A review on the readiness level and cyber-security
challenges in Industry 4.0
Nikos Benias
Cyber security expert
MoD/HNDGS/Cyber Defense Directorate
Athens, Greece
n.benias@cd.mil.gr
Abstract The paper pertains to the cyber-security
challenges in Industry 4.0 that cyber-security experts have to
deal with nowadays. Due to the nature of Industry 4.0, where all
devices in manufacturing technologies are interconnected,
exchanging data and information with each other, broadens the
cyber-lands horizons for cyber-criminals to exploit them in their
interest. The paper makes reference to the industrial control
and provides information on key
technologies, i.e. Internet of Things and cyber-security. Then real
case studies are presented and suggestions for effective cyber-
security are presented.
Keywords— Industrial Control Systems security; cyber-security;
Internet-of-Things malware.
I. INTRODUCTION
In modern advanced manufacturing, intelligence is a key
element for future development [1-3]. Intelligent production is,
at some level incorporated into industrial practice, however, it
is expected to play a major role in the near future; it is also
expected to affect manufacturing business globally, at any
level, so that enterprises will be flexible enough to respond to
production changes swiftly. The concept of Industry 4.0
includes technologies of many disciplines and makes extensive
use of artificial intelligence, simulation, automation, robotics,
Internet-of-Things (IoT) technology, sensors, data collection
systems and networks towards advanced engineering and
precision machining [4, 5]. These systems make possible the
establishment of efficient, collaborative and sustainable
industrial production.
However, all the aforementioned advantages come also
with some risks. Industrial control systems (ICS) are
extensively used across a specter of sectors, such as electricity,
waste, water, oil and natural gas. So far, several security
incidents have been reported at these sectors. Although these
incidents are considered to be isolated, yet they can also be
alarming. With the interconnection of critical infrastructures,
new cyber-security risks arise that need to be identified, studied
and addressed, before it is too late. In this paper, real case
studies of such incidents are reported. These incidents could be
studied as potential threats of security in industrial
environment. The experience from these cases has provided
some remedies, which could prove useful for the future. The
paper includes the potential solutions to the threats and draws
Authorized licensed use limited to: Bayer AG. Downloaded on August 22,2020 at 00:35:30 UTC from IEEE Xplore. Restrictions apply.
Angelos P. Markopoulos
National Technical University of Athens
School of Mechanical Engineering
Athens, Greece
amark@mail.ntua.gr
useful conclusions about the future of cyber-security within the
frame of Industry 4.0.
II. BACKGROUND
A. Industrial Control System’s modern history
The third industrial revolution has its origins in the late
sixties, when computers, automation and distributed control
pushed ahead mass production and control in Industry. Until
then, ICS consisted of the discrete disciplines presented in
Table I, due to the fact that micro-controllers did not yet exist.
TABLE I. INDUSTRIAL CONTROL DURING THIRD INDUSTRIAL
REVOLUTION
Typical Control
Discipline Example Industry
Equipment
Process Control Refinery
Distributed Control
System (DCS)
Programmable Logic
Discrete Control Automotive
Controller (PLC)
Master Terminal Unit
SCADA
Pipeline (MTU)/ Remote
(Wide Area Control)
Terminal Unit (RTU)
Process control systems used mechanical pneumatics for
logic, discrete control systems used relays and SCADA
(Supervisory Control And Data Acquisition) systems used
transistors and radio [6]. All of these methods were both
difficult to modify and hard to maintain and/or diagnose if a
problem arose. Moreover, these differences in underlying
technologies meant that systems, staff, functionality and
terminologies were hence not compatible with each other.
The advent of micro-controllers led to PLCs, which
managed to unify the above disciplines, ushering in the
beginning of Industry 3.0. Since then, ICS has evolved beyond
individual process control to bring unified control to entire
systems of processes, by introducing real-time data
visualization and machine-to-machine communication.
The term Industry 4.0, also referred to as the Industrial
Internet [7], originates from a project in the high-tech strategy
of the German government [8], which promotes the
computerization of manufacturing and as its name suggests is
considered as the 4th industrial revolution. The basic idea of
Industry 4.0 is that in such an industrial environment all deployment of Wi-Fi networks, that can be found almost
participants are interconnected in order to exchange and share anywhere and free of charge. Researchers estimate that by
data and information with each other [9]. This break-through 2020 the number of active wireless connected devices will
trend of automation and data exchange in manufacturing exceed 20 billion [13, 14].
technologies includes the interconnection of cyber-physical
systems, the IoT and cloud computing. D. Cyber-security
Cyber Security was not even a concern twenty years ago, as
B. ICS vs IT Networks the Internet was just beginning its operation. As with all new
ICS networks are much different than IT (Information technologies, cyber-criminals find new ways of using IoT for
Technology) networks, since each network has different: their evil purposes. More connected devices mean more attack
vectors and more possibilities for hackers to target at.
Performance requirements
The main reasons most industry devices get hacked are
Reliability requirements [15]:
Operating systems and applications
a) Devices in many plants run for weeks or months
Risk management goals without any security updates or anti-virus tools.
Security architectures b) Many of the controllers used in ICS networks were
designed in an era when cyber security was not a concern and
Security goals as a result can be disrupted by malformed network traffic or
As a result, there are different assumptions about security, even by high volumes of correctly-formed traffic.
thus creating incompatibilities in priorities, as presented in c) Many ICS networks have multiple pathways through
Table II. which cyber-security threats can enter, bypassing existing
cyber-security measures. Typical examples are laptops carried
TABLE II. TABLE II. PRIORITIES OF ICS VS IT INFRASTRUCTURE in and out of facilities and USB sticks used among multiple
computers, without being properly checked for malware.
Priority ICS IT
d) Many ICS networks are still implemented as a large,
#1 Availability Confidentiality
flat network, with no physical or virtual isolation at all
#2 Integrity Integrity between unrelated networks. This helps the quick spread of
#3 Confidentiality Availability malware even to remote plant sites.

