WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

Laying the Groundwork for Industry 4.0 Cybersecurity

MarketingWIBU-SYSTEMS AG on June 12, 2019 at 4:11 PM

Governments, industry organizations, and industrial leaders keep focusing their attention on cybersecurity in light of the advances driven by Industry 4.0 and Smart Manufacturing that continue to shape our future. 

The European Union Agency for Network and Information Security (ENISA), a center of network and information security expertise for the EU, its member states, the private sector and EU citizens, recently published a high-level summary report on the state of cybersecurity, Industry 4.0 Cybersecurity: Challenges and Recommendations.

ENISA hopes that the adoption of the high-level recommendations will contribute to the enhancement of Industry 4.0 cybersecurity across the European Union and lay a solid foundation for future security technology developments.

The challenges identified in the report tackle issues around people, processes, and technology while the recommendations are addressed to different key stakeholder groups, namely regulators, Industry 4.0 security experts, Industry 4.0 operators, standardization community, academia and research, and development bodies.

Following is a brief summary of the key challenges and recommendations outlined in the report:

People

Challenge: Need to Foster and Align IT/OT Security Expertise and Awareness – People involved in deployments of new solutions usually have only knowledge of either IT or OT security, while Industry 4.0 and Smart Manufacturing require expertise over several areas.
Recommendation: Promote Cross-Functional Knowledge on IT and OT Security – People responsible for security within Industry 4.0 organizations should invest in state-of-the-art dedicated cybersecurity trainings that cover all necessary aspects specific to IT/OT convergence and Smart Manufacturing.

Challenge: Incomplete Organizational Policies and Reluctance to Fund Security – Traditionally, cybersecurity was not perceived as a Board-level topic, since its impact on increasing revenue or optimizing costs remains generally unclear.
Recommendation: Foster Economic and Administrative Incentives for Industry 4.0 Security – Economic and administrative stimuli are required to incentivize investments in Industry 4.0 security, given that maturity and mentality of organizations and businesses needs to grow further when it comes to identifying the role and importance of security.

Processes

Challenge: Liability Over Industry 4.0 Products’ Lifecycle is Poorly Defined – Liability for Industry 4.0 cybersecurity is an open issue (a gap also identified for most of emerging technologies) as accountability for Industry 4.0 cybersecurity incidents remains unclear.
Recommendation: Clarify Liability Among Industry 4.0 Actors – Address liability concerns not only to protect end-users and consumers of such products and services, but also to stimulate corresponding investments through a comprehensive and stable legal framework.

Challenge: Fragmentation of Industry 4.0 Security Technical Standards – The lack of uniform standardization efforts at a global level results in a situation when sites that belong to one organization cannot collaborate and share security expertise and solutions with each other, as they are subject to different schemes.
Recommendation: Harmonize Efforts on Industry 4.0 Security Standards – It is beneficial to explore initiatives and guidelines that map security standards from many different sources to provide a complete point of reference and thus ensure all necessary security controls are considered.

Challenge: Supply Chain Management Complexity – The situation has become even more complicated as Smart Manufacturing introduced new capabilities (end-to-end visibility, predictive analysis, automation and data-driven decision-making) that have an additional impact on the supply chain.
Recommendation: Secure Supply Chain Management Processes – Trust is the root of a secure supply chain, since the amount of trust that an organization places on another will eventually feed into the risk assessment process and the introduction of appropriate security controls.

Technology

Challenge: Interoperability of Industry 4.0 Devices, Platforms and Frameworks – With the introduction and integration of Industry 4.0 devices, platforms, and frameworks to existing systems comes the issue of interoperability. In industrial environments, securing interconnectivity between diverse devices is often challenging, especially when considering devices that are long out of support.
Recommendation: Establish Industry 4.0 Baselines for Security Interoperability – Encourage the use of interoperability frameworks that promote a common security language and use of protocols for Industry 4.0 components.

Challenge: Technical Constraints Hampering Security in Industry 4.0 and Smart Manufacturing– Difficulties in ensuring security in Industry 4.0 result also from lack of technical capabilities of connected industrial devices and systems, especially considering integration with legacy infrastructures.
Recommendation: Apply Technical Measures to Ensure Industry 4.0 Security – Identifying baseline security recommendations for Industry 4.0 components, services, and processes based on risk analysis is a first step to approach a solution to the challenging technical constraints of this domain.

You can download the complete report here.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Katzbergstraße 3, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.