Protecting Data and Plants with Cyber Security

In the age of Industry 4.0, Cyber Security is a real concern and a priority for companies facing digitization. For a correct defense, it is necessary to thoroughly evaluate the peculiarities of the industrial world, aiming towards a change of mentality

by Valerio Alessandroni

In several sectors, businesses are shifting many of their activities to cloud platforms, due to increasing Internet penetration and the proliferation of smart devices. However, increasing digitisation is exposing them to new cyber threats. The rise in cybercrime, the use of unprotected IoT devices and more sophisticated attacks on public authorities, companies, educational institutions and consumers are driving companies towards strong investments, seeking cyber security solutions to reduce monetary and non-monetary losses.
In particular, unprotected IoT devices with sensors equipped with IP addresses increase data vulnerabilities. Besides, the increased use of cloud-based services and third-party servers are creating new pathways for cyber attacks. The market is therefore increasingly demanding the integration of advanced technologies, such as artificial intelligence, machine learning and deep learning into cyber security solutions. By 2025, according to a report by Grand View Research, the size of the global cyber security market is expected to reach $241.1 billion, expanding at a CAGR (Compound Annual Growth Rate) of 11.0% during the forecast period.

The networking of plants increases safety risks.
The networking of plants increases safety risks.

The risks of integration

The industry has never been as interconnected and transparent as it is today, and never before has it been so vulnerable. The management of production facilities through remote access enables the reduction of technicians’ travel costs and downtime. However, while ensuring higher levels of efficiency and flexibility in production, networking all plants poses a very high security risk, paving the way for network failures, sabotage or data loss. An unsecured remote connection allows even unauthorized persons to access the company’s network: a security breach that can cause enormous damage, even economically. But cyber risks do not only involve alleged attacks and hackers, but also accidents which may lead to production stoppages, decreases in performance and product quality, interruption of essential services, loss of know-how, and even reputation damage.

The Mirai Bot virus in 2016 highlighted the fragility of IoT.
The Mirai Bot virus in 2016 highlighted the fragility of IoT.

Security must keep abreast of cyber threats

The increased amount of exchanges and information sharing in production plants as a result of the Industry 4.0 and IoT concepts has therefore led to the need of a strategy for network security to protect data integrity and plant availability. At Cyber Security level, industrial plants have many weaknesses and often the historical stratification, due to the need to guarantee backward compatibility and business processes, makes a radical redesign of their architecture impossible, while the standard communication protocols between devices do not envisage any mechanism for protecting information.
On the other hand, if cyber threats progress and become always more sophisticated, the same must happen for the Cyber Security. Companies must therefore begin to rethink their strategies, adopting a broader vision of Enterprise Security, where the “security by design” approach must prevail, and not a reactive one, or one deriving only from the need to comply with regulations.

The human factor is as important as the technological one.
The human factor is as important as the technological one.

A virus from Japan

With the exponential increase in connected devices, smartphone and Internet penetration and electronic transactions, there is an urgent need for Cyber Security solutions worldwide.
This need has become even more evident since the introduction of AI and IoT technologies. IoT, for example, is very vulnerable to cyber attacks and can disrupt vital infrastructures such as telecommunications and energy. In particular, the attack of the Mirai Bot virus in 2016 highlighted the fragility of IoT technology since this malware was specifically designed to breach the firewalls of IoT devices.
Mirai (Japanese for “future”) is malware designed to operate on devices connected to the Internet, particularly IoT devices, making them part of a botnet (a network controlled by a botmaster and made up of devices infected with specialized malware) which may be used for large-scale cyber attacks. The botnet created by Mirai was discovered in August 2016, and was used the same year in several attacks, also because Mirai’s source code was published in open source.

Companies invest in research to reduce monetary and non-monetary losses.
Companies invest in research to reduce monetary and non-monetary losses.

Possible solutions

The simplest Cyber Security solution requires the separation of computer and industrial networks.
This often does not happen on account of configuration and business management issues, to the detriment of security. In this way, the problems of a normal IT network are accompanied by purely industrial ones, aggravated by the fact that the security of industrial networks is more complex than that found in normal IT networks. Actually, industrial control devices and switches do not have on board detection systems present in other types of commercial equipment.
A modern technological solution therefore implies effective traffic control within each network, and between the networks themselves.
In this context, a critical aspect is the ability to detect any anomalies in a precise and timely manner, with the possibility to discriminate simple configuration errors or failures as opposed to real attacks.
Often, the weakest link for IT security is represented by industrial components. They are not designed to be used in potentially hostile and unreliable environments such as the Internet, they have a design aimed at guaranteeing their reliability only within the production process, and often enough they do not integrate mechanisms capable of ensuring the secrecy of communications. Of course, when it comes to Cyber Security the human factor is as important as the technological one. Increasing and maintaining the required level of security is only possible if all those who operate within essential companies and systems are aware of the behaviours and practices to follow.

Regulations

Today, many international and market standards are present or are being defined, some being specific for different industrial sectors. These include the ISA99 standard issued by the SP99 committee, released by ISA and converted into IEC62443.
Since June 27th, 2017, the European NIS (Network and Information Systems security) directive, implemented in Italy by Legislative Decree 65/2018, has also been in force. It indicates, among the subjects required to update cyber attack protection networks and systems, sectors such as: energy, transport, supply and distribution of drinking water, banks and financial services, healthcare, digital infrastructures and cloud service providers, search engines and e-commerce platforms. Meanwhile, on November 21st, 2019, the law converting Decree Law No. 105 dated September 21st, 2019, which defines the perimeter of national cyber security (the so-called “Cyber Security Act”), came into force. Important changes were made during the conversion, not only to Art. 1, but also to the sanctions apparatus and the powers of the executive (Golden Power), which have been considerably expanded and extended also to 5G. This ensures that the Government will be able to carry out stricter controls on the ITC and to exert, in particular cases, the power of veto.