Seven years ago, in a flurry of news headlines reminiscent of the recent WannaCry and NotPetya global ransomware attacks, reports came out about Stuxnet, a malware that targets Programmable Logic Controllers (PLCs) used in the automation of industrial machinery and processes. As the Iranians discovered at the time, this included nuclear centrifuges.
Despite infecting 200,000 computers worldwide and causing 1,000 machines in Iran’s Natanz nuclear facilities to shake themselves to pieces, it wasn’t long before it was largely forgotten about by the mainstream media. This may well have been because back in 2010 the concept of Industry 4.0 was still in its infancy and nowhere near as widely known as it is today.
Industry 4.0, the fourth wave of the industrial revolution, is beginning to transform manufacturing and industrial processes all across the developed world. Technologies such as Big Data, 3D Printing, Collaborative Robotics, and Industrial Internet of Things (IIoT) are being increasingly used to create so called ‘smart factories’ where cyber-physical systems monitor physical processes, create a virtual copy of the physical world and make decentralized decisions.
This trend is set to continue and accelerate over coming decades as its component technologies become more affordable and more accessible. This is especially true for small to medium sized manufacturers that make up 90% of the industrial fabric and who stand to benefit the most from the gains in operational efficiency, productivity and competitiveness.
However, these benefits are offset by a number of daunting challenges, particularly in relation to cyber security. Although mentions of Stuxnet in the media are now few and far between, this malicious worm remains a very real threat today and can be tailored to attack a wide range of SCADA (supervisory control and data acquisition) and PLC systems around the world.
More recently, Trend Micro joined forces with the Politecnico di Milano (POLIMI) to determine whether they could hack into an industrial robot under laboratory conditions. They managed to compromise one and concluded that there were five ways industrial robots could be hacked, ranging from modifying its control parameters to manipulating its production logic to make it produce defective products. This turns them into what Trend Micro refers to as ‘rogue robots’.
And that’s just industrial robotics. Big Data and IIoT systems could be equally if not more vulnerable if they are not protected adequately; the consequences of any cyberattacks on them could be potentially disastrous for anyone who depends on the production output of smart factories. Even in the field of 3D printing, the potential exists for hackers to steal designs and produce their own counterfeit versions of products, thereby threatening intellectual property rights and drawing away revenue from their rightful owners.
So whilst the cyber security world remains focused on protecting both personal devices as well as corporate IT systems it is in the best interests of all of us to be aware of the potential threat to industrial systems. Vendors and developers in the IT Security industry should look to the Industry 4.0 as a great opportunity to diversify their offerings. At the same time manufacturers and suppliers of Industry 4.0 technologies must ensure that the software and firmware behind their solutions is secure and as difficult as possible to hack.
As an article published in Deloitte University Press states, “for cyber risk to be adequately addressed in the age of Industry 4.0, cyber security strategies should be secure, vigilant, and resilient, as well as fully integrated into organizational and information technology strategy from the start”.