Cyber Security aspects in Industry 4.

0
November 2021
Re-Cap

• Some repetitions of the Previous lessons

through Quiz
Quiz for re-cap
1. What are the some important things that triggered emergence of
i4.0 from i3.0
2. Automation and computerised controls were prevalent in i3.0, what
is the significant difference brought in in i4.0
3. What are key characteristics in Industry 4.0
Industry 4.0 is a vision that evolved from an initiative to make the German manufacturing
industry more competitive (‘Industrie 4.0’) to a globally adopted term.

• Industry 4.0 is often used interchangeably with the

notion of the fourth industrial revolution. It is
characterized by, among others,
1) even more automation than in the third industrial
revolution,
2) the bridging of the physical and digital world through
cyber-physical systems, enabled by Industrial IoT, 
3) a shift from a central industrial control system to one
where smart products define the production steps,
4) closed-loop data models and control systems and
5) personalization/customization of products.
Henry Ford,
• who said about the Ford T-Model car ‘You can have any colour as long
as it is black.’.
• The quote captures well the introduction of mass production but
without the possibility of products’ customization.
• Today the Customer’s demand is ‘Individualization’
• The interconnection of various management and production systems is
the key characteristic of Industry 4.0.
1. What makes the i4.0 vulnerable.
2. What is the significant difference in approach for cyber security in
i4.0 from i3.0
3. Cyber security in i4.0 takes different approach
Typical Questions

• Why i4.0 is Vulnerable ?

• Ans: the increasing connectivity in Industry 4.0 and the value of data
within manufacturing networks is like a beacon to hackers:

• What are the typical Motives :

• Ans: to steal intelligence on processes, products, or technologies in
use, which may include blueprints of confidential designs, secret
formulas, or detailed assembly processes."
 Cyber
Threat
Taxonomy

Category of
Attack Type Target Motive Impact Cyber
Incidence

Spear Finance Fatal blow Business loss Cyber espionage

Phishing SW Industry Disruption Credibility loss Hacktvism
Trojan Banking Delay service Business sabotage
Market
DDoS Service Exfiltration Cyber warfare
Security value Terrorism
APT Healthcare Political Insurance
CPS Gov,mil competitive
Ransom Travel
Repeat lesson- the 9 tech pillars
Main Pillars Of Industry 4.0.

• How To Define Industry 4.0: After the reviewed literature, nine pillars:
1. big data,
2. autonomous robots,
3. simulation,
4. additive manufacturing,
5. IoT,
6. cloud computing,
7. augmented reality,
8. horizontal and vertical integration and
9. cyber security of Industry 4.0 are

• defined as referring the findings of BCGover Industry 4.0 (Rüßmann et al, 2015).
 9 Pillars of Industry 4.0
The Concept Example
Ser NO

Large, complex datasets that affect the decision

1 Big Data making - Big data analytics, algorithms,
software programs

Solve complex tasks which cannot be solved by

2 Autonomous Robots human

Mathematical modelling, algorithms that

3 Simulation optimize the process- SW

3D printing technology, producing in mass

4 Additive customization
Manufacturing
Connection of the physical objects and systems
5 IOT
9 Pillars of Industry 4.0
The Concept Example
Ser NO
Shared platforms that serve to the multiple
6 Cloud Computing users

Human-machine interaction on maintenance

7 Augmented Reality tasks

Horizontal and Integration of inside of the factory and SCs,

8 Vertical Integration Smart factories, cloud systems

Cyber attacks to business environment-outside

9 Cyber Security threat
Conventional topics in Industrial
Production i3.0 Industry 4.0 topics
• Production Planning and Control • Cyber Physical System and IOT,
IIOT
• IT Support , ERP, MES
• Smart Factory

• Data Management
• Big Data, Cloud, Cyber Security
 Core Technology for Industry 4.0

CPS
Plus a plethora of other
-Automation
-Robotics
-AI and advanced Analytics
-AR
-Edge Computing IIOT
-Simulation
-3D Printing
and Path breaking Processes
-Digitalization and Digital transformation
-Integration
-Optimization in real time
Connectivity -Merger of Virtual and Real world
-Digital Twins
CPS
• Machines in Industry 4.0 factory are Cyber-Physical Systems,
physical systems integrated with ICT components. They are
autonomous systems that can make their own decisions based on
machine learning algorithms and real-time data capture, analytics
results, and recorded successful past behaviours. Typically,
programmable machines (CNC and NC) are used, with a large share of
mobile agents and robots able of self-organization and self-
optimization.
Cyber Security –Industry 4.0
Cyber Security – common concern

