Is Cyber Security Slowing Down Industry 4.0
We live in a society that is dominated, if not dictated by, computers and their omnipresent and ever-developing systems. In an age of technological thirst – easier Internet access ultimately means simpler access to the information we want or need to go about our day – it’s no surprise that we are, in turn, releasing an increasing amount of data into the digital space.
Such thirst for the latest gadgets and computer-based programmes means a rise in the cyber security systems needed to protect them. But is the protection of security compromised via Internet-connected systems – such as software, hardware and data – actually slowing down industry 4.0? If that’s the case, why does it matter?
For the consumer, personal information may be increasingly under threat – and for the manufacturer, a new operational risk is duly posed if the swift rate at which devices are produced is to continue.
Security, vigilance, resilience and seamless integration into an organisation’s strategy are earmarked by Deloitte as four key considerations when it comes to cyber security in the age of Industry 4.0.
According to Deloitte: “The interconnected nature of Industry 4.0–driven operations and the pace of digital transformation mean that cyber attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks.”
Cybersecurity and the manufacturing industry
For us to better understand the risks associated with cyber security, let’s look at some examples within the manufacturing industry.
The Manufacturers’ Organisation states that ‘nearly half of manufacturers have been the victim of cyber-crime, with the sector now the most targeted for attack’.
The information comes via a dedicated report, carried out by The Royal United Services Institute (RUSI) and published in 2018.
It suggests manufacturers are highly susceptible to cyber risk, adding that just over 40 per cent of companies ‘do not believe they have access to enough information to even assess their true cyber risk’.
Confidential data gleaned
Manufacturing.net highlights a targeted cyber attack in Japan. The incident saw a Chinese hacking group known as ‘Bronze Butler’ hone in on heavy industry as early as 2012. Focusing its efforts onexfiltrating IP, alongside other confidential information, it targeted companies in manufacturing and critical infrastructure to name just two sectors. Meanwhile, Computer World states that an attempt to steal blueprints and IP were also made in Korean electronic manufacturing firms.
During the latter attempt, ‘a new stealthy backdoor program that gives attackers full access to infected computers’ was put to task. Dubbed ‘Duuzer’, the malware is not exclusively utilised against South Korean targets.
However, Computer World reports: “…it does seem that the hacker group behind it have a preference for that country's manufacturing industry, according to security firm Symantec.”
How does Duuzer work? At the point that a computer is infected with the malware, the attackers then hide it by searching for an existing application, before mimicking it. On top of this, researchers at Symantec have discovered evidence that the malware is related to Joanap and Brambul – two other malware threats that have been used in South Korean organisations.
In the UK alone, the manufacturing industry was the most targeted sector for cyber crooks in 2017, according to Silicon.co.uk. China was the source of well over 80% of all attacks, with technology organisations coming a close second when it came to suspicious activity. The reason for that is simple: an increasing use of advanced tech.
Investment in digital technologies is halted by cyber threat
The result of such attacks is a widespread nervousness when it comes to online developments. A third of those surveyed in the Symantec report said they were worried about digital improvement, adding fuel to the fire that cyber threat could well be halting companies when it comes to investing in online-based technology.
The right technical and managerial processes also need to be put in place in a staggering 12% of manufacturing companies, according to the results of the survey. In turn, this would help companies better assess their cyber risks.
How can companies protect themselves and their assets?
In companies – whether in the manufacturing arena or otherwise – poorly protected office systems are deemed the most likely to be attacked. What it comes down to is the enforcement of good practices – and thankfully for manufacturers, there’s a publication which explains how companies can take measures to protect themselves and critical assets.
It’s been developed by ENISA – the European Union Agency for Network and Information Security – and it details good practices for the security of Internet of Things in the context of smart manufacturing.
There’s no denying that industries which utilise Internet of Things and Industry 4.0 solutions need to improve cyber security before it’s too late. A firm’s physical security is just one area that can be compromised, resulting in an impact on production and even meaning spoilage of products or equipment.
Steve Purser, Head of Core Operations Department at ENISA, said: “With a great impact on citizens’ safety, security and privacy due to its cyber-physical nature, the security challenges concerning Industry 4.0 and IoT are significant.
The ENISA study addresses such challenges and offers firm foundations from which companies can strengthen their own security.
Investment in cyber security ensures industry can continue to thrive
The bottom line is the threat of cyber security is posing a risk to developments in the manufacturing industry – but there are a number of steps companies can take to reduce the risk of an attack.
First, organisations should assess what kind of information they hold. A dedicated cyber security specialist can even partner with firms to implement testing. This puts manufacturing companies forward for
real-world cyber attack scenarios, in a bid to see how systems are equipped to handle them.
Once a firm has got to grips with the type and magnitude of data they hold, they should take time to understand why they possess it and with whom they need to share it with.
Do they also understand how it might affect the business if such data was compromised? Financial loss is just one downside to a potential attack; a company’s reputation may also be at stake – as is the effectiveness of day-to-day operations.
Next on the list is to work out who your business might need to protect the information from. By identifying the risk and understanding any threats to your data, companies can put the necessary steps in place to protect it. Threats can come from anywhere – the supplier chain, a ‘hacker’, even internal staff.
By identifying and managing any vulnerable areas or systems within the business, companies can ensure the chances of an attack are as low as possible. In making themselves a difficult target, they are protecting their assets – and their company.
Next, the business owner should mitigate their company’s risks, one by one. They should work out what might be the biggest threat – call it a worst-case scenario, if you like – and have a plan in place if a cyber-attack threatens to halt production. Once they have ascertained how much protection they may need, they should make sure it is effectively
implemented.
As cyber attacks are a very real threat to manufacturers globally, here are the key reasons you’ll want to put precautionary measures in place:
- To give clients and suppliers peace of mind that your security is up to speed and attacks are reduced
- To reduce the possibility of an attack taking place – thereby reducing operational downtime and financial burden
- To give yourself and your employees the reassurance they need; should an attack be imminent, you are more than ready for it
The key is to be cyber-aware and act swiftly at the first sign of an attack. By putting the right measures in place now, you could be saving yourself time, money and managerial and operational headaches later.