The digital transformation is increasingly reaching the industrial sector: machines and systems are networked. Due to the automatic and digital handling of production processes, information is transparent and available anytime, anywhere. The fourth industrial revolution has begun.
But what advantages does industry 4.0 really offer companies? And what can happen if cybercriminals use this complete networking of production plants and systems for their benefit?
The dawn of a new age
Let’s start with industry in its original form: industry 1.0. For the first time, goods were produced with machines. In industry 2.0, electrical energy made mass production possible. Manufacturing processes automated by computer-aided electronics characterize industry 3.0.
Converting to a smart factory confronts many companies with challenges in terms of infrastructure and security. Networked sensors, machines and systems create new targets for cybercriminals. Infections with malware, extortion, break-ins via remote maintenance access and human misconduct are major threats to smart factories.
Advantages of the industrial revolution
Let’s first take a look at the advantages of smart factories: One of the most particular advantages is process optimization. Networking makes information available in real time so the use of resources can be checked more quickly and thus adapted more efficiently.
Each production step can be monitored, coordinated and planned from any location. The exchange of information between the machines not only functions at the production site, but also worldwide. In this way, everyone involved in the production process can obtain information on the product from any location.
The transparency of the manufacturing processes enables companies to produce with more flexibility, because those involved have an overview of the production – as a result, processes can be adapted quickly and efficiently in the event of changes. In addition, the systems share information with the company’s employees – because people continue to play an important role, despite increasing digitalization. In this way, everyone involved in the production process can obtain information on the product from any location.
Industry 4.0 creates enormous competitive advantages and growth opportunities for companies. According to the BDI (The Voice of German Industry), experts forecast productivity increases of up to 30 percent by 2025.
Intelligent sensors – the sensory organs of machines
Despite all the process optimizations that are possible, the connection of the sensors to the network is a weak point—a security breach that cybercriminals can use for attacks.
The smart factory needs external IT infrastructure
In order for companies of any size to be able to use the full bandwidth of industry 4.0, high computing power is required. This is where cloud computing comes into play. With cloud computing, IT infrastructure doesn’t need to be used on the local computers but in an outsourced, usually redundant network.
The data cloud has established itself in the IT environment. According to Bitkom, three-quarters of companies already use outsourced IT infrastructure because the cloud makes it easy to introduce new IT systems. Especially when entering industry 4.0, companies need flexible solutions for storing and processing their data.
The target of cybercriminals: Attacks from inside and outside
The security aspect inhibits companies from entering industry 4.0 because the threats posed by cyberattacks are no longer invisible. The World Economic Forum asked participants about the probability and influence of global threats – cyberattacks find their place in both top 10 lists, alongside natural disasters, water crises and epidemics. .
The networking of people and machines in the entire production process is increasing the attack surface for cybercriminals. Technical, organizational and human deficits in companies can open various doors for cyberattacks.
External attacks usually take place via the Internet. Due to the initial connection of outdated IT systems within the internet, large security gaps arose that were undetected by cybercriminals. Remote maintenance access can also create loopholes through which harmful data can enter. The consequences are devastating: hackers can manipulate production, steal data, and blackmail companies. There is also a risk that cybercriminals could gain access to the control of machines or paralyze the company’s internal energy network.
Internal security cannot be ignored either. Hackers take advantage of human vulnerabilities through social engineering, and make employees inadvertently infiltrate malware or ransomware into the corporate system via email. These are transferred to IT systems and spread over the entire production process.
Cybercriminals become more creative and the scale of their attacks, especially in networked systems, gets increasingly devastating. In March, a cyberattack was launched on the Norwegian aluminium group Norsk Hydro. Hackers introduced ransomware into the company’s IT systems. The internal networking affected IT systems in almost all business areas, and the global network was paralyzed. According to Spiegel Online, the company has become a victim of the ransomware LockerGoga, which encrypted numerous files of the company.
The cybercriminals behind the decryption demanded a ransom in the form of cryptocurrency. In order to protect itself against the spread of malware, the company switched the production to manual operation, which led to a restriction.
As a result of the hacker attack, Norsk Hydro suffered losses of over 30 million euros. However, the international aluminum producer is only one of many industrial companies affected. According to the IT association Bitkom, eight out of ten industrial companies in Germany fall victim to cyberattacks.
Security: The key to a successful entry into industry 4.0
Half of all machines in a tenth of German companies are already networked via the internet. But the vision of the fourth industrial revolution was built on old security protocols. To comprehensively protect smart, networked factories from cyberattacks, companies need a multi-level security concept that not only protects industrial networks, but also the cloud and the data volumes stored in it. The industry sector is an attractive target for cybercriminals because of its high economic power and its importance in the supply chain. Hackers use a large pool of attack vectors to penetrate the corporate system.
Email is also the main gateway in this area. It is the primary means of communication in companies worldwide. A professionally designed fraud mail is not easy to detect, and so access data or other sensitive information unintentionally leaves the company and ends up directly with the cybercriminals who exploit it for further action. With paying more attention to the increasing global cybercrime activities, high financial losses and physical damages can be limited and prevented. All the reports of attacks on industrial enterprises demonstrate that digital progress involves not only advantages – it is also important to think about the resulting security gaps.
Sources
- ARD. Norsk Hydro cyberattack. [retrieved 15/07/2019]
- Bitkom. AI moves into factory halls. [retrieved 15/07/2019]
- Bitkom. Vision Industry 4.0. [retrieved 15/07/2019]
- Bitkom. Cloud Monitor. [retrieved 11/07/2019]
- BSI. Cloud Computing risks. [retrieved 11/07/2019]
- BMWI. Industry 4.0. [retrieved 15/07/2019]
- Inka Krischke. Sensors. [retrieved 11/07/2019]
- Drohr-John Röcher. Networked industry vulnerable for attacks. [retrieved 15/07/2019]
- Katharina Juschkat. Intelligent sensors for industry 4.0. [retrieved 16/07/2019]
- Fraunhofer Institut. industry 4.0. [retrieved 16/07/2019]
- Christof Kerkmann. Norsk Hydro as a role model for cyber defence. [abgerufen am 16.07.2019]
- Swen Heinemann. Digitisation in industry 4.0. [retrieved 16/07/2019]
- Jan-Martin Altgeld. Fraunhofer Institute simulates cyberattacks. [retrieved 15/07/2019]
- Katharina Juschkat. Sensor technology as a basis for industry 4.0. [retrieved 11/07/2019]
- Robert Russell und Jürgen Schreier. Industry 4.0 – a risk for security? [retrieved 11/07/2019]
- Roman Isheim. Intelligent sensors. [retrieved 15/07/2019]
- Thomas W. Frick. Industry in the course of time. [retrieved 10/07/2019]
- Hans Dieter Wehle. Cloud Computing. [retrieved 10/07/2019]
- Sebastian Korfmacher. Implementation of industry 4.0 [retrieved 15/07/2019]
- Marina Vogt. Cloud Computing explained. [retrieved 16/07/2019]
- Microsoft. Cloud Computing. [retrieved 16/07/2019]
- Markus Böhm. Ransomware LockerGoga. [retrieved 15/07/2019]
- Nicolai Kwasniewski. Cyberattacks endanger german economy. [retrieved 11/07/2019]
- VDE. Cyber security. [retrieved 11/07/2019]
- Thomas Mersch. Sensors – sensory organs of the industry. [retrieved 11/07/2019]