Cybersecurity in the era of Industrial Digitalization

The digitalization of industry and the advent of the fourth industrial revolution are opening new horizons to enterprise competiveness in areas such as manufacturing, logistics, oil & gas and energy production processes. In particular, the deployment and use of cyber physical systems in production plans, enables digital automation, highly flexible production lines, along with quality improvements and efficiencies in the shopfloor. Furthermore, it is expected to lead to unprecedented optimizations in the supply chain, as plants are gradually becoming digitally connected, which facilitates seamless flow of information and enables novel collaborative models of production.  Nevertheless, this new era of digitization comes with a host of security challenges that relate to the cyber security of a plant’s digital elements and to the trustworthiness of the supply chain interactions across plants.

Cybersecurity Challenges in the Digital Industry

As production systems become connected between themselves and with IT systems, they are becoming more vulnerable and susceptible to cybersecurity attacks. It is no accident that during the last couple of years, cybersecurity incidents in factories are on the rise. For example, recent reports underline that approximately 48% of manufacturers have suffered cyber-attacks, while half of these attacked organizations suffered considerable financial and business loss. According to the same reports, manufacturing is currently the fourth-most targeted industry, behind only finance, technology, and business services. The monetary value of these losses for 2016 has been estimated to more than $3B and appears increased during the last two years. As a prominent example, pharmaceutical manufacturer Merck payed a price of more than $310M due to a shutdown in production following a cyber-security attack.

One of the main reasons why manufacturers and other operators of industrial plants are vulnerable to cyberattacks is the fact that they employ old versions of IT systems, which do not have the latest security patches. For example, old fashioned Windows XP systems are commonly found in industrial PCs within production plants. Some of these systems can hardly be updated to resist modern cybersecurity attacks.

From a business perspective, adversaries main target is to steal intellectual property and trade secrets, which fall in the realm of espionage and cyber-crime. This is for example a primary goal of the vast majority of malware attacks against factories, which attempt to steal secrets or proprietary data. In this context, cybersecurity attacks can have severe consequences on the business: Stolen IPR has usually catastrophic effects for a brand. For instance, stolen IPR opens a backdoor for counterfeit products that damage both the manufacturer’s revenues and its reputation.

Guidelines for Fighting Cybercrime

In order to alleviate cyber-threats and to avoid cyber-crime, plant owners have to implement a proper security policy for their production facilities and for their supply chain interactions with other plants.  To this end, the following guidelines should be taken into account:

• Integrated physical and cyber-security: Modern plants of the Industry4.0 era are operating based on Cyber-Physical Systems, which have both a digital and a physical part. This asks for a convergence of IT and OT (Operational Technology) security mechanisms in order to protect not only digital automation applications, but also the physical devices of the plant. Moreover, there is also a need to deal with physical security (e.g., controlling access to the plant, protecting financial and product records physically) in addition to protection against cybersecurity attacks (e.g., malware, Trojan horses, denial of service attacks). This is because a physical security attack (e.g., physical access of an adversary to a device) renders useless any cyber security measures such as encryption and authentication. In some cases, plants are likely to face hybrid cybersecurity threats such as attacks against smart doors, networked cameras, locks and alarms. Overall, an integrated approach to physical and cybersecurity is required, to replace today’s model where physical and cyber security concerns are considered in isolation from each other.
• Alleviating the security vulnerabilities of legacy IT systems: Nowadays, there is still a host of legacy IT systems in plants. Legacy systems are major sources of security vulnerabilities, not only because they do not employ advanced cyber-security features, but mainly because they are not properly updated (e.g., patched, updated to proper OS version) with security features. This provides fertile ground for hackers, who are usually proficient in exploiting the known vulnerabilities of older systems. To make things worse, vendors and automation solution integrators cannot always update legacy systems, given that the latter are tied to some certification that will be lost if these systems get updated. As a result, plant owners need to identify, document and protect legacy systems as a matter of priority.
• Specify and implement usage control policies for plant data: In the scope of modern production facilities, digital data are made available to supply chain stakeholders with different business roles and varying industries. These stakeholders gain therefore access to very critical data assets such as customer and production data, as they move outside enterprise boundaries in support of collaborative production operations. In this context, it’s very important to authenticate and authorize whoever has access to these data, while controlling what portion and volume of data is provided to whom. This is currently overlooked by state of the art digital automation solutions that do implement fine grained control over production data.
• Reliability and availability of connected production systems: As outlined, several of the security related financial losses for manufacturers stem from downtimes, which underlines the need for high-availability (i.e., ensuring operational continuity) of the production facility. Nevertheless, in the context of a digital and interconnected supply chain, reliability has also the dimension of strict data integrity guarantees, when multiple independent organizations are involved in the same data-driven process. Reliability becomes even more challenging when considering the fact that disruptions in one production facility could have an adverse impact on another stakeholder of the value/supply chain. Therefore, there is a need for orchestrating and synchronizing processes and systems operated by different plant operators (e.g., different factories or supply chain stakeholders) in order to ensure that data integrity is ensured at all times.
• Securing decentralized systems: Securing connected production systems requires strong security for many different elements at various levels (e.g., production systems, IT systems, automation devices), which extend across a supply chain. Centralized security systems and approaches fall sort in such context and hence it is recommended that decentralized solutions (such as blockchains) are investigated.

Overall, as production systems and facilities get connected, the cybersecurity challenges to be addressed increase in number and sophistication. State of the art cyber security solutions when used “out of the box” cannot sufficiently address the challenges of collaborative production environments. Industrial organizations cannot however afford to ignore these security challenges. Rather they have to invest in novel, more integrated and decentralized solutions that address physical and cybersecurity concerns at the same time. Fortunately, state-of-the-art security technologies such as analysis of security related BigData and blockchain based approaches for securing decentralized systems could be two of main pillars of such decentralized solutions.