Cybersecurity in connected factories

In the modern, highly automated factory, information technology (IT) and operational technology (OT) are increasingly merging. This means that the cyber risks from Trojans, viruses and ransomware familiar from IT are also becoming a risk to be taken seriously for OT.
 

Cyberattacks on OT on the rise

In fact, the risk of cyberattacks in industry and manufacturing has increased exponentially: According to Otorio, an industrial cybersecurity solution provider, the number of incidents has increased by 67% in the last five years. In a survey by cybersecurity company Fortinet, three-quarters of OT organisations reported at least one intrusion in the last year. The cyberattacks have caused millions of dollars in outages, disruptions and damage.
 

Realising multi-layered protection

To protect networked industrial plants from such attacks, a holistic approach is necessary: This begins with organisational issues, continues with the regulation of access rights and extends down to the individual components. Basically, a multi-layered security concept should be implemented: This "defence-in-depth" principle is based on constantly placing new and different obstacles in the way of intruders. The more layers are drawn in and the more obstacles are created, the more difficult it is for cyber criminals to successfully carry out an attack.
 

Security from the very beginning

When selecting automation components, care should be taken to ensure that they have been developed according to the "security by design" aspect. Then security aspects have been taken into account in all phases of product and software development, and vulnerabilities do not arise in the first place. If a component manufacturer is certified according to the IEC 62443 series of standards, it is ensured that he has implemented a corresponding "secure" development process. In addition, the EU's Cyber Resilience Act (CRA) is currently in the final drafting phase. It affects all manufacturers and importers of products with digital, networked elements. With the CRA, security-by-design becomes the standard. If it is not complied with, the product will not receive a CE mark.
 

Secure communication with digital identities

In addition to the use of cyber-secure devices and components, secure communication in particular plays an essential role in protecting against cyberattacks in the networked factory. Digital identities are the de facto standard in this context. Almost all TCP/IP-based protocols such as OPC UA or MQTT support certificate-based mechanisms. A digital identity is the proof that a communication participant (device, application or person) in the "digital space" is actually who he claims to be. Basically, it is about whether the "other person" can be trusted. In principle, digital identities use three security mechanisms for this purpose:

1. Authentication
2. Encryption
3. Integrity
    

One basis for these security mechanisms is a Public Key Infrastructure (PKI). This serves as a central trust infrastructure for issuing certificates that prove digital identity. The most commonly used standard for digital certificates is X.509v3.
 

Secure hardware elements as a basis

To ensure that digital identities cannot be misused by third parties, they are stored on secure hardware elements such as a TPM (Trusted Platform Module), a Secure Element (SE) or an HSM (Hardware Security Module). With these hardware-based security solutions, sensitive security keys for the assignment of access rights, authentication as well as for data encryption can be securely inserted into a product, device or machine. The hardware elements can also be updated to keep the security level up to date throughout the entire service life.

Cyber risks in the OT environment (Source: 2019 Deloitte and MAPI Smart Factory Study)