Industry 4.0 and the Secure Networking Gap

Matt Hadreas | 01/28/2021

What is Industry 4.0?

Industry 4.0 (or I4.0) is essentially digital transformation for manufacturing. It is a nod to the three previous industrial revolutions of steam, electricity, computer-systems, and now the internet.

This vision of manufacturing being run by intelligent, self-learning, and self-healing systems isn’t necessarily new, but for the first time it is attainable. Innovation in machine learning, networking, sensor technology, and cloud has led to giant leaps in recent years. The fourth industrial revolution is decidedly upon us.

Here’s the critical question however: If I4.0 is here and promises such massive improvements to efficiency and output, why isn’t everyone doing it already? Answering this question is where our conversations often start with manufacturers.

The desire to embrace the I4.0 future is being held back by daunting challenges around security and networking. Let’s try to unpack that.

The secure networking challenges of I4.0

Every aspect of I4.0 relies on data. This data can only be gathered when machines are connected to a network or even the public internet. Manufacturers often see the necessary increase in connectivity as meaning a proportionate increase of their cyber-risk exposure. And they’re not wrong.

Poorly-constructed industrial networks can be infiltrated, valuable intellectual property can be exfiltrated, or systems can be commandeered, with all of these cyber risks leading to downtime or safety hazards. In addition, common infiltration practices like probing ports can have serious detrimental effects on OT devices. Often, these concerns are enough to justify late adoption and hesitation to remove their air gapped networks (which is essentially security by unplugging).

For those brave enough to move forward, or keen enough to calculate the risk of not innovating, the challenge of building secure industrial networks at scale is one that must be tackled.

Preparing for the cybersecurity requirements of I4.0

How do manufacturers embrace I4.0 and connect all of their “things” without security constraints?

They must first acknowledge that their networks need to be segmented. Systems and users should only be able to see and communicate with each other on a need-to-know basis. In networking this is known as the principle of least privilege.

Modern security threats are designed to find an ingress point into a network and then do reconnaissance, looking for all possible places they can infect from there. Wide open, or flat, networks are vulnerable to this type of lateral movement from within. Flat networks are particularly prevalent in manufacturing due to nature of the operational technology (OT) systems being connected.

Industrial control systems, as an example, communicate with each other using broadcast networking protocols, like OPC-UA, that were designed for interoperability and openness. This type of connectivity promotes flatter networks so that individual systems can more easily find listeners. Not only do these un-segmented networks pose a risk to security, they are also a risk to the reliability and performance of the network. As the number of connected devices increases at each site, and then as those sites are interconnected to each other or to a common resource in the cloud, they form a massive and ever-expanding broadcast domain that is highly prone to “broadcast storms” which can bog down or crash the network entirely.

Further, OT devices like sensors and robotics often have inaccessible operating systems. These devices are particularly vulnerable and cannot be secured with software at the endpoint, so manufacturers are left to secure the networks those devices run on.

Limiting the I4.0 network attack surface

The good news is that network segmentation is a baseline cybersecurity approach that addresses all of these concerns. Other cybersecurity tactics include ensuring network traffic is encrypted, and networking infrastructure is isolated and invisible to systems and users who do not have explicit access. The secure connectivity demands of I4.0 requires manufacturers to build networks that are natively segmented.

The bad news is that traditional networking and security technologies weren’t designed to build highly-segmented networks and are often insufficient when addressing the volume and variety of “things” in an operational network.

Enabling an I4.0 future with Airwall

Tempered’s story began in industrial manufacturing. Our founders thought long and hard about ensuring the security of connected OT environments. We see incredible opportunities and measurable risks with the future of connected ‘things.’ More specifically, we recognize how necessary a robust cybersecurity foundation is to enabling this fourth industrial revolution.

As a secure networking platform, Airwall is natively segmented, encrypted end-to-end, multi-factor authenticated, with purpose-built industrial hardware for connected OT environments. It requires little change to your existing network investments and can quickly scale across complex infrastructures.

We work with a variety of manufacturing customers across a number of I4.0 use-cases. Some of the use cases are described here:

Helping our customers embrace a connected future is a large part of why we created Airwall.

Protect Critical Infrastructure OT/IT Convergence Industry 4.0

Recent posts