III. REAL CASE STUDIES

Moreover, the heart of all IT networks is a secured, climate
controlled computer room, also referred as data center, with
standardized modern equipment, whereas the heart of all ICS
networks is on the plant floor, which most of the times is a
hazardous environment, with an average life of more than 10
years for the equipment.
A. Accidental Attacks
Several SCADA systems have been accidentally infected
with viruses, as researchers have confirmed [16]. These are
cases where known viruses infected systems mentioned in
Table III, without specifically targeting them.

C. IoT (Internet-of-Things) TABLE III. KNOWN ACCIDENTAL SCADA ATTACKS

Thirty years ago, when the use of mobile phones was
Virus
globally spreading, nobody thought that their number will Year Industry Physical
overcome computers in 2011 [10] and in the near future affected
Name Functionality
Impact
smartphones could be our only computer [11]. Davis-Besse
Slows down Denial of
2002 Nuclear Power Slammer
Nowadays, almost all new electronic devices have an App Station (USA)
the network Service
(application) that can be installed on a smartphone in order to Signalling,
control it remotely (e.g. air-condition, TV, drones, etc). dispatching
Moreover, digitally and commonly used connected devices are CSX Corp.
Sends out and other
invading every aspect of our lives, making our homes, offices, 2002 Sobig Spam via e- systems shut
(USA)
mail down,
l those devices are able causing train
to operate more effectively and efficiently as they collect and delays
transfer data automatically without human interaction. These British Systems
devices make up part of a new era called the Internet of Things Coastguard Propagate to brought
(IoT) [12], providing a bigger attack surface for cyber- (GBR) other down
criminals. vulnerable Train delays
Sasser
2004 Railcorp (AUS) systems and &
All this technology outrage was made possible with the cause network cancellations
Delta Airline congestion Flight delays
advent of IPv6 (Internet Protocol version 6) and the wide
(USA) &

Authorized licensed use limited to: Bayer AG. Downloaded on August 22,2020 at 00:35:30 UTC from IEEE Xplore. Restrictions apply.
 Virus Virus
Year Industry Physical Year Industry Physical
Name Functionality Name Functionality
affected Impact affected Impact
British Airways cancellations Banking trojans
(GBR) No cases disguised as
2014 Unknown None
Deutsche Post reported SCADA/ICS
Payments &
(DEU) software updates
post delivery
Taiwan Post Massive
delays German
(TWN) physical
2014 steel mill Unknown Unknown
French Stock damage to
High profile (DEU)
Exchange ICS
infections
(FRA) Specifically
Ukrainian
Delays in Numerous intended to
Asan Medical electricity
treating Black spreading sabotage
Center (KOR) 2015 distribution
patients Energy mechanisms to industrial
companies
Gains infect systems system and
(UKR)
administrator power outage
access, Turn specific
Deutsche Deutsche
propagates to Failure to routers into
2016 Telekom Mirai Telekom
other download remotely
(DEU) outage
French Navy vulnerable flight plans controlled bots
2009 Conficker
(FRA) machines, leading to Gains
self-updates, grounded administrator
downloads & aircrafts Gundrem- access,
None, due to
installs mingen propagates to
decoupled
further nuclear other vulnerable
2016 Kido critical
malware power machines, self-
control
plant updates,
B. Intentional Attacks systems
(DEU) downloads &
installs further
The most known SCADA attack is Stuxnet, which was
malware