• Cyber Security is one important issue, which could have a destructive impact
on business environment due to the harmful intents of terror attacks;
• therefore, preventable solutions and defense systems are necessary against
the negative effects of terror incidents.
• There are some solutions that destroy cyber terror attacks by analyzing
previous terror attacks via radiation control before future attacks occur.
• Besides, it is significant to construct national defense systems and train
employees against cyber attacks. Although solutions against cyber war would
cost the companies, the expected total cost would not be high considering
the potential negative effects of cyber attacks (Cho and Woo, 2017).
Cybersecurity - its relevance in Industry 4.0
• According to Lezzi et al. (2018), cyber-attacks to manufacturing
systems may entail a number of negative business impacts. In
particular, these impacts involve
• (i) sabotage of the entire critical infrastructure or target machines and
components,
• (ii) denial of service of networks and computers,
• (iii) theft of industrial trade secrets and intellectual property,
• (iv) violation of regulations in the fields of safety and pollution,
• (v) until the occurrence of life-threatening situations for workers.
Cyber security- traditional approach

• In the past, the manufacturing systems were closed and security was
ensured by their isolation and peripheral access control.
• Today, on the contrary, modern manufacturing machines are equipped
with a number of smart devices (e.g., sensors and actuators) and all are
interconnected via wireless networks or wired Ethernet to other
machines and data processing systems.
• Systems and components at the most communicate over private
industrial networks using specific protocols, but these do not provide
adequate protection against cyber-threats
SCADA scenario

• In particular, Industrial Control Systems (ICS) ensure the automatic

operation of technical industrial facilities, controlling and monitoring
business processes. These systems include Supervisory Control and
Data Acquisition (SCADA) systems and Distributed Control Systems
(DCS), the core components of which are the Programmable Logic
Controller (PLC), Remote Terminal Unit (RTU), Intelligent Electronic
Device (IED) and the interface technologies
 Security for SCADA systems

• In recent years SCADA become an important and hotly debated topic.

Traditionally SCADA systems were isolated entities that were the
realm of operators, engineers and technicians.
• This has meant that SCADA Host platforms were not necessarily
developed to have protected connections to public networks.
• This left many SCADA host platforms open to attack as they did not
have the tools necessary to protect themselves.
Cause of SCADA Vulnerability

• It is also worth noting that because many industrial control systems

(ICSs) such as programmable logic controllers (PLCs), along with the
human-machine interfaces (HMIs) used with them, are designed for
isolated environments, adequate cybersecurity measures may not be
in place for them. This makes it likely for ICSs to be exposed on the
internet as a result of the increasing connectivity between OT and IT
networks.
1st Generation SCADA - Monolithic
Single server controlling a small
number of sensors and/or actuators.
No wider connectivitiy .

2nd Generation SCADA - Distributed

Connection of individual SCADA
systems into centralised network.

3rd Generation SCADA - Networked

SCADA network connected
to corporate network.
Connectivity to internet and third
parties via corporate network

4th Generation SCADA - Internet of

Things
SCADA equipment connected
directly to internet.
Traditional Cyber security

• Traditional IT network security is based on the “castle-and-moat”

concept.
• In castle-and-moat security, it is hard to obtain access from outside
the network, but everyone inside the network is trusted by default.
• The problem with this approach is that once an attacker gains access
to the network, they have free reign over everything inside.
About cyber security- Industry 4.0
• Cybersecurity is one of the main challenges for companies that
approach the Industry 4.0 paradigm.
• Industry 4.0 means making use of intelligent, interconnected
Cyber-Physical Systems (CPS) with the aim to automate all
phases of industrial operations (from design and manufacturing
to supply chain and service maintenance) (European Union
Agency for Networked and Information Security (ENISA),
2018).
• In other words, Industry 4.0 connects production to information
and communication technologies, merges product and process
data with machine data and enables machines to communicate
with each other.
Cyber Defence - 3 Step Approach

