Cybersecurity and Industry 4.0 – What You Need to KnowBy: Pat Toth of NIST MEP
This blog is part one of a series on cybersecurity and Industry 4.0.
This morning my favorite local morning news program had an interesting segment on new slang words and what they mean. While the definitions were probably not necessary for Millennials or Generation Z, for Baby Boomers like me it was an eye-opening vocabulary lesson. I must admit I didn’t know what boujee meant, even though I had heard it a few times – like when my niece said the wine glasses I used at Thanksgiving were boujee.
Perhaps you’ve heard some phrases lately that suddenly seem like they’re everywhere, such as Industry 4.0. When I first heard the term, I wasn’t quite sure what it meant, but it seems to be one of the hottest phrases in manufacturing.
There have been four major technological trends during the past few hundred years that have revolutionized both industry and manufacturing. The first was the combination of mechanization with steam and waterpower. The second combined mass production and electricity. The third was the rise of electronic and information technology (IT) systems and automation.
What is Industry 4.0?
Industry 4.0 refers to the newest phase of the Industrial Revolution. According to PwC’s Insights, Industry 4.0 “refers to the fourth industrial revolution, which connects machines, people and physical assets into an integrated digital ecosystem that seamlessly generates, analyzes and communicates data, and sometimes takes action based on that data without the need for human intervention.” It is focused heavily on interconnectivity, automation, machine learning and real-time data. Industry 4.0 encompasses the Industrial Internet of Things (IIoT) and smart manufacturing. It joins physical production and operations with smart digital technology, machine learning and big data to create better connected systems for companies that focus on manufacturing and supply chain management.
Every company is different, but they all face a common challenge — the need for connection and access to real-time insights across processes, products and people.
Industry 4.0 is expected to revolutionize the industrial world, just as the use of steam power started the First Industrial Revolution in the 1800s. The number of interconnected devices in use today provides an opportunity to collect information and allow for advanced decision-making in management and technology, which will greatly improve production. Industry 4.0 can help make data actionable. The availability of information across a system or systems can become a powerful tool if used properly.
These new technologies will serve to advance manufacturing, but they also introduce risk. Company-sensitive data may be streamed across a network of small, power-sensitive and deeply embedded devices, which is a completely different threat landscape than the PC-based approach most SMMs use today.
Four Key Areas of Industry 4.0
It’s helpful to think of Industry 4.0 in four overlapping pieces:
Cyber-Physical Systems (CPS) and Cobots
According to NIST Special Publication 1500-201, Framework for Cyber-Physical Systems: Volume 1, “cyber-physical systems are smart systems that include engineered interacting networks of physical and computational components.” These systems are highly interconnected and integrated, provide new functionalities to improve quality of life, and enable technological advances in critical areas such as personalized health care, emergency response, traffic flow management, smart manufacturing, defense and homeland security, and energy supply and use. CPS have great potential to enable innovative applications and impact multiple economic sectors in the worldwide economy.
CPS generally combine sensors and sensor networks with embedded computing to monitor and control the physical environment, with feedback loops that allow external stimuli to activate the system either through communication, control or computing. From a manufacturing industry perspective, a CPS is an internet-enabled physical entity, such as a pump or compressor, embedded with computers and control components consisting of sensors and actuators.
Manufacturers are rapidly adopting the use of cobots, which are robots with direct physical interaction with a human user within a shared workspace. Cobots, just like traditional industrial robots, consist of a mechanical arm that can be programmed to perform tasks in a manufacturing facility, such as material handling, assembly, quality inspection and packaging, while working alongside humans. While safety risks have improved in recent years, cobots may introduce some risks. Their close coordination with humans requires a risk assessment to protect workers and equipment.
Internet of Things (IoT) and Big Data
IoT refers to the network of devices that contain the hardware, software, firmware and actuators that allow the devices to connect, interact and freely exchange data and information. IoT is about connecting “things,” such as objects and machines, to the internet and eventually to each other.
