Industry 4.0 is a double-edged sword. While it brings wireless and faster communications and processes, greater connectivity can lead to costly cyberattacks. Article by Yeo Siang Tiong, General Manager, South East Asia, Kaspersky.
We’ve heard the term “Industry 4.0” and how it has gained significant traction across Southeast Asia, especially in Singapore. Industry 4.0, or the fourth industrial revolution, is the trend of automation and data exchange in manufacturing technologies. It includes cyber-physical systems, the Internet of things, cloud and cognitive computing.
Industry 4.0 is a double-edged sword. While it brings wireless and faster communications and processes, greater connectivity can lead to costly cyberattacks.
Singapore Leads The Way
It’s not surprising that Southeast Asia is set to be the fourth largest growing economy in the world by 2030. By leveraging on Industry 4.0, it can help ASEAN capture up to US$600 billion of the US$3.7 trillion in global benefits expected from Industry 4.0 in 2025.
On the government level, the Association of Southeast Asian Nations (ASEAN) is aiming to leverage Industry 4.0 to invigorate the state of its manufacturing industry, with Singapore leading the way. In April 2019, Koh Poh Koon, Senior Minister of State for Trade and Industry, highlighted at the Hannover Messe trade show that ASEAN member states need to have greater levels of collaboration if the region is to unlock its full potential through an Industry 4.0 transformation.
Testament to the Singapore government’s recognition of Industry 4.0 is Urban Redevelopment Authority’s recently released draft Master Plan 2019, which introduces Enterprise Districts intended to support the continually evolving business and manufacturing sectors, as digitisation, automation, artificial intelligence and other technological enablers foster their growth in tandem with the fourth industrial revolution, or Industry 4.0.
These highlight the undeniable importance governments are placing on Industry 4.0, and the natural progression the manufacturing industry will evolve into, becoming increasingly reliant on emerging technologies and connectivity.
ICS Attacks On The Rise
Underpinning the success of Industry 4.0 are well-functioning Industry Control Systems (ICS). These are different types of control systems and associated instrumentation, which includes devices, systems, networks and controls used to operate and automate industrial processes. It also includes utilities that form the foundation of living in Singapore such as water resources, power plants and air-conditioning.
While the cyber-physical systems connected without wires, automated and with lesser human touch points promise more efficient processes and communications, this also exposes systems to potential cyberattacks. Greater connectivity brought about by Industry 4.0 will require greater security attention for ICS security.
True enough, cybercriminals have seen ICS as a gateway to penetrate the networks of a country. Malicious cyber activities on ICS computers are dangerous as they could potentially cause material losses and production downtime in the operation of industrial facilities.
Kaspersky’s latest report has found that Southeast Asia leads the ranking of regions worldwide when it comes to the highest number of ICS infections blocked by Kaspersky, with 61 percent of machines attacked during H1 2018 and 57.8 percent during H2 2018.
In H2 2018, the internet was the source of threats blocked on 26.1 percent of ICS computers from which we receive depersonalised statistics. Kaspersky observed a slight increase in the percentage of ICS computers on which malicious email attachments were blocked.
In Singapore, the distribution of detected infection rate was 20.7 percent and this figure was also the lowest across Southeast Asia. While this underscores government and enterprises have taken significant strides in prioritising cybersecurity, Singapore should continue to be mindful that large-scale cyberattacks have the potential to incapacitate manufacturing operations and disrupt the nation’s critical systems, especially as it embarks on its Smart Nation Initiative.
As a region, if we do not step up against ICS attacks, it is only a matter of time before we experience cyberattacks along the likes of Stuxnet, the malicious computer worm which damaged Iran’s nuclear system, a cyberattack which rendered a portion of Ukraine powerless for days after infecting a power plant, or having alleged North Korean attackers infiltrating the SWIFT network to move money around the world.
A Holistic Approach To Cybersecurity
Security strategies must extend far beyond the walls of a single organisation to reflect interactions with suppliers, customers, and vendors. For organisations, the old challenge of detecting and neutralising threats has expanded to include learning how to continue doing business during a breach and how to recover after one. In other words, it has evolved from security alone to security and resilience.
According to Kaspersky, as networks constantly change, so tracking cyber risks and vulnerabilities over time, mitigating its effects, and adapting accordingly with its results is essential. These crucial steps, specified on the company’s Adaptive Security Framework, are the core pillars of its Industrial Cybersecurity Solutions tailor-made for different verticals under industrial and critical infrastructure.
In addition, companies can leverage the following tips to improve their holistic approach to cybersecurity:
- Regularly update operating systems, application software, and security solutions,
- Apply necessary security fixes and audit access control for ICS components in the enterprise’s industrial network and at its boundaries,
- Provide dedicated training and support for employees as well as partners and suppliers with access to your network,
- Restrict network traffic on ports and protocols used on edge routers and inside the organisation’s operational technology (OT) networks,
- Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets,
- Deploy dedicated security solutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial Cybersecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats,
- Form a dedicated security team for both IT and OT sectors,
- Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence report.
CLICK HERE FOR LATEST NEWS.
READ CURRENT AND PAST ISSUES OF IAA.
KEEP YOURSELF UPDATED, SUBSCRIBE TO IAA NOW!