Security in the age of Industry 4.0

In the event of a successful attack, the damage can be very great. Cisco's Annual Cybersecurity Report 2017, for example, reports that more than a third of the companies affected suffered a significant loss of revenue as a result - in some cases by more than 20 percent. Small companies in particular went bankrupt because a cyber attack paralyzed production for several days. Blackmail software is another problem. This particularly affects large companies, as the criminals can demand higher ransom fees here. But the damage caused by the unwanted encryption can also be considerable. The container shipping company Maersk, for example, put the loss caused by NotPetya at 200 to 300 million US dollars.

Less prominent, but equally problematic, is spy software. This works in the background to siphon off personal data from customers or production information for industrial espionage over a long period of time. Since these malware programs aim to remain undetected for as long as possible, they are often active for several years before the affected company notices them - if it even looks for them at all. According to the BSI's latest situation report, the number of these attacks on German companies is on the rise. Most recently, the attack on an industrial group with the malware Winnti was particularly well known.

Going forward, the range of attack methods continues to grow. For example, the Cisco Midyear Cybersecurity Report (MCR) identified the following new trends: Destruction-of-Service (DeOS) attacks destroy enterprise backups and security networks needed to restore systems and data. Fileless malware is difficult to detect and also investigate because it exists only in volatile memory. Business Email Compromise (BEC) attacks trick employees into making wire transfers to the attackers via an official-looking email.

Danger recognized - but not averted But even those who are aware of the dangers often don't know where to start securing their systems due to a lack of specialized knowledge in the area of IT security. Even experts sometimes find it difficult because there is still no standard security concept and in some cases the necessary technologies are lacking. This is because the IT security of Industry 4.0 devices has also been severely neglected by their manufacturers and providers to date.

The good news is that the safety of production lines can be improved step by step. For example, manufacturers can start with basic security training for their employees to increase their awareness and reduce human error. Probably the most important point here is not to click on all attachments and links in emails without hesitation. Sensible segmentation of the network can also have a major effect. It makes the spread of malware across borders (segments) considerably more difficult or, in the best case, prevents it. After all, there are also security and fire doors in the real production hall.

Strict access controls for Industry 4.0 devices work in the same direction. This prevents an infected device from triggering unauthorised processes on machines and servers. Conversely, whitelisting on the machines is a good idea. This means that they can only carry out very specific processes and everything else is prohibited. This means that outdated operating systems such as Windows XP, for example, can also be indirectly protected. In the medium term, however, these should of course be replaced with the latest versions supported by the manufacturer.

In addition, an authorisation concept for employee access should be introduced, as not all colleagues need to be able to use all systems and functions. This not only prevents the often underestimated intentional sabotage by frustrated employees, but also unintentional operating errors. External partners should also be taken into account. For example, many manufacturers of production machines can access them directly for remote maintenance. In some cases, the connection is made directly via the Internet so that the interface is also available to everyone else.

Comprehensive monitoring of processes in the company network is of central importance. Only then can suspicious activities or new types of attacks be recognised quickly. There should then be defined processes for defence and response in order to minimise the damage. Although these individual measures can significantly increase security in some cases, only a comprehensive concept that includes all parties, systems and processes can provide optimum protection. To achieve this, management, the IT department and production must work closely together to consider all points and develop customised solutions. This is where experienced consultants and service providers can help to get to grips with the highly complex issues involved in security for Industry 4.0 systems.