Industry 4.0 is changing industrial control systems cyber security
There is a reason Industry 4.0 is changing the ICS cyber security problem. The very nature of Industry 4.0 is to increase access and accessibility of control of the devices in the factory. This means increased access to the data to expand transparency, reduce network planning, lower CapEx, reduce OpEx, improve bandwidth, and optimize machine interworking. Increasing access and accessibility of control means that the cyber security risk assessment of the factory system is changing. ICS cyber security solutions need to adapt to address the changing risk, and traditional countermeasures applied to the system, such as firewalls and placing a device behind a locked door, are counterintuitive to the goals of Industry 4.0. This means devices will need to be security hardened to enable increased functionality in a secure method. Identity and integrity will be at the core of every device in the field to enable trusted data and secure operation.
There are many different standards in the industrial market that provide guidance on implementing security in industrial control systems. For example, NIST provides security guidance with U.S. governance. IEC 62443 is a security standard in draft form for the international market with governance in Europe. These are two of the most predominant standards, providing useful guidelines for implementing security and assessing one’s security posture for industrial control systems; however, they do not provide guidance on how to accelerate the adoption of Industry 4.0.