Information security horizon in the age of industry 4.0

HORIZONTE DE LA SEGURIDAD INFORMÁTICA EN LA ERA DE LA INDUSTRIA 4.0

Today’s humanity thanks to the third industrial revolution, has relied on technology as a mechanism of evolution towards a new digital way of life, where today smart computing devices are becoming more common and therefore it started to permeate more easily on different areas of our society, and together with the help of an amazing telecommunications medium as massive and dynamic just as the contemporary Internet, has allowed to view a new industrialized model for the manufacture of industrialized products in an automatic and autonomous way; this concept is called the fourth industrial revolution or industry 4.0, where the interconnectivity based on the Internet of things and the intelligent and robotic technological elements, deploy a new and refreshing industrial model.
This new industrial revolution as well as any technological revolutionary trend with high impact for humanity, always are accompanied by an urgent need to be evaluated and safeguarded with the parameters of today’s computer security, which may be limited or insufficient for the ideology of the industry 4.0, this is because the existing IT security activities are insufficient for such massive, distributed, insecure and critical environment as the proposed by the next generation production plants and therefore at the same time the companies must evolve to adopt the native production processes of the fourth industrial revolution, the computer security specialists must also develop their concepts, technologies and activities, to design and manage highly secure production environments aligned with the requirements and vulnerabilities of this new industrial generation.
The ultimate purpose of this document is to present how current IT security should begin to see the industry 4.0 as its new field of action, because without a robust technological protection model any deployment of new generation industrial functions it would be completely catastrophic for the company that wishes to evolve thanks to the adoption of this new business archetype. This article is segmented by the presentation of a context by the principles of the fourth industrial revolution, where some key foundations of this technological trend are exhibited, and then go on to exhibit a safety analysis on the different segments that make up a factory of new generation, to then identify some of the most interesting trends of attack that modern cybercriminals are beginning to deploy to violate complex industrial systems, and finally present some safety recommendations based on the study of the native vulnerabilities of a generic factory 4.0 along with the newest styles of digital aggression focused on this amazing but defenseless new generation industrial guideline.