Stuxnet changed the landscape of malware, since it was used IV. CURRENT SITUATION
to perform physical damage to specific targets, transforming it
to the most modern and powerful cyber-weapon ever created. A. General
Other affected systems are mentioned in Table IV [10], According to IBM Managed Security Services [17], the
with the appearance of one more malware that managed to number of ICS cyber-attacks increased by 110 percent in 2016
cause physical damage to a German ICS, along with Stuxnet. compared to 2015, as seen in Fig. 1.

TABLE IV. KNOWN INTENTIONAL SCADA ATTACKS

Virus
Year Industry Physical
Name Functionality
affected Impact
Oil
industry Data
RATs distributed
(Exxon, Night collection
2009 using spear-
Shell, Dragon along with
phishing
BP blueprints
and others)
Iran's
Intercepts and Destroyed a
Natanz
changes data read fifth of Iran's
2010 nuclear Stuxnet
from and written nuclear
facility
to PLCs centrifuges
(IRN)
Rye Brook Compromise Fig. 1. ICS cyber-attacks (2013-2016)
Dam, New None, due to
2013 Unknown
York (Command & maintenance All ICS attacks require certain skills and intent. An
(USA) Control) system
Scans LAN for unfolding cyber-sabotage attack is likely to come hand-in-hand
OPC servers and with rising geopolitical tensions and well-established threat
2014
No cases
Havex
sends collected
None
actors intent on targeted destruction or the disruption of
reported data to a C&C essential services [18].
(Command &
Control) server Another report [19] indicates as main findings that:
Targets General
No cases 1) Numerous ICS components are available via the
2014 Blacken Unknown
reported SCADA systems Internet.
called Cimplicity

