Cybersecurity is generally considered as an information security topic, often associated with personal data and information databases: collecting, exposing, corrupting, or deleting these data. However, it is a more global problem, and related to broader aspects, such as controlling cyber-systems. In ICS, the topic of cybersecurity is considered at the operational and responsible level as a secondary threat, and much more as an IT problem. This premise has proven to lead to substantial losses. For example, dangerous aspects in some installation can stress the cybersecurity in ICS, for instance, plants dealing with hazardous materials, as the attackers can take over control of the production lines. This chapter encapsulates points in common on the topic of cybersecurity in IT and ICS. IT has already devoted significant resources into cyber-threats. ICS has yet to do so. To do so, authors review a number of papers dealing with the same topic.
Top1. Introduction
The manufacturing sector is currently undergoing its fourth industrial revolution. The first industrial revolution was based on the use of mechanical production to boost production performance. The second one was based on electrical power and mass production. The third revolution occurred by introducing automation advances, based on IT. The fourth revolution, also known as Industry 4.0, and Smart Manufacturing, is established on interconnecting production systems. Then, the manufacturing systems and engines are endowed with communication abilities (i.e. sensors) for better exchange, operation, support and agile manufacturing. This enables reactive and effective steering from raw material reception to end use and recovery. Moreover, the manufacturing devices are controlled through computers.
According to (Hermann et al., 2016), the Industry 4.0 design principles are:
- 1.
Interconnection: Machines, devices, and human operators are interconnected in order to share real-time information and support fluctuating market demands. The IoT1 and new communication technology play an important role to promote this interconnection.
- 2.
Information Transparency: Through linked sensors and information system (e.g. SCADA2, MES3), a form of information transparency is provided to operators. Then, context-aware systems are indispensable to operators to make appropriate decisions.
- 3.
Decentralized Decisions: As human operators and devices are interconnected; the decision is not centralized, but rather decentralized, for better decision-making and increasing overall productivity. In fact, operators are as autonomous as possible.
- 4.
Technical Assistance: As manufacturing plants are becoming more and more complex by: the increasing number of devices, the complexity of production, the complexity of networks, the users need to be assisted. More precisely, the factory should be equipped with information system providing comprehensive visualization of the system, so that the human can solve problems efficiently. Mobile devices are generally used to provide real time alarms (SMS messages) and provide real-time information, e.g. Dashboard, KPIs – Key Performance Indicator.
Furthermore, Industry 4.0 offers a concrete contribution to Agile Manufacturing. (Yusuf et al., 1999) define Agile Manufacturing as “with respect to the agile enterprise, products, workforce, capabilities and the environment that gives impetus to the development of agile paradigm’’. Moreover, Industry 4.0, through its interconnected system, provides a high level of configurability to support manufacturing agility.
Despite of the advantages of Industry 4.0, some drawbacks can be highlighted. The major one being the cybersecurity concern. In fact, the IoT and CPS4 interconnection present potential security breaches related to data and plants security.
This chapter is structured as follows. Section 2 provides a comparative overview between ICS5 and IT perceptions about cybersecurity. Section 3 presents the main cybersecurity threats which highlight the cybersecurity concerns, and ways it differs from IT. In the following section, recommended practices are offered to tackle the cybersecurity threats. Finally, the last section concludes the chapter.
Top2. Ics / It: A Comparative Overview
Inspired by the definition of industrial control network of (Galloway & Hancke, 2013), we define ICS as an interconnection of equipment and systems used to monitor and control physical equipment in an industrial environment. It is able to collect accurate real time data, to aggregate them, and to monitor the industrial process.