Industry 4.0 revolution

Industry 4.0 revolution

Industry 4.0, a term that includes the use of Internet of Things (IoT) devices in Industrial Systems mainly under the reign of SCADA devices and architecture, is becoming more important in recent times. One of the reasons behind this increasing attention is the close relationship Industry 4.0 has with Critical Infrastructure [1].

A well-executed attack on the most relevant items in the main list of Critical Infrastructure provided by the Department of Homeland Security, could have undesirable consequences as loss of lives, loss of basic services like: water, electricity, etc., economic loss of infrastructure, halt in normal industrial operations (which will increase the economic loose), etc. The previous kinetic impact of losing lives could happen sooner than we think due to the increase dependency of IoT Systems in critical areas like health, where insulin pumps and heart pace makers are linked to the network directly or through mobiles devices, modifying all the current threats to use them as attack vector for a far more targeted attack, the patient in use of such health support devices.

Impact to energy generation systems, considered critical as well by the Department of Homeland Security of the United States, could not have the loosing of lives impact, but it will affect the normal lives and emergency services of any given city, therefore having a great impact in our lives. There are already documented cases such as the described before. Reasons vary, being the political the one leading the statistics.

So, we understand the threats we need to fight against. The current approach by many companies is the use of diverse manufacturers for their filed sensors using a different communication protocol, at the same time these manufacturers will provide a "translator box", to convert from protocol A to protocol B, and send the data to their PLC and DCS platforms. This approach has been widely around the world.

Now, the problem comes when attacks use the IT platform to modify the parameters on the control loop of a particular given plant or any plant. In this case the, industries haven't thought about how to organize their network in order to prevent such attacks.

I strongly believe segmentation and strong data flow controls could somehow minimize the negative impact threats can cause when using IT as their attack vector against Industry 4.0 infrastructure.

Figure 1. High level Industry 4.0 Security Architecture

Segmentation alone without a clear strategy is just spending money without any purpose. Assuming all devices were deployed and well configured, and logging to the "Log aggregation system" or SIEM that represents the beginning of the story. As the NIST Special Publication 800-82 indicates, "Servers containing the data from the ICS that needs to be accessed from the corporate network are put on this network segment, only these systems should be accessible from the corporate network" [2].

I believe the decision of what devices are the ones in charge of communicating data with the Corporate Network is the most crucial one and the one which discussion could become easily political. Spite of that high risk, those decisions should be made after careful thinking is done.
Now, the isolated network could be further segmented into different levels according to business requirements or following standards like ISA-95 [3].

Following standards, using plenty of common sense and understanding business objectives, might be enough to make important decisions to keep Industrial Networks and Corporate Networks properly isolated, and tightly controlled those open ports and protocols through the firewall. After that strategy is necessary to better understand any given Industrial Network, which could be an additional topic.

References
[1] https://www.dhs.gov/cisa/critical-infrastructure-sectors
[2] NIST Special Publication 800-82
[3] ISA-95 https://www.isa.org/isa95/