Cybersecurity is at the heart of the Fourth Industrial Revolution. Dave Sutton, product marketing manager at Schneider Electric, explains.
A study on cyber security by PricewaterhouseCoopers estimated that more than half of British businesses will suffer cyber attacks by 2018.
As businesses seek to embrace industry 4.0, cybersecurity protection must be a top priority for industrial control systems (ICS).
The rise of digital manufacturing means many control systems use open or standardised technologies to reduce costs and improve performance, employing direct communications between control and business systems.
This exposes vulnerabilities previously thought to affect only office and business computers, so cyber attacks now come from both inside and outside of the industrial control system network.
A successful cyber attack on the ICS domain can have a severe impact, so asset owners in industrial environments are increasingly looking for security solutions that can protect their assets and prevent monetary loss and brand erosion.
However, the barriers to improving cybersecurity remain high, while more open and collaborative networks have made systems more vulnerable to attack.
Uncertainty in the regulatory landscape also remains a significant restraint.
With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system availability is vulnerable to malware targeted at commercial systems.
Inadequate expertise in industrial IT networks is a sector-wide challenge.
Cybersecurity – assess the risks
A defence-in-depth approach is recommended, starting with risk assessment – the process of analysing and documenting the environment and related systems to identify, and prioritise potential threats.
This examines the possible threats from internal sources, e.g., disgruntled employees, and external sources such as hackers and vandals. It also examines the threats to continuity of operation and assesses the value and vulnerability of assets like intellectual properties, processes, and financial data.
Organisations can use this assessment to prioritise cybersecurity resource investments.
Develop a cybersecurity plan
Existing security products and technologies must be deployed with a security plan. A well designed security plan coupled with diligent maintenance and oversight is essential to securing modern automation systems and networks.
Users should continuously reassess their security policies and revisit the defence-in-depth approach to mitigate against future attacks.
Cyber attacks on critical manufacturers are on the rise, so it’s imperative that security plans are up to date.
Upskilling the workforce
The fourth industrial revolution presents a golden opportunity for manufacturing to bridge the skills gap and bolster the workforce, putting real-time status and diagnostic information at their disposal.
The future workforce also needs to have the cybersecurity know-how to cope with modern threats. So, regular training and awareness raising is crucial to a security conscious culture.
The fourth industrial revolution is here and has its origins in technologies and functionalities developed more than 15 years ago. Improvements in efficiency and profitability, increased innovation, and better management of safety, performance and environmental impact are just some of the benefits of an Internet of Things-enabled industrial environment.
However, without an effective cybersecurity programme at its heart, ICS professionals will not be able to take advantage of the new technologies at their disposal for fear of the next breach.
For more information on the Schneider Electric Defence-in-Depth plan, visit the website.