Authorized licensed use limited to: Bayer AG. Downloaded on August 22,2020 at 00:35:30 UTC from IEEE Xplore. Restrictions apply.
 2) Insecure protocols are widely used by remotely
available ICS components.
3) Multiple vulnerable ICS components are externally
available.
4) Multiple industries are affected.
B. Cyber-physical systems
Researchers from the OpenSource Security team [18]
presented a proof-of-concept PLC worm at BlackHat 2016
conference. The worm is written solely as a PLC program and
is capable of autonomously identifying PLCs in the network, as
well as spreading from one PLC to another, manipulating their
input and output, causing denial-of-service, connecting to C&C
(Command & Control) servers and serve as a proxy for attack
propagation.
C. IoT malware
Th
source code was made available October 1, 2016 [20]. Since
then, numerous variants can be found and is also available as a
botnet-as-a-service [13]. IoT devices are attractive targets for
botnets due to [14]:
1) Security not being a priority for manufacturers. This
leads to poor practices such as the use of default passwords
and open ports, that users do not, or cannot, change.
2) Lack of built-in mechanisms to receive automatic
firmware updates, resulting in vulnerabilities being left
unpatched.
3) They are often forgotten about once installed. This
means that their owners are unaware when devices are being
used for malicious purposes and have little incentive to apply
firmware updates.
D. Mobile
Due to the large number of application running in mobile
devices, espionage has gone mobile. [18]. Related malware
benefits from decreased attention and the difficulty of attaining
forensic tools for the latest mobile operating systems. Cyber-
criminals can gain control of all personal files kept in
smartphones, as well as all attached hardware (camera,
microphone, gps) and software (contacts, applications,
keystrokes), with their main target [14] remaining the same;
financial motivation, using tried and trusted monetization
methods, such as sending premium text messages,
advertisement click fraud, and ransomware.
References [13] and [14] observed almost the same number
of mobile malware detections in total for 2016, an increase of
about 105 percent on 2015, as seen in Fig. 2.
E. Cloud
As cloud usage by both enterprises and consumers has
become mainstream, its appeal to attackers has naturally
increased [14]. While cloud attacks are still in infant stage, in
2016 appeared a widespread outage of cloud services as a
result of denial of service (DoS) campaigns. This served as an
early-warning for how susceptible cloud services are to
malicious attacks.
Authorized licensed use limited to: Bayer AG. Downloaded on August 22,2020 at 00:35:30 UTC from IEEE Xplore. Restrictions apply.
Data stored on cloud systems means that data is broadly
shared, increasing the exposure risk. Lack of policies and
procedures around how users in an organization should use
cloud services increases that risk [14].
Moreover, many IoT devices that gather personal data rely
exclusively on cloud services for storage in not adequately
secured online databases, leading to potential customer privacy
and security issues.
Fig. 2. Mobile malware detections (2014-2016)
V. REMEDIES
A. General
There are three high level approaches to securing SCADA
and ICS systems [12, 14, 21]:
1) Harden the Perimeter: Isolation of the plant network
from the office network with the use of firewalls and DMZ
were necessary.
2) Defense in Depth: Apply several layers of defense
throughout the network. This way, if malware breaches the
perimeter, it can be stopped and contained by defenses at other
points in the network.
3) Remote Access: A usual way to penetrate the perimeter
firewall is by using remote access provided to several
personnel. In such cases, the use of VPNs is recommended,
isolating remote users in a separate DMZ.
B. Cyber-physical systems
These devices are always powered on and connected. As
opposed to human-controlled devices, they go through a one-
time authentication process, making them perfect sources of
infiltration into company networks [21]. Therefore, more
security needs to be implemented in order to improve the
overall security of these systems.
Best practice dictates to audit and confirm controller names
and serial IDs, as well as administrator access rights and
controller write protections. Incorrect connections should be
located and prevented, along with unauthorized operation or
theft of assets. Moreover, gateways used to connect devices
with company or manufacturer networks must be also secured.
C. IoT Security
The capabilities and security features of all IoT devices
should be considered before purchase. Inventory and audit
should always be performed, along with the change of default
credentials by strong and unique passwords for device accounts
and Wi-Fi networks [14].
 Also, features or services not required should be disabled [5] P. B., Dobos P. (2016). Waste reduction possibilities for
and those required should be replaced by more secure ones, if manufacturing systems in the industry 4.0. IOP Conference Series:
Materials Science and Engineering, 161, 012074.
needed. The use of wired connections should be applied where
[6] Byres, E. (2012). SCADA Security Basics: SCADA vs. ICS
possible; if not, strong encryption methods should be used for Terminology. [Blog] Practical SCADA Security. Available at:
Wi-Fi network access. Finally, firmware updates should be https://www.tofinosecurity.com/blog/scada-security-basics-scada-vs-ics-
terminology [Accessed 20 May 2017].
[7] Symantec (2016). Smarter Security for Manufacturing in the INDUSTRY
D. Mobile 4.0 Era. [online] Symantec. Available at:
