Earlier this year, the world’s largest container shipping company Maersk fell victim to a massive ransomware attack from the infamous NotPetya malware. The software went on to infect systems on an international scale, affecting all types of industry including construction and manufacturing.
Unfortunately, such malware threats are becoming ever more frequent. According to GData, in Q1 of 2017, a new malware strain was discovered every 4.2 seconds. The success of new techniques, such as ransomware-as-a-service, has made cybercrime much easier to perpetrate, and thus opened up the floodgates for this deluge of cybersecurity threats.
But malware isn’t the only menace to our critical and industrial infrastructures. The Industry 4.0 revolution, which is transforming our industrial and manufacturing processes, as well as their respective supply chains, is not without its own inherent dangers.
Smart Industry and Blockchain Innovation
This new wave of smart industry is built upon automation, hyper-connectivity through cyber-physical systems, big data and the Industrial Internet of Things (IIoT). The latter provides an accurate indicator of how we can expect this industry to grow, with Grand View estimating that IIoT will be worth around $933 billion by 2025, with a CAGR of 27.8%.
Unfortunately, this hyper-connectivity is precisely Industry 4.0’s Achilles heel. A view backed up by a Honeywell survey, which found that the biggest issue facing industry today is cyber security, with 53% of respondents suffering site breaches.
Confronted with a growing number of vulnerabilities within our industrial systems, we need to look for innovative ways to deal and mitigate these threats throughout the extended ecosystem. The blockchain is one such innovation that could hold the key to cybersecurity risk management for Industry 4.0.
Blockchain technology is usually associated with cryptocurrencies like bitcoin. However, it has many other use cases, including in Industry 4.0 cybersecurity. The blockchain is fundamentally a database of recorded transactions, whereby each transaction (block) is connected to the previous one and then verified by multiple parties. Building the chain in such a fashion makes it immutable, verifiable, and pseudonymised.
The chain’s strength lies in this basic structure, providing multiple applications in smart industry. Let’s look at two specific use cases of how it can help reduce cybersecurity risk in an industrial environment.
Supply chain risk management: Smart industry requires a highly responsive supply chain. However, this extensive supply chain has been a cybersecurity weak point for many years, as proven by incidents such as the massive data breach suffered by US retail giant Target, carried out via their HVAC supplier. Research by Bomgar shows that the use of third-party vendors is on the rise, which means the associated risks will too.
Blockchain technology, and its use in smart contracts, is ideal for supply chain risk management thanks to its immutable nature. For example, in the gold industry, the blockchain is being used to track the entire lifecycle of gold as it passes through the supply chain. Each supplier, document, and transaction is validated as it progresses, helping fight against the circulation of ‘conflict gold’.
Businesses are exploring the use of smart contracts to mitigate supply chain risk ensuring that suppliers contract to agree to cybersecurity policies. Others, such as Pfizer, are using smart contracts to track drugs throughout the chain while ensuring that their sensitive information remains secure.
Industrial IoT security and blockchain: Industrial Control Systems (ICS) are increasingly Internet-enabled, becoming cyber-physical systems. Consequently, according to Securelist, approximately 91% of ICS devices possess a medium or high-risk vulnerability. This is where the blockchain comes in, whose decentralised structure and in-built verification make it a perfect fit for the IoT environment. In a hyper-connected network of IIoT devices, including critical infrastructure systems like ICS units, the blockchain offers a way to record and verify each device.
The devices can also be associated with ownership using a mechanism based on the concept of the oracle, which can provide trusted proof of sensor readings. This allows for any device to be verified and subsequently deactivated if a breach is detected.
Securing the Industry Chain
As our industrial systems move into a more cyber-physical realm, built on hyper-connectivity and automation, it brings with it new security challenges. Industry 4.0 gives us the power to develop more efficient, sustainable, and smarter machines. In turn, we must be smart in our approach to securing these hyper-connected infrastructures, using innovative methods to mitigate security risks and increase resilience.
Blockchain technology has the potential to help us innovate in cybersecurity, offering a robust mechanism that is inherently pseudonymised and verified. The innate processes in blockchain technology offer the smart industry ecosystem the possibility to cross-check its own suppliers and devices while guaranteeing the confidentiality of sensitive information.