Industry 4.0 needs to be fully secure to be truly beneficial

    317

    Consumers in APAC seen to benefit most from Industry 4.0

    IMAGINE a world where getting a medical check-up will not need a doctors visit. Instead, simple wearable devices or strapped-on sensors and portable detectors can be used to activate your “digital twin,” a virtual copy of you and your whole body. Any detectable changes in mass, temperature, shape, color or heat map will signal computers about your health conditions, even as a blood or urine sample is sent separately to a laboratory for analysis.

    The same is true, with making a bridge for example. One of the most successful team-ups for digital twins in architecture is with Siemens and constructioneering software pioneer Bentley Systems. These two companies have developed what could be the most advanced infrastructure software currently in use, and digital twins, that most important component of the automation part of Industry 4.0, is not used to create stronger structures by testing faults and spotting possible areas of problems even as construction is going on.

    Digital twinning is not a simulation but real-time analysis of particular structures or operations.

    It is very easy to understand why, it is so very important to secure any and all automated manufacturing for human’s online and physical safety.

    Security from the start

    Cybersecurity expert Kaspersky and technology guru Siemens have come together in an event called “Securing Your Customized Future” where they confirmed how security should be at the center of Industry 4.0, and how, seeing this developing quickly in Asia, requires a solid strategy from enterprises to secure their operations.

    Since is Industry 4.0 involves the digitalization of industries, it also means opening opportunities for cybercriminals in that space to create havoc. Businesses know that shifting into an intelligent and connected virtual space is no longer an option but a necessity to survive, primarily due to the added pressure brought about by the pandemic. But are they truly ready for automation?

    Kaspersky’s Neumeier

    “Asia Pacific’s level of digitalization is still in its early stages until the pandemic forced everyone to reconsider their operational practices. Contrary to popular belief that Industry 4.0 is a high-level topic confined in the four corners of a boardroom, this revolution has the consumer at its core. This, alongside breakthroughs like Big Data, Internet of Things (IoT), 5G, are here to create a customized future,” comments Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky.

    The customized future

    A customized future means products and services are made based on a customer’s preference. It is also known as “personalization”, a trend introduced by the mobile ultra-broadband of 4G, which brought to human’s fingertips the power to call a cab when they need one, to stream the song or content they want to, and more.

    With more advanced technologies rising, majority of consumers (83 percent) values personalized experience that they are willing to give their data to make it possible. In fact, consumers are unknowingly giving more data than they have bargained for.

    For instance, what seems like a simple song choice when made multiple times and then analyzed can allow music streaming companies to predict user’s mood at a certain time and location. Same goes with dating apps which can tell if one is in a sad and vulnerable state, and at which time of the day, based on the number of customer’s swipes from left to right.

    In terms of location tracking, users have been sharing their locations real-time, even before the pandemic happened. The way consumers use virtual maps to find their way or to be aware of the live traffic situation also empowers these apps to amass a huge amount of data, allowing them to predict their behavioral and physical patterns. Such data are risky when held by the wrong hands.

    With this amount of information, customized future is very possible as a lot of companies now know their consumers better than they know themselves.

    Cybersecurity and quality policies

    A fresh study by Deloitte proved this trend with a great majority (96 percent) of companies from Asia Pacific (APAC) revealing that they have conducted an audit to find opportunities for Industry 4.0, significantly higher compared with the global average of 51 percent.

    The most common way of setting standards in businesses is through processes like ISO and the Japanese “Kaizen” (continuous improvement) methods. In terms of Industry 4.0, there are policies in place to manage both the physical structure (for example, a robotic device) and its virtual twin or the devices connected to it to make monitoring and sensing it possible, for example, IoT devices.

    Securing both sides is important to ensure data is transmitted properly and a decision or a study of each can be made correctly. This question was posed to Raimund Klein, Executive Vice President for Southeast Asia, Siemens Digital Industries.
     