While IoT collects data from physical objects like a sensor, big data allows for more efficient and effective processing and storage of this data. The combination of IoT and big data makes the collection and analysis of data available to improve production.
Cloud Manufacturing (CMfg)
Use of both internal or external cloud applications in manufacturing can transform resources and capabilities into services. These services can then be managed and operated in a unified way, enabling sharing and circulating of resources and capabilities. Cloud manufacturing can provide safe and reliable, high quality, inexpensive and on-demand manufacturing services for the whole lifecycle of manufacturing.
CMfg is a type of parallel, networked and distributed system consisting of an integrated and inter-connected virtualized service pool, known as a “manufacturing cloud,” of manufacturing resources and capabilities. This also includes capabilities of intelligent management and on-demand use of services to provide solutions for all kinds of users involved in the manufacturing of a product.
All systems that collect and communicate data are there to serve the purpose of making industrial and manufacturing practices more efficient and autonomous. This is the foundational piece of Industry 4.0.
Technology serves to connect previously discrete systems through hardware and software, provide information transparency, augment the human decision-making process, allow for real-time decision making, and to decentralize decisions within technological systems so the frequency of human interference is reduced.
All four pieces of Industry 4.0 hinge on the interconnection of:
- Machinery and production management systems.
- Information across manufacturing processes.
- Information throughout the manufacturing lifecycle.
Communications Are Vital to Success
Interconnections rely on communication among machines, sensors and people. Communications must be protected and are vital to the successful implementation of Industry 4.0.
With Industry 4.0, communications and cybersecurity cannot be viewed as isolated processes. To take full advantage of the opportunities that Industry 4.0 has to offer, manufacturers of all sizes will need to understand its capabilities and potential risks.
Let’s consider an example implementation of Industry 4.0 for a medium-sized manufacturer.
AthCo is a manufacturer of athletic apparel and has recently achieved rapid growth after the launch of its new athleisure collection. AthCo currently uses an Enterprise Resource Planning (ERP) system and a Customer Relationship Management (CRM) system. A great deal of data is produced from the ERP, CRM and the “back office,” including transaction information. This data allows AthCo to communicate internally and with its customers, suppliers and business partners. Even with all this data available, AthCo is struggling to predict outcomes on the factory floor. At first glance the factory appears to be running well, but there are some production issues that have come to light. Sewing machines often stop working with little or no warning, control systems produce errors at the time of production, and inaccurate production costs are stemming from data gathered across several systems. Businesses are complex and errors in data collection often stem from various systems measuring things differently.
An Industry 4.0 approach will help AthCo achieve greater productivity and eliminate problems with machine failures and control systems. By adding sensors through the factory, AthCo could:
- Monitor production flow in real time.
- Reduce waste and product rework.
- Monitor inventory production.
Data collected by sensors could be sent to the cloud for analysis, helping to create predictive models and develop condition-based maintenance alerts.
Factory engineers could then reduce machine downtime and increase factory output by accurately predicting machine failures. Factory managers could monitor and manage the factory floor remotely. Variables such as temperature could be monitored to save energy and reduce overhead costs. Operational managers could use sensor data to view production line status and make necessary adjustments to manage costs. The research and development department could get insights into patterns from multiple clients, track equipment failures and reengineer problems for better factory performance. Field service managers could identify when to deploy resources for predictive maintenance, which would minimize equipment failures and equipment services costs.
Industry 4.0 would provide better use of data across all AthCo’s departments. Data would be presented in an easily digestible format, delivering actionable information and assisting in business modernization. It would allow for better communication both among internal departments and with customers and suppliers.
While the implementation of Industry 4.0 appears to solve many of AthCo’s production issues, new cybersecurity concerns may be introduced. The use of sensors and remote access may provide entry points for hackers, cybercriminals or industry competitors to gain access to AthCo’s systems. Before implementing new technologies, a cyber risk assessment should be performed to provide a full understanding of the company’s cybersecurity needs and capabilities. AthCo should understand the benefits and the potential cybersecurity risks implementing Industry 4.0 may introduce.