IT security plays an important role in the fourth industrial revolution. Find out here how you can recognize dangers and avert them with confidence.
Industry 4.0 not only offers companies enormous growth potential, but also entails risks that should not be underestimated. We will show you how you can recognize these dangers and prepare yourself optimally for them.
Industry 4.0 – A Definition
In recent years, progressive digitalization has set in motion a process that, following the inventions of the steam engine, assembly line and computer, has triggered the fourth industrial revolution: In the long term, smart factories will become established everywhere. While large companies, e.g. from the automotive industry, have taken on a pioneering role in ultra-modern production methods, more and more medium-sized companies are also confronted with the topic of Industry 4.0.
What Makes Industry 4.0 Special
The term “Industry 4.0” originates from a project in the high-tech strategy of the German government, which promotes the computerisation of manufacturing. Mainly because the entire manufacturing industry is facing a turn of an era: While the invention of assembly lines and software innovations have made a highly efficient series of production goods possible, it is now conceivable to respond more and more to individual customer requirements. A production line no longer produces just one car model, but five at the same time – each in infinite designs.
The realisation of this flexibility requires an ever-increasing degree of networking. Formerly isolated Industrial Ethernet networks (internal production) are now connected to other IT systems or even the Internet. Furthermore: The various elements in these systems (machines, computers and control elements) can communicate, act and produce independently. Automated just-in-time production along the entire value chain also influences the supply chain management of companies – the entire path from the raw material producer to the end customer runs through a coherent, permanently monitored system.
Industry 4.0 In Production – Opportunities for SME’s
Networking of the entire production leads to the fact that friction losses between the different production steps are avoided. Machines work together more resource-efficiently. Complete transparency through modern monitoring and analysis tools enables companies to identify sources of error faster, but also to adapt production to changing market conditions at short notice. Customer requests can also be prioritized much more cost-effectively and implemented in a schedule created by the system itself.
Industry 4.0 – Three Sources of Risk
The handling of IP-based networks is not new for companies, however in recent years the connection of systems to the Internet has played an increasingly important role. For example, internal processes are linked and synchronised with external data or remote maintenance of production plants is made possible. Step by step, the so-called Internet of Things is created, which not only makes home heating controllable via smartphone, but also machines. The entire production can be optimised without great effort, e.g. by a permanent analysis of the system, simplified maintenance options, the integration and monitoring of the entire value-added chain as well as a quick reaction to changed conditions.
However, increasing networking poses considerable risks for data security and for the security of the production chain itself, as industrial espionage and sabotage is thus also possible at the click of a mouse. In recent years, cyber-attacks on Australian companies, presumably mainly from the Far East, have consequently continued to increase. Three reasons why attackers often have it way too easy:
Risk 1: Insufficient Safety Precautions
A weak point exists in companies inadequate IT security precautions. Firewalls and VPN’s are basic requirements for secure operation. Firewalls can be used to segment networks into subnets and regulate access between different areas. VPN’s enable authorised persons to securely access a protected network via untrusted networks, e.g. for remote maintenance via the Internet into the internal network.
However, firewall and VPN software do not provide 100% protection against external access. The danger of security gaps remains because, for example, the subnets have not been sufficiently isolated from each other. Modern malware slips through these security holes. Advanced Persistent Threats (APT) are targeted, long-term attacks on an IT system. These are (at least still today) carried out by a human attacker.
Risk 2: Mobile Devices – Gateway To Cyber Attacks
Another gateway for malware are mobile devices. More and more often employees work on their tablet, notebook or mobile phone. These devices require Internet access at least during the update process. There is a risk that the end devices could become infected with malware. If these end devices are then connected to the internal company network, the malware can bypass the firewall’s protection mechanisms and infect parts of the system.
Risk 3: Full Liability In The Absence Of Data Protection
With the commencement of the IT Security (ITSiG) Act coming into force, companies operating critical infrastructures are obliged to better protect their systems and facilities against cyber-attacks. Companies from the fields of energy, information technology, telecommunications, health, water or nutrition are particularly affected. These must report IT security incidents and prove every two years that they meet the legal requirements in accordance with the state of the art. If entrepreneurs or operators of companies that do not meet these requirements, they can already be held personally liable today in the event of a security incident due to a lack of risk provisioning.
Security Monitoring – Effective IT Security Against Cyber Attacks
Any company can be hit by a cyber-attack these days. Sometimes the company network has been infected for months without this being noticed. Security monitoring appliances within the framework of a comprehensive ISMS (Information Security Management System) offer effective protection against highly complex attacks. They permanently monitor the company’s internal network without intervening directly and possibly even preventing intentional control communication. They also analyse potential sources of danger and sound the alarm if there is a serious threat to the network. Reporting and export functions enable the clear presentation of analysis results, enabling decision-makers in management and IT to initiate immediate countermeasures.
Security Monitoring – System – An Example
Numerous companies have already been able to use the IRMA (Industrial Risk Management Automation) security system from VIDEC (manufacturer Acht:Werk). The following features make this safety system so special:
- Simple operation and usability allows the increase of cyber security, even without security – expert knowledge
- Effective support in meeting compliance requirements (e.g. through ITSiG or ISO9001), with which many entrepreneurs are currently confronted
- Less installation effort: The monitoring and analysis of the security situation can be carried out immediately
Conclusion On IT Security In Industry 4.0
Industry 4.0 offers great opportunities – not only for large companies, but especially for medium-sized manufacturing companies. Individual customer requests or special market developments can be dealt with promptly and in a resource-saving manner. However, more and more companies are confronted with the associated risks. With the opening of internal production systems to the Internet, they are increasingly the target of cyber-attacks. The consequences are data theft, production disruptions and even the destruction of equipment. An important component for countermeasures is a security monitoring appliance within the framework of an overarching ISM, which can identify and report sources of danger early and effectively, so that countermeasures can be initiated in good time.
Original article written by VIDEC