Posted in:

Securing Industry 4.0

To meet their fullest potential, Industry 4.0 programmes must now apply holistic cyber-savvy thinking to all aspects of the industrial processes to be digitally transformed. By James Hayes.

Whether you call it the ‘Fourth Industrial Revolution’, or (MORE COMMONLY) ‘Industry 4.0’, the trend for automation and data exchange in manufacturing technology is closely associated with cyber security.

The Industry 4.0 concept originated in Germany (Chancellor Angela Merkel calls it “the comprehensive transformation of the whole sphere of industrial production”), but its ideals have become a flagship European objective. The EU supports the initiative through its industrial policies and through research and infrastructure funding.

Member States sponsor national initiatives such as Industrie 4.0 in Germany, the Factory of the Future in France and Italy, and the Catapult centres in the UK. However, a rapidly increasing number of Industry 4.0 cyber security incidents have emerged in parallel, that have stressed the need to strengthen cyber resilience. This is particularly true for industrial operators who plan to integrate Internet of Things (IoT) functionality and Industry 4.0 applications.

The IoT is expected to play a major part of Industry 4.0: by equipping industrial and manufacturing hardware with sensors and other data-gathering technology, it takes digital control to the heart of industrial processes; and it turns a connected robot assembly line into an adjunct of the Internet.

In terms of potential threats, the Industry 4.0 concept shares some common risks with mainstream enterprise cyber security, but the damage outcomes differ. The potential impact of Industry 4.0-specific threats range from physical security compromises and fraud, to mass production downtimes, product spoilage, plant equipment damage.


Deloitte’s Industry 4.0 & Cyber Security: Managing Risk in an Age of Connected Production report agrees that the Industry 4.0 revolution brings new operational risk for smart manufacturers and their digital supply networks. With the interconnected nature of Industry 4.0-driven operations, and the pace of Digital Transformation, mean that cyber attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks. It is, therefore, crucial that industrial executive  governance officers are apprised of the potential risks at hand.

For malevolent cyber risk to be adequately addressed in the age of Industry 4.0, cyber security strategies should naturally be secure, vigilant, and resilient, as well as fully-integrated into organisational and IT strategy from the start. When supply chains, factories, logistics, customers, and operations are connected, the risks posed by cyber threats become all the greater and potentially farther-reaching.

“The advanced digitalisation envisaged within the unfolding Industry 4.0 ethos is a paradigmatic shift in the way industries operate – it blurs the boundaries between the physical and digital worlds,” says Steve Purser, Head of Core Operations Department at ENISA: the European security body has published a study on best practices for IoT security, with a focus on smart manufacturing and Industry 4.0. “With a great impact on citizens’ safety, security and privacy due to its cyber-physical nature, the security challenges concerning Industry 4.0 and IoT are certainly significant.”


These challenges notwithstanding, some industrial companies have already  ‘moved headlong’ into digital transformation strategies, with sector-specific initiatives like Smart Manufacturing (the optimisation of concept generation, production, and product transaction) and Industry 4.0, reports Putting Industrial Cyber Security At the Top of the CEO Agenda, a study by LNS Research: ‘[They have done this] not as technology projects, but for the business opportunities they present,’ the report continues. ‘These technology trends have sparked the imagination of executives in industry and are the technology enablers, and drive future visions for the industry like Smart Manufacturing, and the Digital Refinery’.

Market watchers suggest that the Industry 4.0 commerce will be huge.  All told, current analyst estimates for the component markets of Industry 4.0 (e.g., IoT, cyber security, AI) amount to more than $4.4trn by 2020: a massive market, indeed; but, KPMG for one, suggests that, as Industry 4.0 achieves enterprise scale, it will remain to be seen if business leaders will invest such large sums. Even so, the challenge for organisations on the threshold of Industry 4.0 journeys are daunting. For many, it involves a considerable re-implementation and upscale of its core physical infrastructure, new operational procedures, and employee retraining.


Operational Technology (OT) is hardware/software dedicated to the detecting or causing changes in physical processes through direct monitoring and/or control of physical devices, such as valves, pumps, etc. The integration of OT and IT, Deloitte’s Industry 4.0 and Cyber Security notes, is marked by a shift toward a physical-to-digital-to-physical connection. Industry 4.0 combines the IoT and relevant physical and digital technologies (e.g., analytics, additive manufacturing, robotics, and advanced materials) to complete that cycle.

The Industry 4.0 concept incorporates and extends the IoT within the context of the physical world – the physical-to-digital and digital-to-physical leaps unique to manufacturing and supply chain/supply network processes. It is the leap from digital back to physical – from connected, digital technologies to the creation of a physical object – that constitutes the essence of Industry 4.0 (says Deloitte), which underpins the digital supply network.

Digital Supply Networks are an area on which leadership executives need to focus, Deloitte adds, because it is an intersection between business enablement and business-borne cyber risk: industry 4.0 technologies are expected to spur a further evolution in traditional linear supply chain structures by introducing intelligent, connected platforms and devices across the supply ‘ecosystem’: this should result in Digital Supply Networks able to capture data, from points across the value chain, to inform each other.


The Deloitte study also notes that blockchain has been proposed as an emergent technology that could help solve some supply network security vulnerabilities. The blockchain model of establishing a historical record for transactions is best known in the example of cryptocurrency Bitcoin, but others have explored ways to use this model to determine the flow of goods from production line through layers of purchasers, and indeed, for  the remediation of vulnerabilities in cyber defences. A historical open ledger, shared by a community, establishes trust and visibility.

It provides protection for buyers and sellers by certifying a good’s authenticity. It also enables the tracking of goods movements for logistical purposes, and for the more specific categorisation of products (than by lots or batches) when handling product recalls or defects, for example. Such cost-efficiencies play well into c-suite demands for good return on investment.

IBM CEO Harriet Green has envisaged scenarios where IoT devices are able to communicate with the blockchain to update or validate smart contracts: “As an IoT-connected item moves along the multiple distribution points, information like location and temperature is automatically updated in the blockchain, allowing members to view the status of the item in real-time, and verify that the terms of a contract are met at each point.” C-suite executives across Europe “are taking notice”, Green says.