Fourth Industrial Revolution: Putting Security First is Key to Success

The Fourth Industrial Revolution (4IR) has the potential to reshape regional and global value chains. Characterized by an intelligent and connected ecosystem of people and machines, the 4IR is underpinned by five emerging technologies. These are: Internet of Things (IoT), Artificial Intelligence (AI), 3D Printing, Advanced Robotics and Wearables.

Of these, IoT has been talked about for perhaps the longest period. As my colleague Liz Centoni points out in her blog, the term was first coined in the 1990’s to describe a range of interconnected sensors. There have been huge advancements in the technology since then, with companies today connecting not just sensors, but a range of other operational equipment and devices to their network.  

While this has the potential to help companies gain valuable insights into their operations, improve productivity and unlock new growth opportunities (see figure below), it also presents a new set of challenges, not least on the cybersecurity front.

As more devices and operational equipment get connected to the internet, hackers and malicious actors have more options to launch their attacks. The end points in an IoT network, especially in non-industrial environments, often tend to be unsophisticated devices making it easier for attackers to hack the network.

Even industrial environments, where the end points are likely to be more sophisticated, are seeing an increase in cyber attacks on their operational infrastructure. According to a recent study by Cisco, 30 percent companies across Asia-Pacific, Japan and China have already had an attack on their operational infrastructure, while 50 percent expect such an attack to take place in the future.

Securing the value chain

This has huge implications for companies. To be able to better protect themselves, companies need to ensure they secure their entire value chain and have no weak links for hackers to exploit. 

Take manufacturing sector as an example. Any company in the sector has multiple layers in its network, ranging from the physical factories to production lines, warehouses and logistics operations as well as support functions like procurement, finance, human resources etc.

All these, in turn, use multiple (often proprietary) technologies and devices which are connected to each other. The devices operating systems and software protocols vary greatly in sophistication. For example, a closed-circuit camera, a centrifugal pump or a laptop may all would have widely varying cybersecurity protocols .

That is why it is important that their security posture has three key elements:

1. Visibility: This enables them to see everything with complete oversight of users, devices, networks, applications, workloads and processes.
2. Segmentation: The ability to segment the network helps to prevent the attackers from moving within a network even if they manage to break in. This is crucial to safeguarding the most important parts of the network where sensitive and business critical information and data may be stored. 
3. Threat Protection: The ability to stop a breach by quickly detecting, blocking and responding to attacks before hackers can disrupt operations.

On June 6, 2019, Cisco’s announced its intent to acquire Sentryo, an Industrial IoT cybersecurity company that provides asset visibility and security solutions for industrial control system (ICS) networks. We have previously partnered with Sentryo to incorporate Sentryo’s Edge Sensor into Cisco industrial networking hardware and enable organizations to secure their industrial environments.

From an ASEAN perspective, I am excited about the potential this brings. Companies across the region view IoT as a key technology that will shape their future. However, as a minimum, they do want to ensure that technology adoption is secured. Cisco's acquisition of Sentryo is a good case study to demonstrate how to seamlessly integrate cybersecurity into networking and routing: instead of purchasing an industrial PC or running an app at a network operations centre (NOC), and having to backhaul all the data, customers can simply run Sentryo ICS CyberVision on their Cisco IE 4000 at the network edge.

Our work with independent strategy consultants, A.T. Kearney, has shown that this strategy is paying off. Industry 4.0 value chains are complex. There are segments where there are just a few players with proven technical ability (like Cisco in the networking and cybersecurity domains) and other segments of the value chain that are highly distributed (e.g., IOT applications). This value chain complexity is leading to paralysis or slow adoption of digital transformation projects in manufacturing, in part driven by the fear that day-to-day operations will be disrupted -- causing shortfall in manufacturing output. Ensuring networking and security are integrated into simple solutions that can be applied into the industrial environment, will enable industrial companies to take their first step to access secure connectivity and thereby automation into the manufacturing environment.

Scaling up

In addition to making cybersecurity foundational to their 4IR efforts, manufacturers must adopt an iterative and bifocal approach.

They should aim to addresses specific pain points in the near-term and have a long-term vision to guide the development of a strong partner ecosystem, robust infrastructure, and organizational enablers. Specifically, there are six steps they should look at:

• Focus on critical pain points: Identify the immediate problems they want to address
• Identify the right technology use cases: Avoid being dazzled by the hype of new technologies and force-fitting superfluous solutions. Instead, understand how a problem needs to be solved and the available 4IR use cases that can be part of the solution
• Conduct collaborative sprint-based pilots. Co-create solutions with vendors, and test and learn in pilot sprints with fit-for-purpose governance
• Build a partner ecosystem: Choose an appropriate partnering strategy that aligns with their long-term vision
• Establish scalable infrastructure: This should focus on four aspects: a reliable and scalable connectivity infrastructure, intelligent cybersecurity, a universal IoT platform, and integrated resource and manufacturing planning systems
• Sustain the transformation momentum: This can be achieved by having in place enablers like a proper digital transformation strategy, clearly defined capabilities and metrics, and process redesign with emphasis on continuous improvement efforts

This approach, coupled with the right security posture, will ensure they reap the benefits of the 4IR technologies and keep the malicious actors at bay.