How can manufacturers protect themselves from falling victim to security attacks? By Farah Nazurah
The integrated nature of Industry 4.0-driven operations means that cyberattacks can have devastating effects, evident in the unprecedented “WannaCrypt” global cyberattack in 2017. Cyber security strategies should be secure and fully integrated into organisational and information technology. Picking the right cybersecurity provider is essential in ensuring data is protected.
Any manufacturer relying on condition monitoring or predictive maintenance, for example, will in the long term have to not only think about their technical implementation, but also about the secure design of the data traffic involved.
Steffen Zimmermann, security expert, German Mechanical Engineering Industry Association: “The paramount consideration here is risk assessment. Is there an intention to safeguard confidential data? Who has access to these data? How do data queries from abroad function—from China, for example?
Data Sharing: Increased Access To Data
Companies should consider which data should be shared and how to protect the systems, and which data that is proprietary or have privacy risks. Companies should leverage tools such as encryption for data which are at rest or in transit, to safeguard communications should they be intercepted or if the systems are compromised. It is important for manufacturing companies to perform risk assessments across their environment—including enterprise, DSN, industrial control systems, and connected products. Data evaluations should then be applied to update cyber risk strategies.
Secure Digital Identities
When working with automated and autonomous data, manufacturers should use secure digital identity (SDI). “The user should be able to trace and assign the decisions of the systems involved on the basis of secure digital identities,” advised Mr Zimmermann.
The requirements for these identities are extremely stringent: they have to be very difficult to copy, forgery-proof, and also be amenable to revocation or forwarding; and manufacturers should consider how they can implement SDI in actual practice. SDI is an unambiguous identity with additional security characteristics for dependably trustworthy authentication of an object (entity).
It prevents an incorrect identity from being simulated. Each networked device that communicates via open networks requires a secure identity. The principal goal is to identify and authenticate individual entities. There are six features defining an SDI: identification, integrity, forgery-resistance, offline identification, authentication and offline authentication.
Sensitive data are not limited to sensor and process information; it also includes a company’s intellectual property or even data related to privacy regulations. As more IoT devices are connected to networks, the risk of potential attack increases, along with risk from compromised devices. The first step companies should take is to discover all assets, especially industrial controllers.
Choosing the right cybersecurity provider who understands what your company needs is essential in protecting your data against cyberattacks. Transparency is important for companies with highly sensitive data therefore, ensure that third-party cybersecurity providers inform you where the information goes.