The increasing connectivity of components and plant even beyond the bounds of the factory, as embodied in the Industry 4.0 concept, provides lots of potential vulnerabilities for cyber-attack unless appropriate countermeasures are taken.
As laboratories, factories and warehouses operated by suppliers, manufacturers and customers exchange increasing volumes of data within Industry 4.0, the factory gates are inevitably pushed open. So it is key to the success of Industry 4.0 that no unauthorised persons can use that access to tap into the participating companies’ know-how or tamper with machinery.
Cybersecurity is thus a critical factor for Industry 4.0. However, as Veit Siegenheim, Head of Cybersecurity with Capgemini Germany, points out: “For many top management executives, cybersecurity is a mystery, which is why they often neglect it. The increasing number of external interfaces entails a greater security risk, as business data is more easily accessible and susceptible to cyber-attack.”
Incorporating security right from the design phase
According to Germany’s Federal Office for Information Security BSI, effective security is founded on three pillars. The first is Security by Design. This involves incorporating security requirements right from the design phase of a product, machine or line. It must be established at this early stage what information is available, how it is transmitted, and what technologies – such as encryption – are used to protect it. The second pillar is “whitelisting”: this means assembling a list of programs, commands or apps which are known to be trustworthy. Only those elements are then allowed to execute any actions on the Smart Factory components.
Proof of identity for plant and machinery
One of the special challenges to the IT architecture of Industry 4.0 is its ability to adapt to change. New plant and machinery or production processes need to be integrated into the system, or existing lines modified, in order to make a new product variant, for example. To maintain maximum security in this context, it must be ensured that only authenticated components are allowed to join the factory communications network. The method employed in doing so is termed Trusted Computing, and is the third pillar of effective protection. The electronic components are a key factor in Trusted Computing, as it involves fitting critical production elements with an authentication chip, known as a Trusted Platform Module (TPM). TPM chips serve as proof of identity for computers, routers and machines, and ensure that only authorised persons and non-manipulated machines have access to IT networks. As soon as an unauthorised element attempts to connect to the network, the other stations detect the fact and exclude the suspect machine from their communications. Only once authenticity has been safely established is data transmitted, in encrypted form over secure telecommunications networks, or any action allowed to be executed.
(picture credits: Shutterstock)
