Report highlights major industrial cybersecurity risk of Industry 4.0 boom

Market news | April 26, 2023

By Nick Flaherty

Interconnect & cables Authentication & Encryption

Less than 5% of critical industrial infrastructure is monitored for cybersecurity threats according to a report from ABI Research. This is a key risk for the growth of the next generation Industry 4.0 technologies.

Industrial Control Systems (ICSs) including Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) are the basis of critical industries, but many were not designed for an increasingly connected industrial environment and usually lack rudimentary security features.

The lack of monitoring means advanced malware such as the ICS-specific Pipedream malware can cause major problems. Pipedream can infiltrate ICS systems across different sectors, making them more versatile than previous industrial malware that were dedicated to specific industrial segments. Hackers can run amok in ICSs for months or even years before being identified. By that time, considerable damage can be done, even if the system appears to function.

ABI Research forecasts that by 2030, connected machines and production systems within factories will exceed 1.2 billion connections. Industrial 4.0 and industrial Internet technology investments are expected to grow from US$41 billion in 2022 to nearly US$200 billion by 2030.

This growth expands the opportunities, or attack surface, for malware, and given the assortment of networks, endpoints, and connection protocol heterogeneity, will contribute to a variety of security solutions.

To mitigate attacks against industrial organizations, it is necessary to adopt three major ICS hardening solutions in parallel with each other. These solutions are endpoint and network security, as well as securing ICS protocols.

“An attack on network infrastructure targets the connection between ICS devices and the SCADA system or attempts to intercept data in movement. This could include eavesdropping on network traffic, disrupting network communications, or exploiting vulnerabilities in network devices, such as switches or routers. An ICS cyberattack could also target the data stored within ICSs. An attack on endpoints, targets applications, systems, or devices that are connected to an industrial control network,” says Michael Amiri, Senior Industrial Cybersecurity Analyst at ABI Research.

The majority of ICS connected components, such as PLCs, are still connected via physical fixed lines, such as Ethernet technology using cables. “Most of all other connected industrial applications from industrial pumps, intelligent industrial electric motors, and connected robots to HMIs are also connected with fixed lines. This means protocol cybersecurity and the use of firewalls, authentication technologies, and unidirectional gateways will see strong demand for the foreseeable future,” he said.

Other types of connectivity in industrial settings such as 5G and LPWA-LTE are rapidly growing and will be prominent modes of industrial connection by 2030, meaning that vendors that provide 5G network security will see a ripe market for growth. “The market for fixed-line security will be the largest, but 5G connectivity security is the most promising, especially for new entrants into the market,” he says.

The ICS cybersecurity environment can generally be categorized into software cybersecurity providers, hardware security, and the manufacturers of ICS equipment. Larger companies, such as ABB and Siemens, provide all these services. ABI cites OTORIO and Irdeto as software cybersecurity companies that focus specifically on software solutions installed on the network.

The findings are from ABI Research’s Industrial Control Systems Security: Hardening Networks and Endpoints application analysis report.

www.abiresearch.com.

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to : eeNews on Google News