Laying the Groundwork for Industry 4.0 Cybersecurity
12/06/2019 Daniela Previtali
Governments, industry organizations, and industrial leaders keep focusing their attention on cybersecurity in light of the advances driven by Industry 4.0 and Smart Manufacturing that continue to shape our future.
The European Union Agency for Network and Information Security (ENISA), a center of network and information security expertise for the EU, its member states, the private sector and EU citizens, recently published a high-level summary report on the state of cybersecurity, Industry 4.0 Cybersecurity: Challenges and Recommendations.
ENISA hopes that the adoption of the high-level recommendations will contribute to the enhancement of Industry 4.0 cybersecurity across the European Union and lay a solid foundation for future security technology developments.
The challenges identified in the report tackle issues around people, processes, and technology while the recommendations are addressed to different key stakeholder groups, namely regulators, Industry 4.0 security experts, Industry 4.0 operators, standardization community, academia and research, and development bodies.
Following is a brief summary of the key challenges and recommendations outlined in the report:
Challenge: Need to Foster and Align IT/OT Security Expertise and Awareness – People involved in deployments of new solutions usually have only knowledge of either IT or OT security, while Industry 4.0 and Smart Manufacturing require expertise over several areas. Recommendation: Promote Cross-Functional Knowledge on IT and OT Security – People responsible for security within Industry 4.0 organizations should invest in state-of-the-art dedicated cybersecurity trainings that cover all necessary aspects specific to IT/OT convergence and Smart Manufacturing.
Challenge: Incomplete Organizational Policies and Reluctance to Fund Security – Traditionally, cybersecurity was not perceived as a Board-level topic, since its impact on increasing revenue or optimizing costs remains generally unclear. Recommendation: Foster Economic and Administrative Incentives for Industry 4.0 Security – Economic and administrative stimuli are required to incentivize investments in Industry 4.0 security, given that maturity and mentality of organizations and businesses needs to grow further when it comes to identifying the role and importance of security.
Challenge: Liability Over Industry 4.0 Products’ Lifecycle is Poorly Defined – Liability for Industry 4.0 cybersecurity is an open issue (a gap also identified for most of emerging technologies) as accountability for Industry 4.0 cybersecurity incidents remains unclear. Recommendation: Clarify Liability Among Industry 4.0 Actors – Address liability concerns not only to protect end-users and consumers of such products and services, but also to stimulate corresponding investments through a comprehensive and stable legal framework.
Challenge: Fragmentation of Industry 4.0 Security Technical Standards – The lack of uniform standardization efforts at a global level results in a situation when sites that belong to one organization cannot collaborate and share security expertise and solutions with each other, as they are subject to different schemes. Recommendation: Harmonize Efforts on Industry 4.0 Security Standards – It is beneficial to explore initiatives and guidelines that map security standards from many different sources to provide a complete point of reference and thus ensure all necessary security controls are considered.
Challenge: Supply Chain Management Complexity – The situation has become even more complicated as Smart Manufacturing introduced new capabilities (end-to-end visibility, predictive analysis, automation and data-driven decision-making) that have an additional impact on the supply chain. Recommendation: Secure Supply Chain Management Processes – Trust is the root of a secure supply chain, since the amount of trust that an organization places on another will eventually feed into the risk assessment process and the introduction of appropriate security controls.
Challenge: Interoperability of Industry 4.0 Devices, Platforms and Frameworks – With the introduction and integration of Industry 4.0 devices, platforms, and frameworks to existing systems comes the issue of interoperability. In industrial environments, securing interconnectivity between diverse devices is often challenging, especially when considering devices that are long out of support. Recommendation: Establish Industry 4.0 Baselines for Security Interoperability – Encourage the use of interoperability frameworks that promote a common security language and use of protocols for Industry 4.0 components.
Challenge: Technical Constraints Hampering Security in Industry 4.0 and Smart Manufacturing – Difficulties in ensuring security in Industry 4.0 result also from lack of technical capabilities of connected industrial devices and systems, especially considering integration with legacy infrastructures. Recommendation: Apply Technical Measures to Ensure Industry 4.0 Security – Identifying baseline security recommendations for Industry 4.0 components, services, and processes based on risk analysis is a first step to approach a solution to the challenging technical constraints of this domain.
Wibu-Systems Global Marketing Director – IIC Marketing WG Co-Chair
Daniela is a marketing veteran who has dedicated more than twenty years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.