General 3min de Leitura - 18 de September de 2020

Information security for industry 4.0, first steps

This post is also available in: Português English Español

There is no doubt that with each passing day businesses are increasingly connected and technologies become essential for this to be possible. In the case of industry, the massive insertion of technology in recent years has motivated the emergence of the term industry 4.0, which represents all the automation and connectivity between people, software and hardware that make it possible to reach ever higher levels of excellence and productivity.

Much of the automation of industrial processes is associated with the rise of the IoT concept, in literal IoT translation. According to research carried out by Gartner in 2017, there were approximately 8.4 billion connected “things” in the world. The “things” are represented by televisions, game consoles, appliances, electronic surveillance systems, locks, equipment present on the factory floor, tags, sensors and several other devices that can be connected to the internet today.

This blog post brings a little more about the challenges associated with maintaining digital security in industry 4.0, as well as initial guidelines for technology analysts and managers to take the first steps towards safer and more productive environments.

The (lack of) information security in industry 4.0

Most companies already use IoT (Internet of Things) in their structures, however, a small fraction of them apply resources to maintain basic digital security principles on these structures.

In a previous article we presented a good example that illustrates the lack of care with devices, in principle, harmless, but that can compromise the technology infrastructure of companies, regardless of their size or segment. The example in question deals with a casino, invaded by crackers who obtained access to the network by exploiting vulnerability in an aquarium. It had internet connectivity and an automated mechanism for controlling water temperature. Crackers managed to exploit a security breach in the regulatory device and accessed it through the casino’s internal network. According to the cybersecurity company Darktrace, in the action, more than 10 GB of information was stolen, which ended up on a device somewhere in Finland.

A Gartner study predicts that by 2020 there will be more than 20 billion connected devices. If information security continues to be neglected in these applications, we can expect catastrophic events, especially when it comes to the presence of these devices in industrial parks. Entire structures can be compromised, generating unavailability of production and loss for the industry.

You may be allowing the emergence of security holes

The first point to be taken into account is that a good part of IoT devices, due to limitations, often technical, do not have embedded security features. This fact means that analysts and managers have to redouble their attention during the definition phase of the solutions that will be used in their companies. From a simple solution for controlling employee access to complex equipment to automate the production process, all of these devices must be properly monitored.

Being aware of the security limitations it is essential that solutions are applied to increase the security of the corporate network, creating visibility on these devices and applying different security policies on them.

It is important that information security measures are thought out at the beginning of projects, even before the implementation of automation systems. Thus, it is possible to prioritize the acquisition of products that obey basic principles of compliance, as well as auxiliary mechanisms to guarantee the security of the perimeter of the corporate network.

How to ensure information security in industry 4.0?

To ensure the security of data traveling across networks of industries and companies, CIOs and managers must take into account these five main points:

  • Assess the needs of each device (machine, sensor, etc.) and strictly control the types of access allowed for this device;
  • Create “physical” isolations for this equipment, avoiding direct communication with the corporate network;
  • Create visibility about assets and strictly monitor their behavior on the corporate network;
  • Pay attention to the releases and security updates provided by the equipment manufacturers and promote corrections in an agile way;
  • Have measures to guarantee contingency, in case of more serious problems in equipment that can generate greater impacts on the operation of the industry;
  • Promote seasonal audits on the technological structure of the factory.

These points are the basis for any efficient security system. In addition, we can think of other point solutions, which can be applied through specific software and hardware:

  • In the case of devices that use login and password authentication, pay greater attention to the password maintenance process;
  • Whenever possible, opt for devices that use encryption protocols in communications;
  • Make constant backups of company data, including data obtained through devices spread across the shop floor;
  • Intrusion detection and virus scanning systems and other specialized solutions, such as UTM firewall, to promote higher levels of security for corporate data.

When taking into account all the points discussed above, analysts will undoubtedly be able to maintain a high level of safety in industrial environments whose principle 4.0 is a reality. However, all these measures must be applied and monitored by specialized professionals, to reduce the chances of complications that cause losses during all phases of the project’s implementation.

This post is also available in: Português English Español