• Making decisions based on the data without the need for human intervention

?According to Henrik von Scheel, a revered business thinker who is widely reckoned as the father of Industry 4.0:

?"It’s [Industry 4.0] about creating the next generation of operational excellence with smart automation, connectivity, and operational alignment - transforming the design, manufacturing, and servicing of products and production systems. What will come out of all of this are connected ecosystems."

Beyond the Buzzwords - Industry 4.0, Smart Manufacturing, and IoT

The terms Industry 4.0, Smart Manufacturing, and IoT are often thrown around and erroneously used interchangeably. Though these terms are related, they are not the same thing. Accurately delineating between these terms would make for better understanding.

The realization and implementation of Industry 4.0 necessitate the convergence of multiple enabling technologies and an evolving number of industry use cases.

Industry 4.0

• A concept and paradigm shift with digital transformation at its core.

Smart Manufacturing

• One of many Industry 4.0 use cases

Internet of Things (IoT)

• Crucial enabling technology for Industry 4.0

Cybersecurity and Industry 4.0: The Good, the Not-So-Pretty, and The Ugly

Borrowing some words from Sergio Leone's classic movie (The Good, the Bad and the Ugly), this section explores the business advantage, the cybersecurity challenges associated with Industry 4.0 enabling technologies, and some notable cyber-attacks.

The Good | The Business Advantage

The journey of digital transformation ushered in by Industry 4.0 presents significant opportunities. With Industry 4.0, organizations can achieve next-generation operational excellence characterized by the following:

• Lower cost
• Increased efficiency
• Improved quality
• Greater reliability

?

The Not-So-Pretty | Cybersecurity Challenges

Industry 4.0 and its enabling technologies also unravel a unique set of cybersecurity challenges. Like a two-edged sword, Industry 4.0 presents significant opportunities on the one hand and on the other hand, exposes enterprises to a new sphere of cybersecurity challenges. The implementation of Industry 4.0 ushers in the following cyber security challenges.

• Exponentially larger attack surface: This is the unavoidable result of a connected ecosystem of devices, machines, people, and industrial processes. Oftentimes, many of these devices require internet connectivity. It is a security challenge cybersecurity teams must respond to while enabling business objectives.
• ?Data security complexities: As organizations transition from traditional "old-school" linear supply chains to a networked supply chain, the business focus is shifting from cost reduction to the resilience of the supply chain. In support of resilience, the priority has become leveraging technology to enable visibility of the supply chain at every point, with suppliers having real-time access to organizations' demand and inventory. This increased need for data sharing between manufacturers, distributors, OEMs, suppliers, and third parties opens up significant data security challenges. "What kind of data can be safely shared without compromising competitive advantage?" "How do organizations securely share this data without compromising confidentiality requirements and allowing unauthorized access?". Moving away from the supply chain industry, the Green Button initiative in the utility industry is also leveraging industry 4.0 concepts to drive increased data-sharing integrations between utilities, their consumers, and third-party providers of energy-saving applications. This innovation introduces new data security challenges as more parties access customer energy usage information.
• ?Expanded scope for supply chain risks: As organizations enjoy the benefits of adopting digital supply networks and networked supply chains, they must also contend with an expanded scope for supply chain risks. The technologies (e.g. IoT) that enable the digital transformation of Industry 4.0 often piece together different components from diverse suppliers. This makes the issue of supply chain risk management much more pertinent.
• New risk frontiers: Physical risks can be realized from the interactions of cyber-physical systems used to implement Industry 4.0; hence, prudent risk assessment must go hand-in-hand with the safe implementation of Industry 4.0 technologies. Another scenario is the expanded use of consumer IoT technologies that capture and process potentially personal information related to humans. This requires more thoughtful considerations of potential privacy risks.

The Ugly / Notable Cyber Attacks and Vulnerabilities

Having explored the competitive advantage (opportunities) and cybersecurity challenges Industry 4.0 presents, we now look at notable real-world attacks and vulnerabilities against a key technology that enables Industry 4.0 — the Internet of Things (IoT). The infographic below summarizes five major incidents that show that cyber threats are real and nearby. It is an important reminder that technology leaders must be prudent in adopting emerging technologies that drive their digital transformation journey.

With this infographic, I close the first (1st) part of this article series.

Up Next

In the second (2nd) and follow-up article, I will:

• Focus on a secure and trusted IIoT platform as the backbone for safe and secure Industry 4.0 digital transformation in the industrial space.
• Explore pain points with securing Industrial IoT and emerging smart practices for effectively managing cyber risks arising from the use of Industrial IoT.

About the Author

Uno Okon is a Certified Information Security Manager (CISM), and cybersecurity thought leader. As a Cybersecurity Consultant with extensive cross-functional IT experience, Okon provides cyber risk advisory services to Senior Technology and Business leaders at a leading midstream energy company. Okon is keenly interested in Cyber Security Governance and Program Planning, Security Assessments, Security Architecture and Infrastructure design, Industrial Networks, SMART Grids, and IIoT.

Outside the workspace, Okon has acquired valuable Board-level governance experience as a Board Intern at a top-rated charity (Bissel Center) focused on poverty alleviation. He has served as a Director (Board Member) at an Edmonton-based Social Enterprise and led organizational restructuring initiatives at another Downtown Charity.