Security And The Fourth Industrial Revolution

The innovations that lie behind the term ‘Fourth Industrial Revolution’ – in the fields of artificial intelligence, autonomous machines and network technologies – have the potential to revolutionise the ways in which manufacturing businesses operate. In addition to promising improved efficiency, productivity and growth, however, they pose a number of challenges.

The challenges of Industry 4.0

Of these, one that seems to give particular cause for concern relates to the issue of security. How safe are smart factories from hackers? In a digitally interconnected world, how effectively can a business’s unique data be shielded from unwanted view? To what extent can operations be made safe from malicious attack?

They are fair questions. The very essence of Industry 4.0 is networked information transmission. Where earlier advances in machine capability or in computing science took place within discrete fields – with applications then percolating into traditional systems – newer technologies are concerned with using data exchange to overleap boundaries. Machines now talk to machines. A factory robot’s behaviour may be modified by feedback from another device in the system.

IIoT and manufacturing

In the manufacturing world, mechanical engineering and IT are increasingly one and the same. And both, of course, are now fundamentally integrated into the business dynamic. What some call the Digital Supply Chain is a sort of ecosystem in which every aspect of the manufacturing process – from procurement of materials, through spare part management, to distribution logistics – is continually modified in real time in response to changes in the larger picture.

It does not take long to lose count of the security risks implicit in this picture. The very principle of connectedness on which Industry 4.0 is founded tends to create a milieu that is naturally open, porous and without borders. Devices on the factory floor come and go. New customers and suppliers may be networked in every day. The storage of vital data is entrusted to public clouds.

The resulting attack surface – the range of potential entry points into the system – is inevitably large, extending far beyond the IT director’s laptop or CEO’s mobile phone.

Security in the age of the Fourth Industrial Revolution

Is it really “Easier to hack than a home computer”?

Last year the cyber-security company Trend Micro released a report demonstrating that manufacturing robots can be easier to hack into than a home computer. The report’s authors remotely infiltrated the code of an robotic arm, the kind commonly used in assembly, welding and other industrial work. The hack instructed the machine to deviate very slightly in the execution of its programmed task.

The deviation was subtle enough to escape the notice of the robot’s operator and yet, had it impacted on the construction of something like a drone rotor, the consequences would have been catastrophic. Trend Micro’s researchers identified five different ways in which the behaviour of industrial robots might be compromised.

Any networked appliance (any component, that is, of the Internet of Things) is a potential vulnerability. Malware such as the high-profile Mirai virus scans the internet for accessible devices like routers, DVRs or CCTV cameras that may be only weakly protected. Those machines which it can log into Mirai then infects and recruits into a zombie-like army of internet presences with the potential to down an individual server by overwhelming it with traffic (the kind of assault known as Distributed Denial of Service – DDoS).

Vulnerability in perhaps the most important area of the system was illustrated earlier this year by an invasion of the cloud space used by transportation giant Tesla. Rather than aiming at espionage or vandalism, hackers were able to find their way into a Tesla cloud platform whose processing power they then exploited to garner cryptocurrency (through the activity known as ‘mining’). That sensitive information was on this occasion not stolen was merely Tesla’s good luck.

Are all smart businesses really this easy to compromise? Far from it.

Reassurance: preventing security issues through encryption!

The first – and certainly the most reassuring – thing to point out about all the encroachments outlined above is how easily preventable they were. Every one could have been blocked with basic encryption. The internet is littered with devices running on default security settings (the word ‘password’, for example, serving as the password). These are the machines Mirai targets. The administrative portal for Tesla’s cloud was, incredibly, not password-protected.