https://www.symantec.com/content/dam/symantec/docs/solution-
Only software from trusted sources should be installed briefs/industry-4.0-en.pdf [Accessed 20 May 2017].
sources and kept updated. Permissions granted or requested by [8] Germany Trade and Invest (2014). Industrie 4.0 - Smart Manufacturing
apps should be audited. Data kept in devices should always be for the Future. [online] Berlin, Germany: Germany Trade and Invest.
encrypted in case of theft, along with remote wiping software. Available at:
Security apps related to malware detection should also be https://www.gtai.de/GTAI/Content/EN/Invest/_SharedDocs/Downloads/
GTAI/Brochures/Industries/industrie4.0-smart-manufacturing-for-the-
installed to protect the device itself. Finally, frequent backups future-en.pdf [Accessed 20 May 2017].
should be performed for security reasons [14]. [9] Schlechtendahl, J., Keinert, M., Kretschmer, F., Lechler, A. and Verl, A.
(2014). Making existing production systems Industry 4.0-ready.
E. Cloud Production Engineering, 9(1), pp.143-148.
All cloud software used (server and client) should be kept [10] Canalys (2012). Smart phones overtake client PCs in 2011. [online]
Available at:
up-to-date and frequent backups of files performed to ensure https://www.canalys.com/static/press_release/2012/canalys-press-
replacement in case of ransomware. Suspicious-looking e- release-030212-smart-phones-overtake-client-pcs-2011_0.pdf [Accessed
mails, especially the ones containing links or attachments, 20 May 2017].
should be reported to the appropriate section. While opening [11] Bonnington, C. (2015). In Less Than Two Years, a Smartphone Could
attachments, never enable macros if asked. Be Your Only Computer. [online] Wired.com. Available at:
https://www.wired.com/2015/02/smartphone-only-computer/ [Accessed
Implement smart data governance practices in your 20 May 2017].
business so that you know what business data is being stored [12] SonicWall (2017). 2017 Annual Threat Report. [online] SonicWall.
on cloud services [14]. Available at: https://www.sonicwall.com/whitepaper/2017-sonicwall-
annual-threat-report81218100/ [Accessed 20 May 2017].
[13] McAfee (2017). McAfee Labs Threats Report April 2017. [online] Intel
VI. CONCLUSION Security. Available at: https://www.mcafee.com/us/resources/reports/rp-
quarterly-threats-mar-2017.pdf [Accessed 20 May 2017].
From the data reported in the previous sections some
conclusions may be drawn. No matter the efforts of [14] Symantec (2017). Internet Security Threat Report - April 2017. ISTR -
Volume 22. [online] Symantec. Available at:
governments, agencies and companies to make industry more https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-
aware of cyber-threats and their consequences, it is evident that 2017-en.pdf [Accessed 20 May 2017].
[15] Nigam, R. (2015). (Known) SCADA Attacks Over The Years. [Blog]
cyber-attacks. blog.fortinet.com. Available at:
https://blog.fortinet.com/2015/02/12/known-scada-attacks-over-the-
The findings of [19] showed that the availability of ICS years [Accessed 20 May 2017].
components on the Internet is a serious security threat. In most [16] Langner, R. (2013). To Kill a Centrifuge - A Technical Analysis of What
cases, there is the assumption that the corresponding networks Stuxnet’s Creators Tried to Achieve. [online] The Langner Group.
are physically isolated, resulting in loose security controls in Available at: https://www.langner.com/wp-content/uploads/2017/03/to-
kill-a-centrifuge.pdf [Accessed 20 May 2017].
devices.
[17] IBM (2017). IBM X-Force Threat Intelligence Index 2017 - The year of
In all cases, cyber-security of ICS should not be the mega breach. [online] IBM. Available at:
jeopardized in favor of safety, since security and safety are https://securityintelligence.com/media/ibm-x-force-threat-intelligence-
index-2017/ [Accessed 20 May 2017].
inextricably connected.
[18] Kaspersky (2016). Kaspersky Security Bulletin 2016 - Overall statistics.
[online] Kaspersky. Available at:
REFERENCES https://go.kaspersky.com/Global_Security_Bulletin_2016_Stats_SOC_2
016.html [Accessed 20 May 2017].
[1] Vosniakos G.-C., Benardos P.G., Krimpenis A. (2012). Intelligent
Optimisation of 3-Axis Sculptured Surface Machining on Existing CAM [19] Kaspersky (2016). Industrial Control Systems and their Online
Systems. In: Davim J.P. (Ed). Machining of Complex Sculptured Availability. [online] Kaspersky. Available at:
Surfaces, Springer Verlag, 157-189. https://kasperskycontenthub.com/securelist/files/2016/07/KL_REPORT
_ICS_Availability_Statistics.pdf [Accessed 20 May 2017].
[2] Durakbasa M.N., Bas G., Bauer J.M., Poszvek G. (2014). Trends in
Precision Manufacturing Based on Intelligent Design and Advanced [20] Gamblin, J. (2016). jgamblin/Mirai-Source-Code. [online] GitHub.
Metrology. Key Engineering Materials, 581, pp. 417-422. Available at: https://github.com/jgamblin/Mirai-Source-Code [Accessed
20 May 2017].
[3] Vrabel M., M I. J. (2016). Monitoring and Control of
Manufacturing Process to Assist the Surface Workpiece Quality When [21] National Institute of Standards and Technology (2017). Guide to
Drilling. Procedia CIRP, 41, pp. 735-739. Industrial Control Systems (ICS) Security. NIST Special Publication
800-82, revision 2, U.S. Department of Commerce. Available at:
[4] P., Ill s B. (2016). Process Improvement Trends for
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
Manufacturing Systems in Industry 4.0. Academic Journal of
82r2.pdf [Accessed 20 May 2017].
Manufacturing Engineering, 14(4), pp. 119-125.

Authorized licensed use limited to: Bayer AG. Downloaded on August 22,2020 at 00:35:30 UTC from IEEE Xplore. Restrictions apply.