Cyber Security in the Era of Industry 4.0 and Smart Manufacturing

The revolutionary Industry 4.0 initiative plays a significant role in shaping the smart manufacturing paradigm. This emerging paradigm supports and orchestrates smart factories by utilising the benefits of technologies such as Industrial Internet of Things (IIoT) which enables the interconnection of the cyber (also known as digital) and physical worlds. IIoT creates a smart network that autonomously connects shop floor Industrial Control Systems (ICS) in order to achieve a real-time communication. Thus, continuous alignment between physical and digital worlds is achieved. However, increasing the connectivity makes these ICS more exposed to cyber-attacks the consequences of which can compromise safety, productivity, profit and reputation of the targeted firms. Therefore, there is an urgent need to address the security of smart manufacturing systems.

New Manufacturing Architecture and New Threat Landscape

Manufacturing systems that adapt the Industry 4.0 vision and other similar initiatives follow a new manufacturing architecture, although this proposed architecture differs from the well-known Purdue Model. Unlike the Purdue Model, this new architecture aims to decentralise the ICS in order to create smart and connected machines. Therefore, the integration between the IT and OT via IIoT technologies is achieved throughout the production line.

Adoption of smart manufacturing technologies will enormously increase the attack vector and create a new threat landscape for the ICS environment. Hence, implementing a cyber security strategy at the early design stage can attain greater benefits and eliminate greater risks. Any strategy is required to consider people, processes and technology throughout the ICS lifecycle.

To design a secure ICS within smart factories, threat sources and threat actors need to be addressed and understood accordingly. Cyber-attacks can be launched from different sources through the network layers (IT and OT). However, there are common attacks that should be considered for smart manufacturing systems such as; Denial of Service (DoS) attacks, which aim to deny the availability of the OT assets. Man-in-the-middle attacks, where the adversary sits between the communicating industrial systems, aims to send false information to the operators or to the communicating ICS. Eavesdropping attacks that aim to gain information by passively monitoring the traffic for unsecured industrial protocols. Replay attacks, where an adversary replays false information from a legitimate traffic to the operator. Spoofing attacks that gain access to credentials. Zero day attacks by exploiting unknown vulnerabilities. Ransomware attacks that aim to prevent the accessibility of OT assets and Physical attacks, where the adversary gains physical access and is able to manipulate the OT assets directly.

The Approach

In order to address all of these challenges and the risks associated with Industry 4.0/IIoT technologies, a new strategy and approach for cyber security needs to be considered. This approach has to address the entire lifecycle of the production system, and all involved stakeholders. The cyber security approach for smart manufacturing can be developed in three main phases: Assessment, Implementation and Management. Assessment of plant threats and vulnerabilities by identifying all assets, networks, processes and people. Map them to business processes, conduct a comprehensive risk assessment, and then develop the countermeasures for all identified risks. Implementation of these countermeasures based on the business goals and risk priorities is the second phase of the approach. Finally, Management is required to monitor and update all security measures, and to detect and respond to any new threat or vulnerability.

However, applying this approach on a smart factory is not a simple task. Therefore, Regency IT Consulting has developed a consultancy tool called icsModel to help carry out this task in a systematic manner. Our icsModel consultancy tool simulates the target factory in a graphical representation (BPMN diagram) by modelling the factory’s technologies, processes, and people. The model then simulates all risks that are associated with plant components such as assets, networks, policies, etc. Lastly, the icsModel automatically runs and investigates different scenarios in order to identify the critical assets (or critical paths), prioritise the implementation of the countermeasures and manage these risks. Using the icsModel tool, customers can get the benefit of;

  • Asset Inventory and analysis
  • Vulnerability management
  • Countermeasures implementation roadmap
  • Risk management

To conclude, manufacturing systems in the era of Industry 4.0 are exposed to new risks. Factories are assumed to be temporarily safe due to the lack of experience for the adversaries in this domain. However, this state will not remain for long and manufacturing firms have to consider a long-term deployment for a cyber security programme to protect their manufacturing systems from any potential cyber-attack.

If you have any questions on smart manufacturing cyber security governance or would like to explore how Regency / Airbus CyberSecurity can help your organisation, please contact us on our office number 01242 225699 or email us at enquiries@regencyitc.co.uk