martes, 18 de julio de 2017

Cyber-security, the forgotten item in Industry 4.0

The "Industry 4.0" or the "Factory of the Future" has been with us for many years. Thus, the current society is already familiarised with these words that some years ago seemed to be exclusive for an expert in manufacturing and ICT (specifically, Information and Communication Technologies). Nevertheless, whenever these terms are mentioned in the media or in an event, only some limited aspects are considered as part of this kind of projects, for example, Big Data, the Internet of Things, Augmented Reality or Additive Manufacturing, among others. Despite this fact, dear reader, you should keep in mind that there are several technologies involved in the advanced manufacturing systems, not only the features usually presented by the media. The Industry 4.0 must manage the integration of 8 different technological aspects and one of them is usually forgotten: the cybersecurity.

Cybersecurity, also known by other names such as Computer Security, is defined as the area related to information technology and telematics that oversees the protection of the technological infrastructure of the company. This infrastructure includes important assets like: (i) physical machines and devices (also known as "hardware"), (ii) execution systems and services, as well as databases and files (referred as "software") and communications between all those elements. This discipline, cybersecurity, must be the mechanism by which standards, procedures, methods and techniques must be designed to maintain a secure and reliable information system.

The reasons that drive companies to set aside cybersecurity are very clear. Firstly, and this is perhaps the most influential reason for not being included in projects, the cybersecurity is viewed as a nuisance, creating difficulties for the development of the project. It is perceived like an additional task that increases development costs and lengthens the achievement of the proposed goals. Secondly, there is a lack of understanding that cybersecurity is a necessary part on any Industry 4.0 project. Most managers only focus the project on the main objective and they downplay other surrounding aspects. Last but not the least, we find some assumptions made by the company: (i) "This will not happen to me", (ii) "We do not have any interesting content that justifies an attack" or (iii) "We do not need more security, we are already protected by an antivirus". Of course, all these ideas are totally wrong in an interconnected world like ours, where nobody is safe. The information handled by companies is very juicy (please, think about the cases of industrial espionage). In addition, there are a great variety of possible attacks, and, also, new computer viruses which cannot be detected, solved or hacked by antivirus software.

These last statements might seem exaggerated to the reader; however, the author has witnessed this type of attitudes not long ago, in the Hannover Messe. The Hannover Messe is the largest industrial fair in the world, where annually, 200,000 visitors discover the latest developments presented by about 6000 exhibitors in several fields. This year, the Hannover Messe has had a strong Industry 4.0 component, and large companies such as Microsoft and IBM have presented security solutions for the new paradigm of the Factory of the Future, but assistants have hardly shown any interest about them. The same feeling has been also experienced by small and medium-sized companies that focused their activity on computer security. The consequence of this type of attitude is, for example, that a month after the fair, one of the biggest known cyber-attacks in history took place: ransomware WannaCry. WannaCry was distributed to more than 150 countries, affecting some 200,000 computers, including, among others, the industrial facilities of Nissan Motor Manufacturing or Renault, which had to stop production.

After this attack, awareness has grown regarding the needs for computer security. Because of that, this is the time when companies start working on the subject. There are many critical points to work on. The first and most important point that must be addressed is the current technological infrastructure. For example, new Industry 4.0 developments that involve Cyber Physical Systems and communication technologies to achieve the Industrial Internet of Things are being developed without using secure protocols. In addition, any entry or exit point to the organization must be secured (i.e., email, Web page, data exchange servers, intranet, extranet, among others) because they are weak points through which a hacker can reach us. But mainly, and this is the most complicated side to keep us safe, we must make users aware. Any user must be aware that computer security is important and that they should use their common sense to prevent attacks extracting information from them through deception (this technique is known as "Social Hacking").

Reaching an end, I hope this article will work as an awareness tool. Thus, companies must understand that, in the highly technological Industry 4.0 environment, cybersecurity is not just an expense, it is a needed investment. The real expense occurs when our company is violated by any sort of attack.
Equally, cybersecurity is necessary in our organizations and our companies to protect our tangible and intangible assets, keeping our ICT system controlled and allowing us to develop the work that must be developed efficiently. Finally, dear reader, keep always in mind Robert Mueller’s (director of the FBI from 2001 to 2013) words: 

"There are only two types of companies: Those that have been hacked and those that will be hacked."
Figure 1.- Robert Mueller’s (FBI director from 2001 to 2013) final consideration: "There are only two types of companies: Those that have been hacked and those that will be hacked."

Which one do you belong to?  Hopefully, to those still to be hacked… but after many many years.

No hay comentarios:

Publicar un comentario