Cybersecurity and reliability challenges from adoption of Industry 4.0 in IACS environments

One of the challenges highlighted in the recent NATO Energy Security Center of Excellence (NATO ENSEC COE) guide is the adoption of Industry 4.0 or industrial Internet of Things (IIoT) that has led to the integration of manufacturing with business functions, with sensors added to collect data on all the machine-to-machine activity for data analysis.

The guide, authored by Vytautas Butrimas, also provided detailed perceptions into various challenges involved in the maintenance of safety, reliability, performance, and resilience of increasingly interdependent systems in critical energy infrastructure (CEI).

While the deployment of Industry 4.0 technologies strives to combine the digital world with physical action to drive smart factories and enable advanced manufacturing, it brings cyber risks for which the industry is unprepared. Industry 4.0 is largely about capturing more data and establishing proper contexts from which to derive deeper insights into organizational, operational, and financial paths for continuous improvement.

Developing a fully integrated strategic approach to cyber risk is fundamental to manufacturing value chains as they align with the operational technology (OT) and IT environments—the driving force behind Industry 4.0, Deloitte said recently. As threat vectors expand with the advent of Industry 4.0, new risks should be considered and addressed, with the intent of implementing a secure, vigilant, and resilient cyber risk strategy. When supply chains, factories, customers, and operations are connected, the risks posed by cyber threats become greater and potentially farther-reaching, it added.

Industrial Cyber explored some of these issues with cybersecurity experts in the field, including taking a deep-dive analysis into the key drivers pushing the adoption of Industry 4.0 in industrial environments.  

“It depends on what exactly you mean by adoption of Industry 4.0,” Sarah Fluchs, CTO of admeritia, told Industrial Cyber. “In industrial environments, the most popular use case in my opinion is having extra sensors that take measurements for example for maintenance purposes to a cloud where software and/or computing power that would not be locally available processes these new measurements. The hope is on rather long-term benefits like more efficient maintenance or process optimization. Ultimately, this of course all boils down to cost savings,” she added.

The key drivers to the adoption of Industry 4.0 are safety, production flexibility, and the fear of missing out, Elad Ben-Meir, chief executive officer of SCADAfence, told Industrial Cyber. “Industry 4.0 enables organizations to monitor the status of their machines, production lines, and facilities. This alone helps manufacturers predict and respond to potential safety issues before they happen. Anomalies within patterns of industrial IoT data can trigger alerts for things such as temperature, air quality, or noise levels. This allows manufacturers to proactively shut down faulty equipment or clear unsafe areas,” he added.

Industry 4.0 enables smart factories to contain an enterprise resource system that functions as a unified information database, according to Ben-Meir. “The addition of these technologies into production and manufacturing has created a new information and communication ecosystem of engineers, workers, machines, factory floors, assembly lines, and it improves the end product. Each step can be customized for operational needs, and that gives organizations the flexibility and competitive advantage that it never had before,” he added.

Finally, FOMO (the Fear of missing out) is another driving force behind the vast majority of adoption, Ben-Meir said. “Our industry has always been hesitant and resistant to change,” he added.

Industry 4.0 has been conceptualized, modeled, and is being implemented as a transformative phase to industrial production development, Tom Smertneck, managing principal at Energy Aspects LLC, told Industrial Cyber. “That is, facets across all industries e.g., production methods, tracking, storage, and delivery of products should be going through a revolutionary set of changes by ubiquitous expansion of Industrie 3.0 ‘computerization’ into what has become synonymously termed ‘digitalization,’” he added.

Digitalization means all of those facets would be explosively expanded through use of various computing capabilities in each of their respective business and operational fields-of-view, Smertneck said. This expansion would enable enterprises to become faster, more efficient, customer service oriented, and ultimately more profitable with shorter ROI by implementing the required organizational and information technology changes, personnel upskilling, improving equipment, revising processes with new techniques and technology approaches, contracting knowledgeable and experienced partners, and applying new, deeper, and cross-correlated analytics on data captured at each phase or by each facet, he added.

The adoption of Industry 4.0 leads to several sensors being introduced in the environment, at times sending incorrect data to the industrial automation and control systems (IACS).

Mostly and ideally, sensors used for ‘industry 4.0’ do not send data to the IACS, Fluchs said. “These new sensors are specific devices with different communication channels than the normal control system technology. The industry 4.0 use cases as outlined above pose very different requirements on sensors than normal control system operations do: Industry 4.0 sensors can be cheaper, do not need to communicate in real-time, do not have high availability requirements, but sometimes need to run without much maintenance attention and energy consumption for a long time,” she added. 

These different needs mean that industry 4.0 sensors often communicate using very different communication protocols than the control system does, according to Fluchs. “Wireless, low-energy, long-distance protocols like LoRaWAN are options for industry 4.0 sensors, but not for a control system that needs more reliable sensor values. Thus, the control systems should neither rely on the data of these additional sensors, nor does it at all process this data,” she added.

