As the fourth industrial revolution, or Industry 4.0, continues, factories and supply chains are more connected than ever before. This can be great for companies, bringing increased value and efficiencies, but more connections also mean more cyber risk. Every device, sensor, piece of equipment and connected product can be both an asset and a vulnerability. Despite their benefits, smart factories can expose people, technology, physical processes and intellectual property to attack. This raises the question: does the manufacturing industry have adequate cybersecurity programs in place to prepare for these expanded risks?
ICS Pulse recently sat down with Moty Kanias, VP of cyber strategy and alliances with Nanolock, to discuss the preponderance of connected devices and the cybersecurity impact of smart factories. While the “smart” nature of industrial environments can provide huge business benefits, there still are many question marks.
The cybersecurity risks of Industry 4.0
Kanias said he was recently at a conference in Germany, where major manufacturers were touting their readiness for Industry 4.0. He took it upon himself to find out exactly what that meant.
“They said that everything inside their system communicates to every different part and that they’re ready for the new era,” Kanias said. “Then, I started asking them questions about cybersecurity, and I got exactly what I think everyone knows. Nobody knows what cybersecurity in the future would look like, and 4.0 is kind of a slogan of saying, ‘We want the world to be connected because we understand how good it will do to the world.’ But the question of cybersecurity in 4.0 is really unsolved, and we have a long way into finding the specific technology that is needed in order to find a good solution.”
Kanias said companies need a new solution because they generally don’t start up from zero and buy new machinery every day for their whole production line. There is always a mix of old and new products that must connect and work together, and it’s the weakest link in a network that will tell you how strong you really are.
“Buying a brand new machine and saying that they’re secure or that they’re ready for 4.0 industry, but then bringing it specifically into a plant and hoping for the best, well, I don’t see a true solution in cybersecurity in so much connectivity,” Kanias said.
In the past, the way the Cybersecurity and Infrastructure Security Agency (CISA) advised industrial organizations to deal with cyberattacks was to just disconnect from the internet or make sure only authorized personnel can touch the computers.
“Well, 4.0 is kind of the nightmare of where we were,” Kanias said. “It means that everything’s connected. It means that everyone directly could get into any piece of data that he wants and could probably see all the configuration and how to change them according to what he or she would want to do.”
The benefits of connectivity
Why is connectivity so pervasive despite the cybersecurity risks? That part is obvious.
“You have to be crazy to think that connecting everything won’t do a great good to the world,” Kanias said. “It will do a lot for productivity and for efficiency. I think you can do a lot even to global warming. If we can make sure that we produce only what we need and we can make sure that we only use what we need, it means that we will see less energy wasted in buying things that we don’t need and human mistakes in digitalized decision making.”
The essential question becomes: How do we manage the new cyber challenges introduced by digital transformation? The existence of big data makes programs more complicated, and that means more vulnerabilities. Kanias said the worst risk right now is to legacy machinery that doesn’t have any cybersecurity protections in place. However, there are also some industries that are more vulnerable to cyberattacks.
“First of all, critical infrastructure such as gas, water, food manufacturers, and of course transportation, banking systems. 4.0 in some ways will connect all of them together, and therefore, it’s hard to know exactly which will be the weakest link.”
The benefits of going after critical infrastructure are clear for hackers. For motivated nation-state actors, targeting a country’s critical assets can create chaos in society, but it can also result in a quick payout for ransomware groups looking for money. Kanias, who is from Israel, spoke about a group from Hamas who attacked a water plant in Israel and tried to interfere with the amount of chlorine inside the water. Thanks to connectivity, the ability to do dangerous things and create a negative physical outcome from cyberattacks is omnipresent.
Managing cybersecurity in smart factories
Given the risks an interconnected world presents, it’s essential for smart factories to take steps to protect themselves from cyber threat. Kanias said the first thing organizations should do is educate themselves and their workers about what cybersecurity is and what cyber actors are trying to find. The second step is investing in cybersecurity and delivering smarter solutions like zero trust. This can mean purchasing cyber solutions and/or bringing in third parties to audit your systems. It’s about finding the right products that will ensure that only authorized people can make critical changes to sensitive computers.
“Staying with no connectivity to the internet and hoping that you won’t be cyberattacked, well, it continues to prove itself as a very wrong decision to make,” Kanias said. “Saying, ‘We’re going into Industry 4.0 where it means connecting everything altogether is also not the way. I think that we need more hands in the cybersecurity area. We need more programmers. We need more specialists in order to build a strong protection plan for industries with the connectivity that is just expanding every day.”
Check out Part 1 of our interview with NanoLock’s Moty Kanias, where he talked about the risks of connectivity. For more installments from our expert interview series, check out our Industrial Cybersecurity Pulse YouTube page.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.
