Industry 4.0 explained

Industry 4.0 harnesses the Internet of Things (IoT) to connect reality with the virtual world. Through automation, flexibility and interconnectivity, Industry 4.0 is leading industrial production into the 21st century. Interconnected production facilities are integrating every step more closely into the industrial value chain. This introduces new and more efficient business processes.

Latest research on processes in production, services and logistics is laying the groundwork for smart factories. This project is based on intelligent and autonomous production facilities. The Federal Ministry for Economic Affairs estimates that Industry 4.0 will reach annual sales of €153.5 billion in Germany over the next five years.

While Industry 4.0 has a huge potential for the European economy, it also comes with risks for the affected companies: According to the Center of Economics and Business Research, cyber attacks were costing German companies €13 billion annually from 2011 to 2016. Industry and construction are among the most vulnerable branches. As manufacturing becomes more closely connected to the internet, companies will face even higher damages from cyber criminality.

The Achilles heel of Industry 4.0

Industry 4.0 uses cyber-physical systems (CPS) which connect information and communication technology systems to each other and to the internet. Industrial control systems (ICS) consist of different IT systems, networks and electronic measurement tools. ICSs are responsible for running and monitoring automated industrial processes.

Supervisory control and data acquisition (SCADA) systems are another part in the digital surveillance of physical processes in national critical infrastructure (NCI) like energy pipelines and electric circuits. Because most cyber attacks come from outside, current SCADA systems are neither connected to a company´s internal network nor to the internet. This is changing with the implementation of Industry 4.0. As companies are connecing outdated process control systems to the internet, new vulnerabilities emerge. A cyber attack might shut down a production facility and disrupt the whole value chain.

Weak points of ICSs

Humans are a major weakness in ICSs: Many employees use their company´s flash drives and tablets in their private life. The same is true for contractors who access your company´s network with potentially infected notebooks. This is how malware might access and damage your ICSs. Employee sabotage – as US examples show – is another threat for connected industrial facilities.

Many employees are unaware of cyber threats and therefore vulnerable to phishing attacks and social engineering. Engineers might lack relevant IT knowledge how to effectively secure ICSs against intrusions.

Unsecure hardware

Outdated hardware is another vulnerability: Many companies use cheaper, but outdated hardware because they are unaware of its risks. Older hardware often runs outdated operating systems as software updates are unavailable. Cyber criminals might then exploit known vulnerabilities to attack ICSs or even use unknown exploits which are also known as zero days.

If your company connects outdated ICSs to the internet, hackers might identify your control components through a search engine. In this case, a hacker can access your control components with a stolen password or shut down your facility via a DDoS attack. In May 2017, the malware “WannaCry” infected over 100.000 computer networks by exploiting vulnerabilities in non-updated operating systems.

Countermeasures

There are different possibilities to protect your ICSs: As mentioned before, many cyber criminals target your employees to penetrate your ICSs. To prevent infection of your removable media and laptops, you should inventory specific hardware for exclusive use inside an ICS.

Employees must perform anti-virus checks before employing hardware in your ICS. A digital decryption is significantly increases data security. As an anti-sabotage measure, you might introduce different levels of authorization for employees and contractors and issue guidelines for managing ICSs. Security screenings and data protection declarations help sensitizing your employees and contractors.

You can close vulnerabilities by regularly updating and maintaining outdated hardware. You should only use IT infrastructure from trusted partners and comply with the manufacturer´s recommendations. Service agreements ensure that your partner provides regular updates.

Close down penetration points by segmenting the ICS network using a Virtual LAN (VLAN) or firewall. You should apply similar measures directly to the ICS. You can prevent eavesdropping on your Wi-Fi by wiring critical IT functions.

Conclusion

In the end, there is no sure-fire way against cyber attacks on ICS networks. You can, however, significantly increase the security of your production facility by implementing the above measures. A first step for more security is the analysis of existing infrastructure and a sensitization to the risks of Industry 4.0. If your company lacks the relevant IT security qualifications, we highly recommend getting external service. ECOVIS Beijing is your ideal partner in setting up cross-border ICS security solutions for your EU-China business.

ECOVIS Beijing advises international clients on business start-ups and investments in China. We support internationally active SMEs with services in the areas of legal advice, tax advice, accounting, and auditing.

Richard Hoffmann

Richard Hoffmann is a partner at Ecovis Beijing. He obtained an honors degree in law and worked in Germany, the United States, and China for various prestigious law firms prior to joining Ecovis. In addition to being a member of the board of Ecovis International, he is Supervisor for the China business of several respected German companies. Richard shares his extensive knowledge to students by teaching commercial law in China at SRH Hochschule Heidelberg. He has published more than fifty articles in international magazines, frequently speaks at high profile events in China and abroad and is often invited as a legal expert by international TV stations. Contact: richard.hoffmann@ecovis-beijing.com

ECOVIS Beijing

ECOVIS Beijing is the trusted tax and legal advisor to several embassies and official institutions in China. It specializes in mid-sized international companies and is focused on tax & legal advisory, accounting and auditing. If you’re interested in finding out more about tax and legal, don’t hesitate to sign up for our Newsletter, give us a call +86 10-65616609 or contact us directly via service@ecovis-beijing.com