Megan R. Nichols,
Freelance Technical Writer
For all their disruptive potential — and there’s a lot of it — Industry 4.0, the IoT and smart factories also raise the potential for some very real security concerns.
That’s why this is a good time to discuss how to secure smart factory IoT networks during your company’s digital transformation. Security must be a pillar of each of your digital systems, so here’s what you need to know about security and the smart factory.
What’s a Smart Factory?
Take a step back for a moment and ask — What’s a smart factory in the first place? Broadly, it’s a manufacturing facility which does any of the following:
• Uses cyber-physical systems to monitor machine health proactively and provide actionable data about ongoing operations
• Automates facility or business functions, such as climate control, inventory tagging or reordering
• Makes use of distributed computing and high-speed networks to transmit data between in-house decision makers and across other stakeholders and industry partners
Research from PwC suggests that, through 2020, manufacturers will invest a combined $907 billion annually ,across the globe, to transition to smart infrastructure, against a potential ROI of hundreds of billions of dollars annually in boosted revenues and lower costs.
But we’re not here to discuss the opportunities — we’re here to talk about the security risks. With digital security a mainstream issue of some concern, it’s not hard to imagine why the scope of these digital-physical systems substantially expands a company’s threat surface and opens it to attack from outside — or even inside — parties.
What Threats Do Factories Face?
Not surprisingly, that PwC survey also showed that data breaches and disruptions to normal daily operations are the two highest-ranking security concerns among operations managers.
Let’s unpack these and some of the other major threat types the modern factory may find itself up against:
• Data breaches: Data breaches are inconvenient and costly in more ways than one. In terms of the bottom line, a small business could face an average loss of $120,000 if data thieves target them. Big corporations stand to lose a lot more, but they’re also more likely to have taken measures to protect themselves. Regrettably, it’s small business owners who are often not in an ideal position to defend themselves properly, either because of a lack of capital or because they underestimate the threat.
• DDoS attacks: Dedicated-denial-of-service attacks are the quintessential threat under Industry 4.0. As recent headlines attest, outside parties can turn a swarm of thousands — or even just a handful — of unprotected IoT devices against their master to cripple infrastructure and render their business and its services unreachable. Botnet attacks seem to only grow more sophisticated over time, and the government calls for greater cooperation between the private and public sector in getting the problem under control.
• Ransomware attacks: Other high-profile stories show that something as innocuous as an Internet-connected heating and cooling system could provide a back door into your industrial control systems and your customer databases. A ransomware attack involves a hacker quarantining your mission-critical data until you pay to have access restored.
Each of these threats is worrisome and potentially ruinous for your business. A DDoS attack, for example, could damage an automotive parts company operating on thin margins — one hour of downtime could cost $22,000 or more, with some DDoS attacks lasting for a week. That’s a huge amount of time to leave customers or clients without the products or services they need. Expect to lose business and a lot of money to your competitors if you fall victim to a DDoS attack.
How Can Factories Mitigate Risk?
This probably sounds like scaremongering. The truth is, the benefits of the IoT and smart factories absolutely outweigh the drawbacks — but companies need to know about the threats going in, and they need to have the right talent on their side to help keep them protected.
That’s step one for mitigating risk in smart factories — hire the right people. Let’s unpack this and some other best practices:
• Ramp up IT hiring: Here, again, the small business is at a disadvantage. Companies everywhere look for cybersecurity and data science professionals to build their digital systems and then keep them protected. Until you have the right hires or the right outside partner, don’t try to tackle Industry 4.0 on your own.
• Keep devices and workstations up-to-date: There’s no way to understate the importance of applying security patches and feature updates as soon as they become available. Manufacturers roll these out to keep you safe, so make sure auto-update is turned on for each of your internet-connected assets, or else make sure your maintenance team has a workflow in place to perform the task manually on a regular basis.
• Train for good password and security hygiene: Company culture is vital in keeping our organizations safe. Don’t take it for granted that employees know not to reuse passwords, leave workstations unlocked or not to click on links in suspicious emails. Instead, train on these ideas and then have your IT team run drills to keep people on their toes.
• Think about physical security too: Nobody wants to think about somebody within their organization getting handsy with trade secrets or intellectual property. Physical security in a smart factory includes anything from steel gates and biometric security at sensitive checkpoints to GPS or RFID tracking for assets such as computers, mobiles and server equipment.
There are so many good reasons for companies to make their factories smarter. A lot of the operational data we generate sits in a silo, not doing anybody any good. But smart factories free this data andmake it available across departments and between business partners. Data sharing creates new opportunities and pinpoints areas to eliminate waste — insights that might’ve been hidden from sight before.
The cost of falling victim to cybercrime and other threats seems only to get higher. The good news is, factories and the decision-makers running them have a number of weapons on their side, the most important of which is awareness.