    Seimen’s Klien

    “Yes, they can be both physical and virtual on any device. The key point to mention is the security must start at the design stage. This allows for physical protection however you need the virtual world as well since today many companies have virtualized their applications and are connecting via IoT (gateways) platforms to the Cloud providers,” Klein replied to the question. During his presentation at the event he also pointed out to predictive analysis as part of the whole Industry 4.0 actions and how they have a Siemens included Kasperky applications in many digital twin projects.

    He also responded to the need or importance of process verifiers such as Kaizen or ISO in relation to cybersecurity and at which point does it come into the equation. 


    “There are many studies on these topics with both approaches having goals for continuous improvements which is fundamental to cybersecurity. In my opinion, by adopting modern management and accepting that cyberSecurity is as important as quality approaches, the adoption of continuous improvements (CI) for cybersecurity applications will benefit both Kaizen and ISO,” Klien explained.
    How secure it the Industy 4.0 future?

    Several start-ups across the world, aware of the demand, have since kicked off their mass customization practices. Consumers can now have their own names on the sole of their shoes, get bespoke necklace, as well as better-fitting body implants, personalized doses of medicines, and more.

    While these are proofs of the power of technology when harnessed correctly, the flexible and highly-connected manufacturing process also opens a wider attack surface for cybercriminals. The latest report from Kaspersky for industrial automation systems showed that Asia and Africa are the least secure globally during the first six months of 2020.

    Threats in APAC’s manufacturing industry

    Asian regions occupy four out of the top five positions in the regional rankings based on the percentage of Industrial Control Systems (ICS) computers which were almost infected in the first half of the year. Southeast Asia recorded the highest percentages, leading in several ratings: (percentage of ICS computers:)

    • where malicious activity was blocked – 49.8%
    • where internet threats were blocked – 14.9%
    • where malicious email attachments were blocked – 5.8%
    Percentage of ICS computers on which malicious objects were blocked by regions of the world

    Africa comes second while Central, East, and South Asia follow closely at third, fourth, and fifth places respectively.

    In terms of ransomware, regions in Asia still led with a noticeable margin in the regional rating. Over half of the countries in the top 15 ranking are from APAC.

    TOP 15 countries and territories by percentage of ICS computers on which ransomware was blocked by Kaspersky in H1 2020

    “It is not surprising that ICS computers in Asia Pacific were exposed to the highest number of cyber threats as the region is well on its way in building a customer-centric future. Smart systems and automated productions require in-depth, intelligent defenses to foil malicious disruptions, with possible aftermaths that can cross from the virtual to the physical realm. To avoid grave circumstances, a secure-by-design approach is necessary. Cyber immunity against attacks should be ingrained at the very fabric of the present and the future industrial systems,” adds Neumeier.

    Securing the future of Industry 4.0

    An example of a secure and beneficial application of Industry 4.0 was done by Kaspersky and Siemens for Singapore Aquaculture Technologies’ (SAT) first smart floating fish farm. A first in Singapore and is expected to produce 350 tonnes (350,000kg) of fish annually, the S$4 million aquaculture facility is set to cater to the needs of Singaporeans for quality fish while also addressing the challenges posed by climate change that have resulted in declining fish populations.

    “Consumers now are concerned about the origin of their food, the type of environment it is from, and the harvesting processes done before it arrived at their dinner table. With climate change and environmental challenges, food production should now be both ethical and sustainable. This is possible when we use available technologies right,” Klein explained.

    “By using innovative advanced predictive analytics such as machine learning and video analytics, we help SAT to predict potential biomass growth and prevent the outbreak of diseases, hence reducing fish mortality. We are also paving the way for scalable, highly flexible and above all environmentally efficient aquaculture across the entire value chain,” he adds.

    To protect your ICS environment from malicious attacks, Kaspersky recommends the following:

    • Provide staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails
    • Provide the SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky over more than 20 years
    • For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions, such as Kaspersky Endpoint Detection and Response
    • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform
    •  Make sure you protect industrial endpoints as well as corporate ones. The Kaspersky Industrial CyberSecurity solution includes dedicated protection for endpoints and network monitoring to reveal any suspicious and potentially malicious activity in the industrial network. – with Raymond B. Tribdino

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here