The beauty of Industry 4.0 is the fact that process tools are all interconnected. The underlying framework that makes interconnection possible is the advent of technologies like WiFi technology, that allows information to be transmitted through the ethers of our universe. While this is important for the process monitoring, there is also an underlying vulnerability that can be experienced by industrial companies who are not adequately prepared to protect their networks.
Early on in the advent on WiFi technology, it was possible for individuals to do things like tap into wireless hot spots in order to access the internet. Wireless networks have long been identified as vulnerable, and from an industrial perspective, organizations have to some extent been aware that savvy individuals can actually do things like hack into their networks and access their proprietary information.
Cyberattacks are not new to the internet community. With the advances in technology, and the desire for competitive advantage however, it will not be uncommon for attempts to be made on the system of a company that is proving to be lucrative. In the European industry for instance, there were several cyberattacks in the autumn of 2019. Malware was utilized in order to access critical company information.
With that initial wave of cyberattacks, the federal agencies became concerned that recent attacks would mark the beginning of a series of attacks. History repeats itself in some patterns. For instance, with the current pandemic, statisticians have predicted that we are currently in a wave where every 3.7 years, there will be another phenomenon that will inhibit human activities. Likewise, with the world becoming increasingly more digital, it should not surprise us that the world is now becoming more prone to cyberattacks. From an industrial standpoint, if organizations don’t start taking a serious look at their cybersecurity capabilities now, it is quite possible that they are likely to become cyberattack victims in the future.
The German attack was influenced by the Emotet malware, in order to distribute the ransomware that was utilized to attack the organizations on their target list. The companies who were victims of the attack included an aluminum company, various hospitals, and municipal administrations. As you can see, the variety of the companies who were attacked were all different, but they had one thing in common – all have extensive databases that contain information. Let’s dissect each industry:
The Aluminum Company: As a large scale manufacturer, the aluminum company is the holder of a high value product. Proprietary information such as the smelter design, the customer list and customer requirements are held in the company’s operational systems. Within the systems themselves, the companies will also have information with respect to how their process control systems operate. If a competitor was interested in figuring out how the aluminum company operates, it would help them to ensure that their processes are optimised.
The Hospital: Hospitals, although deemed as benevolent organizations that have the intention to help the sick, do have business objectives to meet. Some hospitals have the capability to actually develop innovations in house. They often achieve their business ideas from the fact that they are able to look at cases in their own hospitals and generate patient data that they can utilize in their own clinical trials. The healthcare industry is a multi-billion dollar industry. As a result, if one or more of a hospital’s innovations actually do achieve FDA approval, the organization can gain millions of dollars in revenue. A competitor hospital might want to ensure that they are aware of what is happening, and if necessary, be the first one to the market.
Municipal Administrations: Government agencies contain a lot of information on the citizens of an area. Data is king, and embedded in all the citizen files will be critical information. Cases of conditions such as identity theft, often come about when hackers have access to patient information.
From a cyber perspective, data loss is a threat that companies do worry about. It takes a lot of intelligence and focus to build an organization to its current state. Some companies have been in operation for years, and took decades to build their systems and processes. When a hacker accesses this information, the company’s advantage could easily be lost. Essentially, with the current times that we’re in, it’s not uncommon for items like cell phones for instance, to be reverse engineered, and remanufactured in regions like China. It is therefore important to ensure that all the critical network protection mechanisms are implemented.
CYBERSECURITY MEASURES
In an organization, what can work best for an industrial company is to ensure that specific requirements of industrial control systems and its IT infrastructure is at its peak. An organization is as good as its cybersecurity in 2020 and beyond. What a company needs to do is conduct a cybersecurity kaizen, and take the time to walk the facility, and note all the areas that the organization utilized databases and information. All the system servers, cloud databases, and even the process control systems access points from the staff are to be protected. If the internal staff is unable to provide the level of IT detail that will thoroughly detect all the major gaps, it will be in organizations best interest to hire a consulting firm in order to detect this change.
In cybersecurity, prevention is better than cure. If the millions of dollars in production downtime isn’t enough of a deterrent, then you will just have to deal with the consequences of when it actually happens. Take the time to protect your system.