Cybersecurity in the Age of Industrial 4.0

The risk of a cyber attack has increased significantly because of Industry 4.0 connectivity.

Henry Martel, Field Application Engineer, Antaira Technologies
Oct 6, 2023
Cybersecurity
iStock

The ongoing digital transformation of traditional industrial practices is often referred to as the “Fourth Industrial Revolution” or simply Industry 4.0. In this new era, managers are able to leverage technologies like Big Data, Machine Learning, IIoT, Artificial Intelligence and Virtual Reality for more informed decision-making.

Yet as with every great revolution, Industry 4.0 has its downsides. For instance, the risk of key components of a company’s network coming under cyber attack has increased significantly because of Industry 4.0 connectivity, making sophisticated cybersecurity an essential part of industrial control systems (ICS). Today, there are far fewer solitary industrial systems. Previously isolated systems are now connected to Ethernet-based networks, which eventually exposes them to the Internet and presents the risk of cyberattacks.

Cyberattacks in any industry are extremely costly. In 2023, the average global cost of a data breach was $4.45 million, an increase of 15% over the previous three years. Unfortunately, cybercrime is predicted to increase exponentially as manufacturers connect more devices and systems to scale their networks, creating an expanded threat surface for hackers. Once they are in, hackers can wreak havoc or interrupt the production process in a number of ways, such as simulating a motor functioning properly when it is not, or modifying PLC firmware to damage production line quality. Worse yet, they can navigate from the OT to the enterprise IT network to seek intellectual property information, customer lists, financial balance sheets and other sensitive company data.

In this article, we look at industrial cyber threats and delve into strategies to blunt attackers. Additionally, we examine how industrial Ethernet switches can help safeguard Industry 4.0 networks from intruders.

The Nature of Cybersecurity Threats

First off, what is cybersecurity? According to the U.S. Cybersecurity & Infrastructure Security Agency, "Cybersecurity is the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information.” In an industrial setting, cybersecurity involves locking down ICS systems with an iron-clad strategy that prevents hackers from inflicting harm on productivity, assets, profits and reputation.

Cyberattacks come in many forms. These can include malware (viruses, worms, Trojan horses), email phishing scams, Distributed Denial-of-Service attacks, SQL injection, Man-in-the-Middle attacks and session hijacking, among others. Ransomware— software that prevents users from accessing files unless a ransom is paid— has spread like wildfire over the world and has become the "go-to" method of attack on industrial control systems. Industry 4.0’s convergence of IT and OT gives hackers access across an entire enterprise by exploiting system vulnerabilities, meaning more opportunities to find data to place a ransom on.

Improving Network Resistance

Any company, regardless of industry or size, can become the target of cybercriminals if it possesses something that will advance a cybercriminal’s goals, be it financial or ideological. Small companies are often more vulnerable to insider threats because they lack basic cybersecurity and face insurmountable costs addressing compromised data, customer loss and regulatory penalties.

Big or small, every company needs to remain vigilant. Below are actions businesses can take to improve their overall cybersecurity posture.

