Professional Documents
Culture Documents
0 : Preparing the
Operational Technicians for Industry 4.0
Konstantinos Karampidis Spyros Panagiotakis Manos Vasilakis
Department of Information & Department of Electrical & Department of Electrical &
Communication Systems Computer Engineering Computer Engineering
Engineering Hellenic Mediterranean University Hellenic Meditertanean University
University of the Aegean Heraklion, Crete, Greece Heraklion, Crete, Greece
Samos, Greece spanag@hmu.gr mtp187@edu.teicrete.gr
karampidis@aegean.gr
Giorgos Papadourakis
Evangelos K. Markakis Department of Electrical &
Department of Electrical & Computer Engineering
Computer Engineering Hellenic Mediterranean University
Hellenic Mediterranean University Heraklion, Crete, Greece
Heraklion, Crete, Greece papadour@cs.teicrete.gr
markakis@pasiphae.eu
I. INTRODUCTION
Abstract— In the context of Industry 4.0, industrial The project InCyS 4.0 (Industrial CyberSecurity 4.0)
facilities are connected to corporate data networks and [1], co-funded by the Erasmus+ Programme of the
are frequently administered remotely over the European Union, aims to offer open source course
Internet. However, these new technologies have materials and Higher Education (HE) training to fill the
brought new threats into the world of industrial evident gap in awareness and competence in cyber
automation, since the Industrial Control Systems (ICS) security for operational technicians in Industry 4.0. In the
in place today were designed to operate for decades, modern automated industrial landscape of digitally
and many of them were developed without any serious connected control systems, new risks [2] abound for which
industrial employers should become aware of. The
regard to IT security. Hence, the modern labor market
industrial labor market needs technicians and engineers
in the industry needs trained technicians and engineers
capable to identify potential cybersecurity threats and who are aware of the cyber risks and dangers and who can
able to respond adequately when an attack is respond adequately or minimize the risk when detected.
identified. Personnel training in these skills is costly, as The present curricula need to incorporate practical
experienced and skilled trainers are required for an preparation in these issues for all technicians and
ever-changing technological environment. In this engineers who will come into contact with industrial
control systems (ICS). Typically, the operation of an ICS,
context, InCyS 4.0 (Industrial CyberSecurity 4.0) is a
could be interrupted by an operator error or a failure at a
2-year KA2 project co-funded by the Erasmus+
production unit. Nowadays that production units are
programme of the European Union, that aims to create connected to Internet, cyberattacks are becoming more
open source educational material to address training
often [3], especially in the last decade. In 2007, a former
of industrial production technicians for handling employee of Tehama Colusa Canal Authority (TCCA)
cyber-security vulnerabilities. In order InCyS4.0 to installed unauthorized software on a computer used to
assure that the developed training material fits the divert water from the Sacramento River for irrigation
needs of European Industries, it conducted a field purposes. This software infected supervisory control and
research in every partner country. Field research had data acquisition system (SCADA). It caused a denial of
the form of an anonymous questionnaire targeting the service and although the damage was limited, it is a good
IT personnel of local industries. Aim of the research paradigm how an administrator negligence (forgot to
was the investigation of the security weaknesses of the revoke rights of the former employee) can cause damage
participating enterprises and the extraction of the to an industry. In 2011 a cyberattack was reported; the so-
profile of the industrial IT engineers, so the project called Night Dragon Operation. It was found that it started
adapts the training content to the feedback. This paper in mid-2006 and hit over 70 organizations, businesses
describes the rationale, aims and objectives of the worldwide, the United Nations and the International
project, presents the outcomes of the research and Olympic Committee. More recent attacks [4][5][6]
outlines the proposed course material. concern ransomware, where attackers gain control to
victims resources and encrypt data demanding ransom
Keywords — cybersecurity, operational technicians, payments in cryptocurrency.
personnel training, operational technology, industry 4.0, These few paradigms of cyberattacks show that ICS
education systems can be easily compromised and attackers can hit
at the different layers of ICS architecture i.e. a) the