By Jim Romeo for Mouser Electronics
More Connected Devices Means More Endpoints for Cybersecurity Threats.
The fifth generation (5G) of wireless technology has and will continue to transform telecommunications. Many new connections, capabilities, and services will enable connections to millions of edge devices in the wake of Industry 4.0. In this article, we provide an overview of the significance of not just the arrival of 5G but also the potential rise in cybersecurity risk. Such risk calls for an examination of the threats that pose dangers in this new environment and the steps to take to mitigate them.
The Emergence of Connected Industrial Control Systems
5G wireless technology is transforming telecommunication networks, enabling a plethora of connected devices that provide new capabilities and enhance innovation. This transformation is accelerating Industry 4.0, which has applied the benefits of IT capabilities on physical systems, enhancing many different control mechanisms. Using digital technology to replace legacy analog controls, connected devices such as embedded digital controls, cameras, and sensors have ushered in an environment of “smart” everything—from buildings and transportation to manufacturing and many other industries. This has, in turn, created numerous endpoints vulnerable to cyber threats.
In short, with the broad adoption of 5G in industrial systems comes increased cyber risks that leave networks vulnerable to compromise. 5G networks are a likely target for cybercriminals to exploit sensitive data.
Be Vigilant of the Many Different Types of Cyber Threats
While there are numerous types of cyberattacks, Figure 1 presents some of the most common categories. Each has many variations that can damage organizations, so employees throughout the company should remain vigilant.
One way to mitigate risks across an organization—and an important point of overall network security—is by segregating corporate and industrial or control networks via different architectures. By introducing a simple two-port firewall between the corporate and control networks, companies can achieve significant security improvements. If properly configured, such a firewall reduces the chance of a successful external attack on the control network.
Develop Risk Management Plans and Policies
To further mitigate the risk of cybersecurity compromise brought on by the infusion of billions of connected devices that 5G enables, risk management plans and policies are critical. Companies should continually evaluate and adjust these policies as 5G adoption continues to grow and as automation technology, cyber security threats, and personnel change. Risk management plans and policies should be built on processes that focus on framing and assessing risks, responding to threats, and continuously monitoring processes and systems to detect such risks. For example, policy may include implementing symmetric encryption as a means of protecting data so that only the sender and recipient can use the key or password to gain access.
In the context of cybersecurity, these processes are mostly interrelated and will vary according to the size, location, landscape, and nature of the business and industry.
Build a Security Program to Deter Cyber Risk
Using these risk management policies, organizations should develop and deploy an industrial control security program. Such a program should work together with other IT security programs throughout the enterprise. The security program’s key elements should include building and training cross-functional teams, conducting regular security audits, and using an established risk management framework, such as the U.S. Department of Commerce National Institute of Standards and Technology (NIST) cybersecurity framework.
While establishing a security program is important, it’s equally important to continually update it to reflect changes in technology, operations and processes, industry standards and regulations, and any unique requirements for the security of specific equipment, processes, or facilities.
Develop a Cross-Functional Team and Promote Cybersecurity Culture
As mentioned in the previous section, cross-functional teams are an important part of a security program. Because the domain knowledge across an enterprise varies, cross-functional teams can bring different but complementary knowledge and skills to managing and mitigating risk. For example, a team may include personnel from IT, engineering (specifically those knowledgeable about underlying automation and controls), and operations plus cybersecurity and IT architecture subject matter experts. An information security manager should oversee the team and its ongoing work.
To further bolster the cross-functional team and its mission, organizations also need to create a cybersecurity culture that extends beyond the team and into the extended enterprise. This includes training and educating all personnel, implementing policies such as two-factor authentication throughout the organization, and enforcing processes like cybersecurity clearances for contractors, vendors, and other tiered organizations that work with the company.
By utilizing established cybersecurity frameworks and developing shrewd policies and practices, organizations can mitigate much of the risk posed by the expansion of 5G in Industry 4.0. Part of the journey is understanding the consequences of attacks and taking steps to build not only secure networks and devices but also a culture that recognizes threats and vulnerabilities well ahead of an attack.