Industry 4.0 offers huge opportunities for production efficiency and visibility through predictive maintenance and other connected technologies, but it also brings a new operational risk – security. Cyber-attacks are increasing and the manufacturing sector is being hit with data theft, ransoms for access to locked data, machinery downtime, site safety, and build quality threats.
In May this year, the NHS in the UK was crippled by ransomware, a type of malware which locks access to files until a ransom is paid. The same ransomware quickly went on to attack several more factories in the UK as well as a Renault factory in France. In June, ransomware hit Cadbury’s in Australia, after disrupting Evraz and Rosneft steel and oil firms in Russia. The same month, Honda was forced to halt production in one of its factories in Japan after finding WannaCry malware across its international networks, including Japan, North America, Europe and China.
Is it worth the risk?
Security cannot be ignored, but it should also not be reason to halt innovation. Within the manufacturing sector, there is huge opportunity in the use of technology to streamline production for cost savings, increased quality and visibility from start to finish. The opportunities that IoT can bring to organisations are vast (see our previous blog series IoT meets industry).
“The S in IoT stands for security”
Tim Kadlec’s tech humour, but it’s true – the vision of Industry 4.0 was built on old security protocols, without much consideration for the darker side of global connectivity. These older ideals are not up to the job of protecting an ever-evolving connected environment. The key is to plan for Industry 4.0 with a security mindset from day one. Here is a checklist to get you started:
- Assess the risk
Risk assessments are essential when bringing a new piece of technology into a business and should include all touchpoints, passwords, staff access, the movement of data, supplier security, etc.
- Design from scratch with security in mind
With a blank piece of paper, there are no constraints.
- Choose the right supplier for your business
It is critical to have confidence in the supplier and their product. Full system information including security should be available and any concerns or requests should be dealt with efficiently and intelligently.
- Ensure good encryption
A solution should always be secure. Data should be encrypted – end to end.
- Keep it simple
Always look for the ‘least contact’ option. This can include keeping to one-way data transfer rather than two-way and avoiding access to internal networks. Many companies also separate operational machinery from internal IT networks. Always ask if less contact is possible; this can always be increased over time as confidence grows and opportunities are realised.
- Consider the potential of the project
The potential opportunity of a project is only there with a degree of freedom and lack of restrictions. While security is critical, it is important not to cripple innovation.
- Create a crisis management plan
If an attack does happen, it is important that everyone knows how to respond so the threat can be quickly contained and managed to minimise the impact on your business.
- Continually review security
Security isn’t a one-off job. It is accepted that passwords should be changed regularly – and this is just one part of your security strategy. Threats are always there and the types of attack are constantly changing and evolving – so too must your security approach.
Security is a major concern for any business, but when an Industry 4.0 solution is designed with security in mind it can be safer than having some third-party software installed inside the network. Planning ahead to include risk assessments, avoiding outside access to internal networks, ensuring that everything is encrypted and using a ‘least contact’ approach to Industry 4.0 solutions means that risk can be balanced with innovation and opportunity.
Security at Senseye
Senseye is a revolutionary cloud-based tool offering automated condition monitoring and prognostics analysis, built with security in mind. Senseye doesn’t need access to your internal network, data flows one-way and it is fully encrypted, it is also penetration tested by an independent third party. Of course, full security documentation is available!