In its recent “Industry 4.0, the levers of transformation”, the energy industry group Gimélec highlighted the major stakes of tomorrow’s plants and identified their four pillars : competitiveness, flexibility, quality and cyber-security. Given the growth rate of digital communications ranging from remote control of terminals to production management systems, and including big data and industrial IoT, it is easy to understand why the plant of tomorrow must have a secure IT system. What are the tools available to counter cyber-attacks? What will be the implications for quality and competitiveness of industrial sites? Here is a journey inside tomorrow’s plant.
To be or not to be hyper-connected
Tomorrow’s production sites will be focal points for multiple connections. As described by Gimélec in their introduction, “all aspects of a plant’s operations will be conducted through interaction between product and machine, and in between machines”. Communication between tools and controls will be instantaneous and all intra, inter and exterior networks will be interacting with one another. These connection nodes will facilitate the adjustment of production rates in real time. Tomorrow’s plants will be intelligent and function on their own, and remote control will be the norm.
Tomorrow’s plants will be able to modify their way of functioning by adapting automatically to the inputs they receive. The occurrence of a quality issue will trigger an automatic analysis thanks to communicating sensors, and determine the root cause of the problem while leading automatic corrective actions. The smart plant will also automatically adjust its production rate to demand fluctuations, through the connection to the company’s dynamic sales database. This will all result in greater flexibility and increased competitiveness.
During the recent Machine2Machine and IoT Embedded Systems shows where Sentryo was invited by Intel to present, Laurent Hausermann, co-founder of Sentryo, had the opportunity to witness firsthand the speed at which solutions to connect industrial sites are being developed. “All these innovations are undoubtedly going to boost the competitiveness of industrial activities. However, they are also going to expose all these sites to the outside world. All of a sudden, this potential game-changer can also become a major threat to the security of operations”.
Tomorrow’s plant will thus require the security of operations systems and security of IT systems to be considered as one and the same. This will be critical to ensure quality, flexibility and competitiveness. Both systems will need to be mapped and monitored. According to ANSSI’s latest report, constant monitoring of all networks will be necessary to reduce the threat of cyber-attacks on industrial sites, which are now becoming the hacking world’s new favorite targets. SOCs (Security Operating Centers) are likely to become widespread in order to maintain continuous screening of all systems.
Communicating energy supply with smart grids
With the spread of smart grids, the energy industry is already on its way to a major revolution. By having access to both available supply and expected demand, these grids will optimize energy supply in real time, and in particular will significantly improve the coverage of peak demand needs.
The implementation of systems will also result in better management of both traditional and renewable energy distribution. Instead of having supply be the main driver of the system, it will now be more flexible and adapted to demand, as Gimélec points out. The surveillance and protection of these systems will obviously be critical. As recently experienced in the Ukraine where a number of households were cut from the energy supply, the hacking of these systems will directly affect the population.
Multiple potential points of entry for cyber-attacks
Communication between objects and production tools
Contrary to popular belief, the primary risk for connected objects is not the failure of the IT systems they are connected to but the functional implications of their breakdown. Thanks to smart industries and smart grids, the output of a factory will always remain connected to its original production site. The hard-to-imagine possibilities offered by this new technology come with significant risks however, and a new approach to cyber-security based on surveillance and prevention is absolutely fundamental. Tomorrow’s objects will “feed” post-production information back to their “mother” plants, which the plants will analyze and use to modify their functioning if needed.
The cyber-security of the future must therefore be based on prevention and the safeguarding of these newly created points of entry for hackers. The challenge will be to prevent intrusions into the system through the real-time identification of network malfunctions. Once inside the systems, hackers can cause quite significant damages to production sites. Not only must the sites be protected, but also all the objects that are connected to it, including production. Preventing cyber-attacks rather than merely containing them will have significant benefits.
This is of course particularly relevant for highly automated industries that are often considered to be critical, such as:
- Energy supply sites
- Food processing
A future standardization of critical industry cyber-security?
The Gimélec report points out that there are significant differences in terms of cyber-security implementation, with most major companies now legally obligated to actively protect themselves against cyber-attacks (NIS directive, military program legislation). Public organizations, such as ANSSI, are now empowered to verify that cyber-security systems are in place at large companies. These companies have often been the ones to be targeted by cyber-attacks. They have the motivation to commit significant resources and man-power to their cyber-security and are generally well-advanced in their cyber-security protection. The focus of hackers has thus shifted towards medium-sized companies that do not necessarily have similar means and are thus quite vulnerable to such attacks, as their systems are easier to penetrate. As a great number of these medium-sized companies actually conduct outsourcing services for larger companies, they are often used as a back-door to hack into the systems of larger companies, causing them to become a major risk.
A standardization of the cyber-security of industrial sites must be implemented. Governments have been active on that front to lay-out various solutions and best practices. The best example is the Cybersecurity Framework in the United States, which offers processes and guidelines to its members.
The threat presented by cyber-attacks is increasing. A study conducted by Usine Nouvelle at the end of 2013 reported that one out of two companies had been the target of a cyber-attack during the year. Two years later, this number had increased by 20%! Public institutions thus have a significant role to play in curbing this disease. As Stéphane Meynet, the head of industrial system security of ANSSI says, “we are doing everything we can to reinforce the security of production systems”. This includes the publication of references and guides to help industrial players and their partners implement efficient and adapted solutions to their cyber-security challenges.
Industry 4.0 is on the rise, but its strides are still baby steps. A systematic and standardized cyber-security solution is essential to ensure competitiveness, flexibility and quality. Communications between sensors, tools, production controls and production systems are perfect targets for hackers today. Tomorrow’s hyper-connected plant must have efficient cyber-security systems. These must be a step ahead of attacks by being capable of preventing hackers from ever reaching and impacting the systems of critical industries, a phenomenon that has unfortunately happened too often already.