Overcoming the security challenges of Industry 4.0
- Lani Refiti, ANZ Regional Director at Claroty
The Covid-19 pandemic has impacted every industry in very different ways. The need to maximise remote working has been universal, but certain industries have seen demand for their products and services surge; while for others, demand has diminished to virtually zero in some cases.
Manufacturers with heavily digitised and sophisticated operations were well-placed to manage both the transition to remote working and the demand fluctuation for their products and services.
They were able to rapidly pivot from in-person to remote working, and to spin up production of high-demand goods such as hand sanitisers, personal protection equipment and ventilators.
Meanwhile, manufacturers with less sophisticated operations found themselves scrambling to react.
The technological capabilities that enabled manufacturers to successfully adapt their operations during Covid-19 can be summed up in one phrase: Industry 4.0, the next generation of manufacturing technology.
The concept was conceived in Germany as Industrie 4.0 and made its debut at the 2011 Hannover Fair. It has come a long way since then and means different things in different countries.
The Australian Government says, “Industry 4.0 is transforming how businesses operate by connecting the physical with the digital world.” It gives as examples, “Artificial intelligence, advanced automation and robotics.”
Industry 4.0 embraces machine-to-machine communication, human-to-machine communication and the idea of a connected ecosystem that links customers, supply chains and production facilities.
It enables real-time communication to ensure smooth operation of supply chains, the tailoring of supply to meet demand and, in more advanced versions, the concept of direct control of production according to demand.
Industry 4.0 has increased manufacturers’ flexibility, competitiveness and their ability to exploit new market opportunities.
Industry 4.0: where IT meets OT
However, there is a major hurdle to realising the vision of Industry 4.0, one that manufacturers have struggled to overcome since before the concept even emerged: how to integrate their operational technology (OT) – the often-legacy equipment that controls and monitors manufacturing facilities and industrial environments – with more modern information technology (IT) — the computer systems that manage stock control, ordering, invoicing and logistics via internet-connected applications.
The integration of IT and OT has enabled production systems to be better managed and operated remotely. It has enabled manufacturers to automate certain functions, save resources, and respond more quickly to changing business priorities and customer requirements.
But the worlds of OT and IT have evolved separately over the course of decades. For a start, OT was developed long before the internet came into existence and was never designed to be connected to it. Therefore, marrying the two brings many challenges.
The rapidly evolving world of IT is dominated by a few international and de-facto standards. It is very different to the world of OT, where proprietary protocols and legacy technologies that have changed little over many years are extremely common.
The security tools that were designed to protect IT systems from the dangers of the internet are unable to access and therefore protect OT networks. The cybersecurity specialists who work with IT are not familiar with OT and its security features either.
Also, there are limitations to what can be done to secure legacy OT environments. Bandwidth on many OT networks is limited, so monitoring these networks with IT security tools and techniques can actually disrupt operations. This can have disastrous consequences for manufacturers that can’t afford to have any operational downtime.
As a result, many manufacturers are simply going without the proper security tools to manage their environments, leaving themselves exposed to attack.
How manufacturers can turn up the dial on cyber security
Effectively securing integrated OT/IT systems demands a new approach that comprehensively addresses all of these challenges to provide robust and holistic security.
An essential first step is to segment the network so there are no unnecessary pathways. In the infamous breach of retail giant Target, attackers gained access to eftpos terminals through a system set up to monitor air conditioners. Similarly, a casino was hacked in 2017 through its aquarium temperature monitor, a simple device that didn’t need to be connected to the internet.
Secondly, tools must be deployed that can identify all connected devices on the OT network and build a comprehensive inventory. Manufacturers must be able to gather the necessary data from all devices and map their communication pathways: if you don’t know what you have, you can’t protect it from attack.
The security ‘toolbox’ also needs to include monitoring tools that maintain an updated list of all known threats and look out for any signs of these on the networks they monitor.
Another equally important defence strategy is to deploy tools that constantly monitor the network to establish a picture of what normal behaviour looks like, detect any change in behaviour, and flag this for investigation as a possible attack.
And, particularly in a pandemic-affected world, all these tools need to have their full functionality available via remote access. This of course poses a new security challenge. So manufacturers should invest in tools that enable secure remote access for OT, which provide comprehensive protection against unauthorised access, and track and audit all access attempts.
None of this is wishful thinking. All this functionality is available from today’s security technologies. They enable any organisation to realise the potential of Industry 4.0, despite Covid-19, and be ready to take advantage of future Industry 4.0 functionality and the new opportunities that will emerge when the pandemic becomes a thing of the past.
For more information on security tools for the manufacturing sector, visit www.Claroty.com