DOI: http://dx.doi.org/10.21017/rimci.2020.v7.n14.a84

[1] J. J Gónzales, “IoT: Interconexión digital, un reto mayor de seguridad”; Revista Sistemas - Publicación de la Asociación Colombiana de Ingenieros de Sistemas (ACIS); No. 143 Abril / Junio - 2017.
[2] E. Garnica, “¡La cuarta revolución industrial! Ya está aquí. Una era de transformación digital”; Gaceta Republicana - Publicación de la Corporación Universitaria Republicana; Año 5 No. 26 Julio / Agosto - 2018.
[3] J. J. Cano, “Cuarta revolución industrial: Anticipo de un nuevo desarrollo de la humanidad”; Revista Sistemas - Publicación de la Asociación Colombiana de Ingenieros de Sistemas (ACIS); No. 143 Abril / Junio - 2017.
[4] A. Huth y J. Cebula, “The Basics of Cloud Computing”; Documento WEB - PDF; Disponible en [https://www.us-cert.gov/sites/default/files/publications/CloudComputingHuthCebula.pdf]; 2011.
[5] K. Kim y P. R. Kumar, “An Overview and Some Challenges in Cyber-Physical Systems”; Documento WEB - PDF; Disponible en [http://cesg.tamu.edu/wp-content/uploads /2014/09/An-Overviewand-Some-Challenges-in-Cyber-Physical-Systems. pdf]; 2014.
[6] J. Conway, “The Industrial Internet of Things: An Evolution to a Smart Manufacturing Enterprise”; Documento
WEB - PDF; Disponible en [http://www.mhi.org/media/members/15373/ 131111777451441650.pdf]; 2015.
[7] A. A. Cardenas, S. Amin y S. Sastry, “Research Challenges for the Security of Control Systems”; Documento WEB - PDF; Disponible en [https://people.eecs.berkeley.edu/~sastry/pubs/Pdfs%20of%202008/CardenasResearch2008.pdf]; 2008.
[8] P. Bedard-Maltais, “Industry 4.0: The New Industrial revolution ¿Are Canadian manufactures ready?”; Documento
WEB - PDF; Disponible en [https://bridgr.co/wp-content/ uploads/2017/06/bdcetude-manufacturing-en.pdf]; 2017.
[9] M. Crnjac, I. Veza y N. Banduka, “From Concept to the Introduction of Industry 4.0”; Documento WEB -PDF; Disponible en [https://bib.irb.hr/datoteka/894382.IJIEM_ 24.pdf]; 2017.
[10] H. Heynity y M. Bremicker, “The Factory of the Future”; Documento WEB - PDF; Disponible en [https://assets.kpmg.com/content/dam/kpmg/es/pdf/2017/06/the-factory-of-the-future.pdf];2016.
[11] D. A. Zuluaga, “Era Cognitiva: Una realidad tangible”; Revista Sistemas - Publicación de la Asociación Colombiana de Ingenieros de Sistemas (ACIS); No. 142 Enero / Marzo – 2017.
[12] European Factories of the Future Research Association; “Factories 4.0 and Beyond”; Documento WEB -PDF; Disponible en [https://www.effra.eu/sites/default/files/factories40_beyond_v31_public.
pdf]; 2016.
[13] P. Holecko, “Overview of Distributed Control Systems Formalisms”; Documento WEB - PDF; Disponible en [https://core.ac.uk/download/pdf/8986878.pdf]; 2008.
[14] K. Stouffer, J. Falco y K. Kent; “Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems”; Documento WEB - PDF; Disponible en [https://www.dhs.gov/sites/default/files/publications/csd-nist-guidetosupervisoryanddataccquisition-scadaandindustrialcontrolsystemssecurity-2007.pdf]; 2006.
[15] A. R. Kiran, B. Venkat, Ch. Sree Vardhan y Neel Mathews, “The Principle of Programing Logic Controller and its role in Automation”; Documento WEB - PDF; Disponible en [http://www.ijettjournal.org/volume-4/issue-3/IJETT-V4I3P250.pdf]; 2013.
[16] M. Whitman, “Principles of Information Security”;Editorial: Course Technology; 2011.
[17] Deloitte University Press, “The smart factory:Responsive, adaptive, connected manufacturing”; Documento WEB - PDF; Disponible en [https://www2.deloitte.com/content/dam/insights/ us/articles/4051_The-smart-factor/DUP_Thesmart-
factory.pdf ]; 2017.
[18] J. P. Farwell y R. Rohozinski, “Stuxnet and the Future Cyber War”; Documento WEB - PDF; Disponible en [https://www2.cs.duke.edu/courses/common/compsci092/papers/cyberwar/stuxnet2.pdf];2011.
[19] A. Maiorano, “Criptografía: Técnicas de desarrollo para profesionales”; Editorial: Alfaomega; 2009.
[20] A. Matrosov, E. Rodionov, D. Harley y J. Malcho,“Stuxnet Under the Microscope”; Documento WEB -PDF; Disponible en [https://www.esetnod32.ru/company/ viruslab/analytics/doc/Stuxnet_Under_the_Microscope.pdf].
[21] R. Langer, “To Kill a Centrifuge: A techical analysis of what Stuxnet´s creators tried to archive”; Documento WEB - PDF; Disponible en [https://www.langner.com/wp-content/uploads/ 2017/03/to-kill-acentrifuge.pdf]; 2013.
[22] M. J. Caro, “Flame: Una nueva amenza de ciberespionaje”; Documento WEB - PDF; Disponible en [http://www.ieee.es/Galerias/fichero/docs_ informativos/2012/DIEEEI34-2012_Flame_Ciberespionaje_ MJCB.pdf]; 2012.
[23] J. Robertson y M. Riley, “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies”; Documento WEB - PDF; Disponible en [https://www.bloomberg.com/news/ features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-toinfiltrate-america-s-top-companies]; 2018.
[24] M. Ciampa, “Security+ Guide to Network Security Fundamentals”; Editorial: Course Technology; 2011.