• To “keep the operations running”,

• a three-step approach that consists of prevention, detection, and
persistence.
• 1st step: Prevention In this step, we aim at reducing the threat
intrusion risk as much as possible at data exchange points like
network and DMZ between IT and OT, USB storage used in a factory,
laptops/machines brought into a factory by third parties during
maintenance, and IoT Gateway. We offer several solutions to make
sure these exchanges of data remain safe.
• 2nd step: Detection , we detect threat activities in OT environments
on the premise that there is no such thing as 100% “prevention”.
Anomaly network behaviors such like command and control (C&C)
communication and multiple log-in failures in short periods of time,
should be detected as soon as possible to prevent massive damage.
We offer passive detection solutions which is connected to mirror
port of L2 SWITCH/L3 SWITCH in DMZ and/or the shop floor so that
asset owners can detect anomaly situations at early stage of the
cyberattack without impacting system availability.
• 3rd step: Persistence The last step is to protect the most critical
environments at a shop floor and minimizing any affected areas.
• Zero Trust To protect those environment from cyberattacks, which
may get through over prevention and detection layers, we offer
solutions for industrial network security and industrial endpoint
security which are developed as a purpose-built solution to handle OT
environment issues like high temperatures, the need for easy-to-use
systems, and the need for minimal performance impact.
 Internal
Vulnerability Malware Flat Network
Threats

Massively BYOD
Patching
Software & interconnected Third party
Unsupported
Apps components , access
OS
Interfaces systems and Proper
Endpoints
Cloud services devices authenticatio
Proprietary
Lateral n
Protocols
movements
The era of Industry 4.0

• In the environment of Industry 4.0, the working machines are

connected into the network and each other by the use of smart devices,
• the scale and variety of cyber-attacks have grown exponentially
(MForesight and Computing Community Consortium (CCC), 2017).
• In such an interconnected manufacturing environment, it is known that
cybersecurity breaches may negatively affect business performance
(Cisco, 2017).
Cyber Security profile in the Industry 4.0
Attacks

Spear Phishing
Application Layer Smart Applications
Ransomware,APT

Service
Spoofing, DOS
Service Layer management, DB,
malicious code,
API
Intelligent
Network Layer Sensors. WSN,WLAN Data Breach, Routing
Cloud network Attack, NW congestion

RFID,
Perception layer Unauthorised access
Sensors
 What is zero trust security?

• The Zero Trust Network, or Zero Trust Architecture, model was created in

2010 by John Kindervag, who at the time was a principal analyst at Forrester
Research Inc.
• Zero trust security is an IT security model that requires strict 
identity verification for every person and device trying to access
resources on a private network, regardless of whether they are sitting
within or outside of the network perimeter.
• No single specific technology is associated with zero trust
architecture; it is a holistic approach to network security that
incorporates several different principles and technologies.
Cyber security with Zero Trust- Why

• In Industry 4.0 environment adopting a Zero Trust architectural model is essential

. Why ?
• Today, you have more open factory floors and supply chains. You must have
granular visibility and controls, eliminating risks of unauthorized users,
applications and data on the network. You also have to accept that nothing is
perfect despite these controls, that threats can still get in. 
• You need provisions to quickly detect and prevent against attacks. For example,
tools to automate threat detection and response, leveraging machine learning for
IoT and Industry 4.0. The technologies that increase the attack surface are the
same technologies that can automate cybersecurity detection and prevention.
However, automation must be used strategically.
The strategy around Zero Trust boils down to “don’t trust anyone”

• Zero Trust is a security concept centered on the belief that

organizations should not automatically trust
anything inside or outside its perimeters and instead must verify
anything and everything trying to connect to its systems before
granting access.
• Security and technology experts say the castle-and-moat approach
isn’t working. They point to the fact that some of the most egregious
data breaches happened because hackers, once they gained access
inside corporate firewalls, were able move through internal systems
without much resistance.
…..On Zero Trust
• Zero trust networks also utilize micro-segmentation.
Microsegmentation is the practice of breaking up security
perimeters into small zones to maintain separate access for
separate parts of the network.
• For example, a network with files living in a single data center
that utilizes microsegmentation may contain dozens of separate,
secure zones. A person or program with access to one of those
zones will not be able to access any of the other zones without
separate authorization.
CPS vulnerability

• In particular, Industry 4.0 performance improvements are achieved by

(i) maximizing asset utilization and minimizing machine downtime
through remote monitoring and predictive maintenance, (ii) increasing
labour productivity thanks to manual labour automation, (iii) reducing
inventory levels and improving the quality of services and products by
leveraging analysis of data produced in real-time by machine sensors.

