By Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky
The term Industry 4.0 was first used at the Hanover Fair, as a reference to the latest industrial strategy which has been termed the fourth industrial revolution. According to the explanation by Ministry of International Trade and Industry Malaysia I have read months ago, Industry 4.0 is referred to as production of manufacturing based industries digitalization transformation, driven by connected technologies.
Together with autonomous robots, big data analytics, cloud computing, Internet of Things, additive manufacturing, system integration, augmented reality and simulation, in my opinion, cybersecurity is among the main pillars of Industry 4.0. Why? Because while the cyber-physical systems connected without wires, automated and with lesser human touch points promise more efficient processes and communications, this also exposes systems to potential cyberattacks.
Greater connectivity brought about by Industry 4.0 will require greater security attention for ICS security because the Fourth Industrial Revolution is a double-edged sword which countries and companies should use wisely.
It is great to note that Malaysia is currently ranked third globally among 193 International Telecom Union members, in terms of the level of national commitment to addressing cybersecurity risks. In 2018, Ministry of International Trade and Industry Malaysia launched INDUSTRY 4WRD, a national policy on Industry 4.0, to place policies and guidelines in place to ensure Malaysian manufacturing industry and its related services would be ready, to be smart, systematic and resilient. The policy has the overarching philosophy – A-C-T, Attract, Create and Transform.
The government’s efforts are indeed being commended worldwide. Proof is the Readiness for the Future of Production Report 2018 which put Malaysia in the “Leader” quadrant, positioned well for the future. Malaysia and China are the only two non-high-income countries in this coveted quadrant.
One important area for improvement that I know if will be the human force. Malaysia has shortage of required talents, skills and knowledge for Industry 4.0, particularly in the areas of IoT, robotics and AI. The lack of talents in the fields of IoT is hypocritical for Malaysia Industry 4.0 especially in the areas of exposure to cyber threats.
However, let us not miss the commitment uttered by the Ministry of Education Malaysia saying that cybersecurity must be introduced at the grassroot level, especially among the schoolchildren. The department of Polytechnic and Community College Education and Politeknik Mersing in Johor is also off to set up the Cyber Range Academy, which provides the students with an authentic learning environment in the threat landscape.
For our part, Kaspersky understands the cyber security needs in ensuring the success of Industry 4.0 and have solutions in place – Industrial CyberSecurity (ICS), with the aim to protect companies from three main risks.
Firstly, unintentional infection of an industrial network. In theory, industrial information networks should not be connected to office networks, and should also not have direct access to the internet. However, sometimes without intending to cause any harm, staff will connect infected removable drives to industrial computers or access the internet to update software on the server, resulted malware manages to penetrate the network.
Secondly, it is not unusual for people who are professionally versed in industrial systems to try and use that knowledge to trick their employer, which cause serious harm to the business.
Thirdly, cyberwar, targeted actions that are intended to cause damage. Two years ago, a massive data breach saw more than 46 million mobile subscribers in Malaysia leaked on to the dark web.
For companies to reach their Industry 4.0 goals, all components have to be protected.
Remember ShadowHammer which Kaspersky team highlighted in the research back in March? Executable files, found in reputable and trusted large manufacturer, contained malware features, which upon careful analysis confirmed been tampered by malicious attackers.
To avoid being victims and ensuring a clearer path to achieving Industry 4.0, we suggest to:
- Regularly update operating systems, application software, and security solutions
- Apply necessary security fixes and audit access control for ICS components in the enterprise’s industrial network and at its boundaries
- Provide dedicated training and support for employees as well as partners and suppliers with access to your network
- Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks
- Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets
- Deploy dedicated security solutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats
- Form a dedicated security team for both IT and OT sectors
- Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence reports