Until recently, manufacturers secured factories with CCTV, alarms, and a roller shutter. Today, mass digitization, powered by 5G networks, is turning factories into the new frontier of cyber warfare. Last year, manufacturing overtook financial services as the most attacked sector and yet, according to a report by the Capgemini Research Institute (CRI), cybersecurity in smart factories is not a C-level concern for nearly half (47%) of organizations.
Cybersecurity. Licence: CC0
CC0
The proliferation of new connected devices raises complex security questions that leaders must address if they want to protect their businesses. The count of Industrial Internet of Things (IIOT) connections is expected to reach 37 billion by 2025, while the total number of connected devices worldwide is set to triple to 24.4 billion by 2030. As things stand, however, the vast majority (78%) of organizations have little to no visibility over Operations Technology (OT) or IIOT devices at their smart-factory locations.
This is a problem, especially if organizations want to seize the advantages offered by Intelligent Industry. It should go without saying, but unless leaders can identify risk areas quickly – often found in legacy machinery – and establish system-level visibility, a (potentially debilitating) cyber incident is increasingly likely.
The new threat landscape
5G enables the number of network-connected devices to become substantially higher, and so the volume of dispersed ‘endpoints’ increases exponentially. As it’s not necessary for computing to be done within these new devices, which will shift to Edge networks where much of the intelligence will be held, manufacturing capabilities will be transformed immeasurably.
The problem with the tides of data flowing around the Internet of Things (IoT) is that the entry points for attackers are being multiplied significantly. The federated nature of 5G and cloud infrastructure that accommodates this ecosystem naturally leads security teams to ask, who exactly is responsible for security?
First and foremost, the responsibility lies with the producers of 5G-enabled devices such as smartphones or cars. As much as 70% of light-duty vehicles and trucks will be connected to the Internet by 2023, for instance, and within each one lies separate parts connected to the internet; failure to secure any one of these parts against potential cyberattacks could seriously affect the safety of the driver and create many other risks for the organization. A manufacturer is unlikely to be producing every part and so will receive connected parts from specialist providers. With 50% of organizations reporting that smart-factory cyberthreats primarily originate from partner and vendor networks, the need for watertight, zero-trust frameworks are necessary to avoid infection from any one part.
This is not to say all responsibility lies with industry; telcos must also ensure that their core network is protected to support an increasing flow of traffic, and the user also has a responsibility to secure their sensitive data.
Fusing automation with the human factor
If this all sounds unmanageable, that’s because it is - at least by humans, who are the weakest link in 5G cybersecurity. Why? Because multiplied scale and interconnectivity make traditional security measures almost redundant. Vulnerability managers, confronted with a vast multiplication of assets that require scanning at pace, won’t be able to find enough hours in a day to monitor entry points. It is for this reason that there must be a high level of automation in cybersecurity programs. The quicker organizations and security professionals understand this, the sooner they’ll be able to adapt to and succeed in the 5G connected world.
But even with automation, people will always be the most vulnerable entry point because they are the only unpatchable piece of the security framework. Attackers know this of course, and so will expect and seize on mistakes. As the first line of defence, employees must be trained to spot the early warning signs of a potential attack to allow for a quick response. Capgemini’s research finds that people are ill-equipped in this area with less than half (48%) of organizations saying their smart-factory employees are trained to deal with the impact of an attack through connected machinery. One reason for this is the global shortage of cybersecurity professionals which is even more acute in the smart-factory specialism. As things stand, more than half (57%) of organizations experience difficulties hiring the right skill sets, exacerbating the issue to new extremes.
Navigating the labour market
It may not surprise you that there’s a battle going on to recruit talent. In 2013, there were 1.5 million unfilled cybersecurity jobs; today that extends to an estimated 3.5 million. This is clearly a major issue as it is essential to have people who truly know how to manage the new threats presented by the connected industry. Whether it’s 5G or quantum computing, every new technology requires two kinds of specialists: one group with a deep knowledge of the overarching concept and another with deep knowledge of specific security considerations.
Training experts who can oversee the implementation of comprehensive Industry 4.0 security measures is vital – and investment in this area will not be wasted. Those that cannot get this off the ground quickly should consider partnering with an organization equipped with expertise and end-to-end services to manage it.
There is no doubt that smart factories are the future of manufacturing and 5G-powered connectivity promises vast benefits and unlimited possibilities. But organizations have also to acknowledge that their business interests are in jeopardy without securing the surface area that increased digitization creates. Industry 4.0 is set to unleash an entirely new world of possibilities, but organizations must adapt quickly to realize its true potential.
- The author, Geert van der Linden, is Cybersecurity Business Lead at Capgemini.
Back to Homepage
Back to Technology & Innovation