Industry News for Business Leaders
FeaturedIndustry 4.0Market WatchOpinion

OP-ED. Industry 4.0 and Cybersecurity: a Perfect Match for the Future

OP-ED. Industry 4.0 and Cybersecurity: a Perfect Match for the Future

Industry is not the only one concerned: for many, cybersecurity is nothing more or less than a cost center, a prerequisite. However, the health crisis has proven it: without security, there is no information system and production (of products and services) slows down or even stops. In the age of Industry 4.0, cybersecurity is no longer a subsidiary element, but rather the major challenge for securing our production chains.

By Sylvain Guilley, CTO of Secure-IC and Senior Editor at ISO

Industry 4.0: When Industry Becomes Agile

Although the concept is far from new, Industry 4.0 remains a hot topic for industry players and observers. Whether we call it the industry of the future or the fourth industrial revolution, the concept remains the same: it is all about organizing the physical means of production through the prism of data and information. The benefits are obvious in the ability to personalize products and collect meta-data (analytics), useful, for example, for predictive maintenance. 

Besides systems, computerization and automation, already present in the third generation of industry, Industry 4.0 relies on a wide range of sensors and various connected objects, which provide together the basis for real-time control and data acquisition systems (SCADA). This foundation is then able to interact with the production lines, adapt production rates to market needs, fine-tune each product to customer requirements, or anticipate maintenance needs.

Industry 4.0 is all about data. Mass production and production lines that continuously produce the same products, can only adapt afterward through analysis of the demand. With data, it is over. Time has come to personalize products and adapt them in real time using internal marketing and sales data, or external economic, environmental or even political data. In short, this is the era of industrial agility, which is no longer an oxymoron.

A Simple and Understandable Normative Context

For once, the normative context is not made up of multiple layers that refer to each other in an incomprehensible imbroglio that is ultimately particularly difficult to implement. In the field of industrial cybersecurity, a single standard prevails: IEC 62443, which fits perfectly into the context of industrial and information systems security.

Resulting, in particular from the work of Committee 99 of the International Society of Automation (ISA) in the 2000s, the recommendations of the IEC 62443 standard were formalized in 2010. This coincides roughly with the discovery of the Stuxnet virus, which has profoundly disrupted the Iranian nuclear program. But the challenges are so important for Operators of Vital Interest (OIV) as well as for any factory, that the IEC 62443 standard has quickly imposed itself to the industrial sector.

Without entering into technical details, the standard provides a four-pillar approach, from generalities to the smallest component, including strategies and procedures, and the whole system aspect. But it is above all its evolution and agility that are to be praised: for 11 years now, the standard has not ceased to adapt to the new needs and new realities of Industry 4.0, while remaining reliable and clear. A new version of the standard is currently being drafted and should be released in 2022.

Data and Security, the Foundation of the Production Line

In an increasingly “customer-oriented” business context, industrial production, like the service sectors before it, is gradually moving from a supply-driven to a demand-driven approach. For manufacturers, tomorrow’s factory will be 4.0 or it will not be. Helped by 4G coverage and accelerated by the progressive deployment of 5G, new production lines are now systematically adopting the flexibility of Industry 4.0. This represents a challenge, as the production tool in many factories is aging and heterogeneous.

Given this “softwarization” of industry, the instant is not the only one to be considered but the whole life cycle of the 4.0 production chain, with, as for any information or industrial systems, the maintenance in operational conditions (MCO) and the maintenance in security conditions (MCS). Consequently, the design and maintenance of the factory are no longer just physical, but also software-based, with the adoption of a cybersecurity approach that is at least as important as the production tool itself.

In this respect, Industry 4.0 is clearly a real revolution, capable of transforming the nature of the industrial sector throughout the world. By negotiating this shift faster and sometimes better than others, some manufacturers have already taken the lead, making cybersecurity an asset rather than a constraint.