The digital transformation is increasingly reaching the industrial sector: machines and systems are networked. Due to the automatic and digital handling of production processes information is transparent and available at anytime, anywhere. The fourth industrial revolution has begun.
But what advantages does industry 4.0 really offer companies? And what can happen if cyber-criminals use total networking for their benefit?
An informative and detailed blogpost awaits you – but you want to get straight to the point? Go directly to…

The dawn of a new age

Let’s start with industry in its most original form: industry 1.0. For the first time, goods were produced with machines. In industry 2.0, electrical energy made mass production possible. Manufacturing processes automated by computer-aided electronics characterize industry 3.0.
Today, we speak of industry 4.0: The complete networking of production plants and systems via information and communication technology. Production machines communicate with each other and organize themselves. This makes the production more flexible, dynamic and efficient. The interconnectivity makes it possible to track the entire production life cycle.
Converting to a smart factory confronts many companies with challenges in terms of infrastructure and security. Networked sensors, machines and systems create new targets for cyber criminals. Infections with malware, extortion, break-ins via remote maintenance access and human misconduct are major threats to smart factories.
Industry 4.0 was the number one trend theme at Hannover Messe 2019.

Advantages of the industrial revolution

Let’s first take a look at the advantages of smart factories: One of the most particular advantages is process optimization. Networking makes information available in real time the use of resources can be checked more quickly and thus adapted more efficiently.
Each production step can be monitored, coordinated, and planned from any location. The exchange of information between the machines not only functions at the production site, but also worldwide. In this way, everyone involved in the production process can obtain information on the product from any location.
The transparency of the manufacturing processes enables companies to produce with more flexibility, because those involved have an overview of the production – processes can be adapted quickly and efficiently in the event of changes. In addition, the systems share information with the company’s employees – because people continue to play an important role, despite increasing digitalization. In this way, everyone involved in the production process can obtain information on the product from any location.
Industry 4.0 creates enormous competitive advantages and growth opportunities for companies. According to the BDI (The Voice of German Industry), experts forecast productivity increases of up to 30 percent in 2025.
 

Intelligent sensors – the sensory organs of machines

 
Intelligent sensors are a prerequisite for a smart factory. They monitor and control processes and ensure reliability in production. In addition to recording measured variables, they must also process signals.
But what makes the sensor intelligent? Sensors of an industrial 4.0 factory are connected to the hardware via IO-link technology. This makes them active participants in the factory’s automation network. The smart sensor is equipped with special software that enables it not only to acquire data, but also to evaluate it. It only passes on the relevant data and functions as a sensory organ of the machines. For example, it can detect anomalies in the process caused by vibrations before any damage occurs to the production plant. The collected sensor data information can be made available in a data pool such as the cloud.
Despite all the process optimizations that are possible, the connection of the sensors to the network is a weak point. A security breach that cyber-criminals can use for attacks.
 

The smart factory needs external IT infrastructures

 
In order for companies of any size to be able to use the full bandwidth of industry 4.0, high computing power is required. This is where cloud computing comes into play. With cloud computing, IT infrastructures don’t need to be used on the local computers but in an outsourced, usually redundant network.
Especially in the context of industry 4.0, technologies such as the cloud are becoming indispensable for companies. Total networking and the use of smart sensors generate large amounts of data. The cloud enables companies to permanently access the collected data from the production process from any location. In industry 4.0, it serves as a platform for storing data in real time and offers companies worldwide secure networking of systems and facilities.
The data cloud has established itself in the IT environment. According to Bitkom, three-quarters of companies already use outsourced IT infrastructures because the cloud makes it easy to introduce new IT systems. Especially when entering industry 4.0, companies need flexible solutions for storing and processing their data.

The target of cyber-criminals: Attacks from inside and outside

The security aspect inhibits companies from entering industry 4.0 because the threats posed by cyber-attacks are no longer invisible. The World Economic Forum asked participants about the probability and influence of global threats – cyber-attacks find their place in both top 10 lists, alongside natural disasters, water crises and epidemics. .
The networking of people and machines in the entire production process is increasing the attack surface for cyber-criminals. Technical, organizational, and human deficits in companies can open various doors for cyber-attacks.
External attacks usually take place via the Internet. Due to the initial connection of outdated IT systems within the internet, large security gaps arose that were undetected by cyber-criminals. Remote maintenance accesses can also create loopholes through which harmful data can enter. The consequences are devastating: hackers can manipulate the production, steal data, and blackmail companies. There is also a risk that cyber-criminals could gain access to the control of machines or paralyze the company’s internal energy network.
Internal security cannot be ignored either. Hackers take advantage of human vulnerabilities through social engineering, and make employees inadvertently infiltrate malware or ransomware into the corporate system via email. These are transferred to IT systems and spread over the entire production process.
Cyber-criminals become more creative and the scale of their attacks, especially in networked systems, gets increasingly devastating. In March, a cyber-attack was launched on the Norwegian aluminium group Norsk Hydro. Hackers introduced ransomware into the company’s IT systems. The internal networking affected IT systems of almost all business areas and the global network was paralyzed. According to Spiegel Online, the company has become a victim of the ransomware LockerGoga which encrypted numerous files of the company.
Industry 4.0 Infografic
The cyber-criminals behind the decryption demanded a ransom in the form of crypto-currency. In order to protect itself against the spread of malware, the company switched the production to manual operation, which led to restriction.
As a result of the hacker attack, Norsk Hydro suffered losses of over 30 million euros. However, the international aluminum producer is only one of many industrial companies: According to the IT association Bitkom, eight out of ten industrial companies in Germany fall victim to cyberattacks.
 

Security: the key to a successful entry into industry 4.0

 
Half of all machines in every tenth German company is already networked via the internet. But the vision of the fourth industrial revolution was built on old security protocols. To comprehensively protect smart, networked factories from cyberattacks, companies need a multi-level security concept that not only protects industrial networks, but also the cloud and the data volumes stored in it. The industry sector is an attractive target for cybercriminals because of its high economic power and its importance in the supply chain. Hackers use a large pool of attack vectors to penetrate the corporate system.
Email is also the main gateway in this area: It is the primary way of communication in companies worldwide. A professionally designed fraud mail is not easy to detect, and so access data or other sensitive information unintentionally leaves the company and ends up directly with the cybercriminals who exploit it for further action. With paying more attention to the increasing global cybercrime activities, high financial losses and physical damages can be limited and prevented. All the reports of attacks on industrial enterprises show, that the digital progress not only involves advantages – it is important to think about the resulting security gaps.
Sources