• However, the presence of connected Cyber-Physical Systems in

industrial environments poses a considerable security challenge since
most systems of this type were not designed with cybersecurity in
mind (Tuptuk and Hailes, 2018).
Cyber Attacks
• As it continues to adopt Industry 4.0, the manufacturing industry can
be considered as an appealing target for attackers.
• The convergence could be seen by attackers as an opportunity to
move laterally across a manufacturing network, jumping across IT and
OT systems for their malicious activities.
 Development or Evolution of Cyber Attacks

Severity
Strategic
Morphed
codes

Sophisticated
Malware
Directed attacks

Cyber Attacks
General type

1980 2010 2020

 IOT
E- Ranso
commerce mware

Scientific Spam, Phishing,

American- Malware ,Hacking,
A concept Trojan, Id theft ,
cyber crime
Providers came:
CompuServ,
AOL, Virus reporting
Proprietary Began APT, DDoS , Hacktivism,
Connectivity
Cyber warfare

Mobile computing , BYOD,

Cloud , Big Data, Social nets
Wall Web based
street
Crash
technology
Advent of GPRS, 3G, 4G LTE
WWW

BroadBand band

2001 2010 2016

1980 1990 ‘96 2005
 APT , DDoS,
Rans
attacks on Mobile
State Sponsored omw
Attacks on Govt are
sites , Cyber war
Sophisticated
Attacks Target
Companies Motive:
Industrial
espionage
Internet Apps
Hackers
take net
vulnerability
Motive- Money
Attacks are
Unsophisticated GPRS, 3G, 4G LTE
Motive mostly
Pranks
BroadBand band

Michelangelo Spam Melissa Zeus Aurora Duqu

Phishing ILove you Heartbleed
Spyeye Stuxnet Flame Mirai,Wan
naCry
1980 1990 ‘96 2001 2005 2010 2017
Repeat
• Zero trust security means that no one is trusted by default from inside
or outside the network, and
• verification is required from everyone trying to gain access to
resources on the network.
• This added layer of security has been shown to prevent data breaches.
• A recent IBM-sponsored study demonstrated that the average cost of a
single data breach is over $3 million. Considering that figure, it
should come as no surprise that many organizations are now eager to
adopt a zero-trust security policy.
A few good papers

1. By (The European Union Agency for Cybersecurity (ENISA) contributes to EU

cyber policy, )
“INDUSTRY 4.0 CYBERSECURITY: CHALLENGES &
RECOMMENDATIONS”

2. FORESCOUT.COM “3 CHALLENGES OF INDUSTRY 4.0 AND HOW TO ADDRESS

THEM”
February 28, 2020
By Erin Anderson
Cyber Security in 7 Layer Architecture
So nicely described such important security architecture
• A common interview question I like to ask candidates is to walk me
through the OSI 7 layers and describe an attack vector along with a
mitigating control. It’s surprising how many people struggle with such
a basic security question.
• The slide next explains this beautifully
Modus Operandi of APT

• Enter surreptuously
• Low and slow
• Plant malware
• Remote control
 Persistance, Clean-
up and cover-up Modus Operandi of APT

Exfiltration,openi
ng Back door
C
O Mining Digital Gold

N
Lateral Movement
T
R Penetration via End-
points
O
L Reconnaissance

Targeting
 Reactive Proactive

Employing Basic Intelligence Driven

Cyber Defence Cyber Security

Adaptive
Cyber
Proactive Intelligence
Cyber
integrated
Reactive security
with cyber
Defence is set dictates the
defence
defence
Partial for some
against attack
CISO and IT foreseeable
manager attacks, not
responsible for totally on
InfoSec, set intelligence
for typical
Maturity curve
cyber attacks
Defs:
• Transducer: a device that converts one form of energy into another.
• Sensor: a device that converts a physical parameter to an electrical
output.
• Actuator: a device that converts an electrical signal to a physical
output.
Industry 4.0 –a paper:
•  Henning Kagermann, Wolf Dieter Lukas and Wolfgang
Wahlster published the study, Industrie 4.0: Mit dem Internet der
Dinge auf dem Weg zur 4 Industriellen Revolution (Industry 4.0: with
the Internet of Things towards the 4th industrial revolution).
• According to Thomas Schulz, an expert on the subject, the authors
imagined that following previous revolutions –steam, electricity, job
specialisation, electronics- the industrial revolution taking place today
is based on Cyber-Physical Systems (CPS): internet, big data, analytics,
integration, etc.
Problem of Implementation
• Lack of in-house talent to support the development and deployment
of Industry 4.0 initiatives.
• Difficulties with integrating data from various sources to enable initial
connectivity.
• Lack of knowledge about technologies, vendors and IT outsourcing
partners that could help execute the core initiative.
 Security for SCADA systems

• has in recent years become an important and hotly debated topic.

Traditionally SCADA systems were isolated entities that were the
realm of operators, engineers and technicians.
• This has meant that SCADA Host platforms were not necessarily
developed to have protected connections to public networks.
• This left many SCADA host platforms open to attack as they did not
have the tools necessary to protect themselves.