  • Segment OT and IT. By doing this, you’ll ensure that the harm caused by an attack will remain contained inside the "zone" that was violated, while still allowing safe data flow between IT and OT.
  • Use multi-factor authentication: All internal sensitive data and services and externally facing authentication portals should employ MFA. With the use of this technology, accounts are kept secure even when passwords are cracked.
  • Secure applications: Prioritize whitelisting and properly install malware configure applications that can run containerized malicious code.
  • Create stronger passwords: Passwords ought to be at least 12 characters long and contain alphabetic, numeric and special characters.
  • Hire OT cybersecurity pros: Traditionally, cybersecurity internal operations has been a function of the IT department. With OT infrastructure and connected devices growing in complexity and connectivity, it is playing with fire to not to have knowledgeable employees overseeing OT cybersecurity in alignment and communication with IT and business leadership.
  • Determine baseline behavior: Baselining will establish normal behavior of the network to enable the detection of abnormal behavior down the line.
  • Install firewalls: Installing firewalls, a network essential, can stop some malware attack vectors by preventing harmful traffic from getting into a system and by limiting unnecessary outbound interactions with malicious software.
  • Develop threat intelligence: You must stay informed about the most recent ICS attack techniques and the best ways to protect against them. Do so by regularly collecting, processing and analyzing available data to better understand a cybercriminal’s motives, targets and attack behavior.
  • Implement defense in depth: The ISA/IEC 62443 family of standards, which outline the prerequisites and procedures for setting up and maintaining electronically secure industrial automation and control systems (IACS), codified the defense in depth concept. These guidelines provide security best practices and offer a mechanism to gauge the security measures' performance.
  • Maintain networks: This entails using security-focused protocols, maintaining patch management procedures and updating firmware. Doing so will keep attackers from taking advantage of known problems or exploit vulnerabilities. Installation of outdated software or the absence of operating systems that are adequately supported for older automation models are two factors that contribute to vulnerabilities in industrial facilities.
  • Incident response plan: Create an IR plan and ensure that all impacted employees receive regular training and evaluations on it. In the event of a data breach or other type of security incident, your organization should follow the steps outlined in the IR plan to control damage and costs.
  • Employee awareness: Every employee in your organization needs ongoing training in order to identify malicious assaults on the network and, if targeted, respond with best practices. At the top of the training should be how to avoid email and web attacks and phishing attacks, scams that remain the most common form of stealing employee credentials and gaining unauthorized access to networks.

In order to spot any malicious behavior, it is crucial to monitor and examine endpoint AV/EDR logs and traffic logs. Also, check your domain controllers for increased burst activity and your protocol communications for suspicious network behavior. Finally, to spot odd trends, examine communications between PLCs and internal/external destinations.

What If Your Networks Are Attacked

If your plant is the target of a cyber assault and your production environment or industrial machinery/data systems are compromised, what should you do?

The ideal scenario is to have the personnel and software solutions in place to enable a quick response in accordance with a systematic, standardized plan of action, i.e., the incident response plan. First, identify the threat — the source of the attack, whether it be a virus, malware or illegal remote access, must be found. Next, the attack must be brought to the attention of stakeholders. They can ensure that users on the affected network are alerted so they may reduce losses, while users on clean networks can aid in halting the spread of cyberattacks.

The next step is to isolate infected networks and study to see if the nature of the cyberattack has exposed any new vulnerabilities in the IT/OT infrastructure that will give hackers access to cyber-physical systems in the future. Once these steps are taken, you can return systems to their functioning state and a recovery strategy can be put into action.

Are Industrial Ethernet Switches Safe

Industrial Ethernet Switches are essential components of industrial processes used to connect devices in manufacturing plants, agricultural operations, production facilities, assembly lines, utilities, oil refineries and other critical infrastructure.

There are vulnerabilities in Industrial Ethernet Switches that you should be aware of. These have been exploited by hackers to gain access to networks with major repercussions on connected industrial assets. Flaws include the use of default passwords, hard-coded encryption keys and the lack of proper authentication for firmware updates, among others. A flaw as simple as leaving an industrial switch port open and unprotected can allow anyone with a laptop to plug in and find a pathway into a manufacturer’s OT or IT platforms.

These vulnerabilities are more pronounced in unmanaged industrial switches. An unmanaged industrial ethernet switch will lack overlapping layers for control over traffic or what devices can be connected to it.

Conversely, managed industrial Ethernet switches offer improved risk protection thanks to features like multi-level user access control, enhanced password encryption capabilities, MAC security and variable password length. After a predetermined number of unsuccessful access attempts, managed switches can also be programmed to automatically revoke user or port credentials.

antaira.com

Latest in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
April 26, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Transportation and Logistics Under Siege
April 24, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
All-In-One Manufacturing Management
Sponsor Content
All-In-One Manufacturing Management
More in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
Acumatica looks to offer new solutions.
April 26, 2024
Ep90
Video
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Financial Cyber
Cybersecurity
1 in 5 S&P 500 Companies Reported Breaches Last Year
Ransomware demands and supply chain targeting continues to escalate.
April 11, 2024
Soc
Cybersecurity
How Oversight Impacts Enterprise Level Cybersecurity
A new report examines the benefits being realized by higher-level cyber scrutiny.
April 11, 2024