Industry 4.0 (also known as the Fourth Industrial Revolution) promises to bring increased levels of automation and interconnection to manufacturing. Proponents suggest that it should increase efficiency and adaptability to allow for more customizable production.

Indeed, for manufacturers in Industry 4.0 means connecting machinery, process instrumentation, sensors and employee devices (often wireless) to the cloud and IP networks. These myriad connections will be a driving force behind the mountain of new data enterprises to analyze and protect. They are also the source of a growing array of vulnerabilities that include cyber theft, attack and vandalism.

According to IHS Technology, the global industrial automation industry is on track with an estimated growth of $209.4 billion in 2016, up from $170.2 billion in 2013. Furthermore, enterprises will spend over $235 billion on cloud architecture and services by 2017 - more than triple the $78 billion spent in 2011 according to an IHS Technology report. This growth in investment underlines the accompanying risk that manufacturers face as their businesses become more data dependent.

"Very Real Threat"

A recent IBM report with Ponemon Institute examined security breaches through a survey that included 61 companies in 16 different industries. The report found that the average organization in 2014 paid nearly $6 million to deal with security breaches. Companies that experienced data breaches were more likely to lose customers and face an increased cost of lost in business. The study also found that the majority of data breaches came as a result of malicious or criminal attacks rather than human error or system glitches.

Marc Blackmer of Cisco Industry Solutions team says that data security in industrial automation represents a huge issue.Marc Blackmer of Cisco Industry Solutions team says that data security in industrial automation represents a huge issue.While many recent attacks have focused on the public and financial sectors, the manufacturing industry is not immune. Marc Blackmer of Cisco’s Industry Solutions team says that data security in industrial automation represents “a huge issue.” He points to a 2008 oil pipeline explosion in Turkey and a German steel mill that was damaged, both as a result of cyberattacks. “Particularly in manufacturing,” Blackmer sats, “data kinetic attacks (attacks originating in cyberspace that have resulted in the physical world) pose a very real threat” to manufacturing.

A number of professionals tasked with enterprise data security agree with the assessment that a real (and potentially costly) security threat exists to industrial automation. Michael Assante and Tim Conway, both with the SANS Institute that specializes in cybersecurity and information security training, point to a growing list of cyberattacks. As early as the 1990’s, unwitting workers logged into their company computers and accidentally set in motion viruses and software worms. The Nimda virus in the early 2000’s caused widespread network delays and difficult recovery efforts. Assante and Conway add that they also see a trend away from threats that merely disrupt automation systems and toward ones that are capable of causing physical damage and safety concerns.

Part of the difficulty in containing these threats and mitigating their effects is that they come from multiple sources. IT security managers cite malicious third-party attacks and accidents but also point to the less obvious sources. Mike Hannah, commercial program manager for The Connected Enterprise at Rockwell Automation, says “manufacturers need to protect their assets from the ‘good guys’ as well – employees, vendors and those looking to help the process.”

To examine potential cybersecurity solutions for the big data generated by automated manufacturing, the idea of just-in-time (JIT) supply chains also must be addressed. JIT (and automated manufacturing) relies on intelligent systems that detect errors during production, then stop and fix those problems before resuming production. JIT supply chains also function on the idea that stored inventory is something of a waste of resources and act to eliminate extra inventory as a fallback option for manufacturing. A disruption to JIT supply chains – including those stemming from cyberattacks – can produce a ripple effect across the entire enterprise.

To provide context, Blackmer likens an attack on a JIT supply chain to a traffic light incident in Los Angeles in 2006. Two traffic engineers who were part of a labor dispute with the city, slightly lengthened the timing of the red light at major intersections. Over time, this caused massive traffic jams. Blackmer says that attacks on supply chains could be similar: attack the progress in such a way that they don’t trigger alarms and are difficult to diagnose. Eventually, the entire organization’s processes, revenues and even its reputation may be affected.

Slowing the tide of incoming real-time data, impeding an organization’s ability to adequately support customers or disrupting its ability to prepare operations effectively breaks the supply chain. If the wrong people gain access to vital data, the entire manufacturing supply chain can be affected, in addition to individual facilities.

Less Leeway

As Toby Colquhoun, senior analyst, Discreet and Process Automation at IHS, says, “automation guys care about system uptime.” Broken supply chains mean system downtime, a manufacturing plant operator’s worst fear. Because of the way JIT operates, Colquhoun says “there is less leeway when things go wrong,” such as during a cyberattack.

Preventing all cyberattacks is impossible, especially as the volume of data and number of access points continue to rise.. But it may be possible to equip an organization with security measures designed to mitigate the effects of cyberattacks. The name of the game is holistic.

Since Industry 4.0 and JIT chains work on using a system of automated checks and balances geared towards efficiency, effective cyberattacks focus on data transmission from these systems. Cybersecurity efforts must focus on detecting changes caused by cyberattacks, however small.

Blackmer says that the threat of cyberattacks can be mitigated with encryption and role-based access controls. He also says that the base of any cybersecurity system needs to be in “constant monitoring for evidence of changes or other anomalous behaviors on the network with application and operational data to look for indicators of compromise.”

The Three "A's"

Hannah’s solution is similar and uses what he labels “the three A’s.” He says a strong cybersecurity solution must “account for who has access to the network, account for specific uses at different authorization levels and account for what users are doing.”

As explained in an article at the Industrial Distribution magazine website, organizations with established security policies and procedures can still face challenges from their internal culture. Many organizations do not emphasize to employees that cybersecurity measures are vital. Measures and policies that offer protection may exist but they are not followed strictly. It’s a sort of complacency that may only be addressed through training practices and by ensuring that workers at every level comply with and understand the need for security measures.

Indeed, a Wombat Security-commissioned research report asserts that one who consistently underutilizes the approach to cybersecurity is a very human one. The report found that “an investment… in training effectively changes behavior and quantifiably reduces security-related risks by 45-70%.”

Helping managers to understand the myriad connections their workers create on increasingly complex networks is an extension of the increased training philosophy. This includes understanding the various types of data – by using deep packet inspection, for instance – certain devices and employees send across the network and sharing that understanding across the entire supply chain. It also means ensuring that manufacturing plant employees understand security risks and helping suppliers and delivery companies understand that their interactions could compromise the entire operation. Understanding the data – where it is coming from, how it is produced, who produces it and who has access to it – is essential.

Assante and Conway say that “increased data visualization for operators” will help but adding that advancement in cybersecurity systems will require control system engineers to becoming "more involved in understanding and managing cyber risk.”

The transition to Industry 4.0 will likely require changes to existing factory equipment and to automation systems – changes organizations will make over time. Ideally, this transition will allow organizations to develop greater expertise in analyzing data and creating actionable insights from that data.

IHS's Colquhoun says that future automation equipment "will be more secure by design and as equipment is refreshed, the expense on cybersecurity hardware, software and services will go down." That day, he says, remains 10-15 years in the future.

Question or comment about this article? Contact an editor: