AnalysisofcybersecuritythreatsinIndustry4.0:thecaseofintrusion

detectionJuanEnriqueRubioRodrigoRomanJavierLopez

UniversityofMalaga

Outline

1. Introduction

2. Cyber-securitythreatsofIndustry4.0enablingtechnologies

3. Cyber-securityissuesinIndustry4.0innovativeservices

4. IntrusionDetectioninIndustry4.0

2

INTRODUCTION

3

ITandOTintegration

§ SCADA systems (Supervisory Control and DataAcquisition) are now present in most criticalinfrastructures.

§ Traditionally, these systems and industrialnetworks (Operational Technology) had to beisolated from other environments.

§ However, at present, they have beeninterconnected with external networks(Information Technology).

IT

OT

4

TowardsIndustry4.0

§ Digitization of all components within the industry to make theproductive processes digitally connected and distributed, providing ahighly integrated value chain

Interoperability

Virtualization

Decentralization

Realtime

Service Orientation

Modularity

Interactivity

5

Industry4.0innovativeservicesandsecurity

§ Creation of innovative services:q Novel cooperative infrastructuresq Cloudmanufacturingq Agents for decisionmakingq Advanced interactionsq …

§ The increase in security threats caused by the Industry 4.0technologies and its innovative services must be addressed

§ It is essential to study the requirements of intrusiondetection systems in the upcoming industrial context

6

CYBER-SECURITYTHREATSOFINDUSTRY4.0TECHNOLOGIES

7

Introduction:theIndustry4.0concept

Industry4.0

Cloudcomputing

Virtualization

BigData

IndustrialInternetofThings

8

Cyber-securitythreatsofIndustry4.0enablingtechnologies

Industrial Internet of Things

o Massive interconnection of machines,operators and the product itself

• The main concern are the attacksperpetrated against their availability,due to the scarcity of resources (CPU,memory or battery)

9

Cyber-securitythreatsofIndustry4.0enablingtechnologies

Cloud computing

o Processing of information retrieved by IIoT devices, cloud-basedmanufacturing

• The most common attack goes against its availability, by means of aDenial of service (DoS) attacks against the infrastructure

• Confidentiality problems arise when putting trust in the serviceprovider, who has total access to the stored data

10

Cyber-securitythreatsofIndustry4.0enablingtechnologies

Big Data

o Data analytics with the information extracted from theindustrial network to optimize operations and identifyanomalies

• Difficult to ensure the security of all components andnodes

• Confidentiality and Integrity of data are threatened ifappropriate measures are not applied, which is frequentin this context to improve efficiency

11

Cyber-securitythreatsofIndustry4.0enablingtechnologies

Virtualization

o VirtualrepresentationsofmachinesforsimulationsandAR/VRdevicestointeractwiththeproductionchain

• Themainchallengeisthesecureinformationexchangebetweenthephysicalassetsandtheirvirtualrepresentations

• Authenticationissuesexistwiththedisseminationofinformationovermultiplevulnerableplatforms(e.g.,smartphones)

12

CYBER-SECURITYTHREATSININDUSTRY4.0INNOVATIVESERVICES

13

Cyber-securitythreatsinIndustry4.0innovativeservices

Novelinfrastructures• Decentralizedarchitecturewhereanyelementcooperateswithanyother• Attacks could belaunched fromanyelement ofthe infrastructure,blurring the authenticationbarriers between the differentsubsystems

Retrofitting• IntegrationofIndustry4.0technologiestolegacysystems• New ways for attacks against legacy systems,exposing their information

Industrialdataspace• Secureexchangeofinformationbetweenindustrialpartners• Extraction ofcompetitive intelligence

14

Cyber-securitythreatsinIndustry4.0innovativeservices

Cloudmanufacturing• Productcustomizationinthecloud• Availability andconfidentiality ofbusiness dataaffected

Agents• Workflowplannersorself-organisingassemblysystems• Compromised agents toinfluence decisionsandthe overall workflow

Otherenhancedinteractions• DigitaltwinsandadvancedHMIs• They canbemanipulated tolaunch other attacks andextract information

15

Cyber-securitythreatsinIndustry4.0innovativeservices

Novelinfrastructures

Retrofitting IndustrialDataSpace

Cloudmanufacturing

Agents Otherinteractions

Availability Wideattacksurface

Singlepointoffailure

Cascadeeffects Wide attacksurface

Agentsasmalware

Denialofservice

Confidentiality Globaldatainlocalcontext

Exposureofsensing layer

Informationleakage

Businessprocessleakage

Agentdatainlocalcontext

Informationleakage

Integrity Behaviourmanipulation

Cross-cuttingattacks

Cascadeeffects Manipulationofcomponents

Tampereddata/agents

Disrupt decisionmakingprocesses

Authentication Complexity andmisconfiguration

Fakelegacy/sensinglayers

Biggerscopeofattacks

Managementissues

Attacksfrom/toagents

Privilegeescalation

16

INTRUSIONDETECTIONININDUSTRY4.0

17

IntrusionDetectioninIndustry4.0

§ Requirements for the design, deployment and managementof intrusion detection systems (IDS):

ü Coverage

ü Holism

• All interactions andelements ofan Industry 4.0

• Easily upgradablewith newdetection algorithms.

• Users,configurations,potential points offailure andcascadeeffects aretaken into account

• They must befamiliarizedwith the cooperative nature

18

IntrusionDetectioninIndustry4.0

§ Requirements for the design, deployment and managementof intrusion detection systems (IDS):

ü Intelligence

ü Symbiosis

§ The state of the art on IDS for the current industrial ecosystems donot fully cover the previouslymentioned requirements

• Behavioral analysis andinformationcorrelation toconsiderthe existence ofmoreadvanced attacks

• Close interactionwith other protectionmechanisms,such asprevention systems andforensics,aswell asthe Industry 4.0services

19

Conclusions

§ We have introduced the Industry 4.0 enabling technologiesand provided an overview of their threats

§ The main threats arisen as consequence of the integration ofthese novel technologies in the industrial ecosystems havebeen studied

§ Based on this, we have identified a set of requirements forfuture intrusion detection mechanisms in the industry.

20

ThanksAnalysisofcybersecuritythreatsinIndustry4.0:

thecaseofintrusiondetection

JuanEnriqueRubioRodrigoRomanJavierLopez

21