There are proposed industry 4.0 architectures like NAMUR OpenArchitecture which support this view, Fluchs said. “Additional sensors communicating via a side-channel instead of using the hierarchical communication paths through PLCs and control system. That said, if the sensor does communicate directly to PLCs and ultimately the control system, validating their inputs, checking for integrity based on physical plausibility, and monitoring their values over time to quickly identify outliers in measurement would be obligatory,” she added.

Almost all systems have operators watching the process screens, they have a history of trending setpoints right next to real-time operations, Ben-Meir said. “If values deviate too far outside of tolerance, or start to creep, most systems will alarm on this activity allowing for the operator to override any form of change. Also, it has been my field experience to see redundant voting systems put in place for cloud-connected sensors, meaning having two or more sensors monitoring the same process and sending data back to the control center via cloud connection,” he added.

If architectured correctly, these voting sensors would run over separate backhauls and separate ISPs (internet service providers) to ensure non-bias / non-disruption of the signal making its way back, according to Ben-Meir, while noting that nothing is 100 percent foolproof. “All systems have a shutdown key, and they are designed to safely stop processes in a safe and timely manner. If an erroneous signal makes its way back and somehow gets past the tolerances set by the SCADA/control system and also slips by the on-shift operator, it is possible to exceed the physical safeguards that would cause a cascade shutdown. This would be bad in the sense that process disruption is introduced and loss of revenue would occur but there would be no loss of life and that is key,” he added. 

The odds of this occurring from an Industry 4.0 device are slim, and a bigger threat to plant shutdown is the ‘green’ new process engineer running their new calculations for process optimization and asking a control room ops personnel to make non-simulator validated setpoint changes, Ben-Meir added.

System implementation of the sensor can impact the accuracy of its reading and reporting of sensed conditions, Smertneck said. “The loss of optimal implementation has created devastating system responses, which initially were considered incorrect, but after triage and diagnosis were found to be correct for the conditions being reported by the now-incorrectly implemented sensor. There is all manner of situations that could occur with all types of sensors, and the reason why control and safety systems are required to by designed, developed, constructed, and proper levels of guard-banding or tolerances set by properly trained, and certified engineering professionals,” he added.

Direct-to-cloud connected sensors must be designed with cybersecurity in mind, not relegated to information technologists who are generally unfamiliar with sensors in general, or the smart-sensor whose use is being considered, according to Smertneck. 

“These new IACS devices do not conform to traditional IT networking device connectivity, nor operation, although a vendor’s presentation of them may imply that level of simplicity and ubiquity. These devices, sub-systems, and full systems, now have single or multiple layers of firmware, microcode, or software needed to configure, operate, or monitor operation. And these new ‘wrinkles of technology’ were one focus of the need, establishment, and publication of ISA/IEC 62443- 3-3, 4-1, and 4-2,” he added.

Smertneck also drew attention to the need for industrial cybersecurity risk assessment associated with Software Bills of Material (SBOMs) in the supply chain.

In the operating environment, the use of Industry 4.0 technologies and machine action have to be checked to ensure it makes good cybersecurity sense and then overruled if the need arises, given the disparities in the context of the security and safety of industrial control systems (ICS).

Fluchs suggested that it’s always good to make sure a human stays in the loop. “Even the best sensor anomaly detection does not have the context and experience of a human operator knowing plant, processes, and control system like the back of her hand,” she added.

Whereby it be the control system tolerances, the history of signal input, process output changes, or physically having a control room operator watch the process in real-time, Ben-Meir said. “Anything that is suspect will trigger an alarm and depending on the process and impact that suspect signal will be overridden with last known good value. The days of smash and grab or DOS (Denial of Service) are starting to become a distant memory,” he added. 

There is a different issue where the process signal varies ever so slightly to the upper or lower side of the tolerance limit of a variable, ultimately changing the tolerance limits over time, according to Ben-Meir. “Most systems automatically adjust the tolerances based on the trailing history of the process variable input, and this would allow the process value to drift past the original tolerance levels. If systems are traditionally set with hi, hi hi, lo, and lo lo alarms these can help mitigate this issue, but it has been my experience that if the data looks normal and the process variable is hovering around the alarm limits, a ‘limits’ study is performed,” he added.

Smertneck said that for systems in use today, i.e., those without connected and communicating sensors or those that lag behind the most current controllers, software, communications protocols, and solutions in wired and mesh-wireless connectivity, more reliance upon foundations of physics, electrical/electronic engineering, coupled with advanced analytical techniques could ‘save the day.’

“This implies for sensors being installed today, techniques using fundamental understanding of the physics of the sensor, or additional analytical techniques, will be required to augment its lack of control autonomy,” he concluded.