International. We are on the verge of a technological revolution that will fundamentally alter the way we live, work and relate to each other. It is recognized as the fourth industrial revolution, or Industry 4.0, which is based on the integration of digital systems that have been gradually implemented for some years, and is characterized by the fusion of technologies that fades the lines between the physical, digital and biological spheres.
For reference, the first Industrial Revolution used water and steam to mechanize production; the second used electrical energy to create mass production; and the third used electronics and IT to automate production. Now, the fourth (4RVI) is based on digital and, compared to the previous ones, is evolving at an exponential rate instead of linear; in addition, it is affecting almost every industry in every country.
We have witnessed emerging technological advances in fields such as artificial intelligence, robotics, the Internet of Things (IoT), autonomous vehicles, 3D printing, nanotechnology, biotechnology, materials science, energy storage and quantum computing, which complement a cycle of digitization of operations and are integrated into a Digital Supply Network (DSN); is the natural shift from simple digitization that began in the third revolution, to innovation based on combinations of technologies that will predominate in the 4IR, whose tangible manifestation or principles are demonstrated by the fact that more than 30 percent of the world's population uses social media platforms to connect, learn and share information[1].
However, the 4IR implies an operational risk for manufacturers connected to digital supply networks: that related to cybersecurity. This is because the interconnectedness of operations inherent in Industry 4.0, coupled with the pace of digital transformation, can be affected by cyberattacks with far more extensive effects than ever before, and for which manufacturers might not be prepared. That is why cyber risk must be adequately addressed in this area, designing a security strategy that guarantees the integrity of data through continuous surveillance, and that must be fully integrated, from the beginning, into the organizational structure and as an inherent part in the implementation of information technologies.
The increasing interconnection of DSN components in this environment leads to cyber weaknesses that must be adequately foreseen, including from project planning to operation, to avoid significant risks. Therefore, organizations should consider tactics in order to secure their information and take care of the access of unauthorized users to their network so that not just anyone can access. In addition, they must consider what data can be shared and how it should be protected.
For example, some suppliers integrated into a DSN may be competitors in other areas, and certain types of information such as prices, costs or industrial information should not be made available to them. In fact, it should be considered that allowing access, even if it is only a part of the data, can facilitate entry to those who have malicious intentions and who intend to consult other types of information.
Consequently, organizations must use proper hygiene by applying techniques such as network segmentation or continuous monitoring of systems that serve as "intermediaries" to collect, protect and provide information. Additionally, hardware security modules must be added to devices that include robust cryptology, support, hardware authentication, and certification (to detect when unauthorized changes applied to a device are made). By combining this approach with hardened access controls in mission-critical operations, the technology is secured at application points and endpoints to protect your data and processes.
Finally, it should be noted that as production facilities increase the integration and deployment of IoT devices, it becomes more important to consider the security risks they pose to manufacturing, production, and enterprise networks. However, it should also be considered that in this new technological environment there must be attention on the part of the country's authorities to issue regulations that configure a legal protection framework that even provides certainty to companies to invest in some country, as has already been done in other places3. There can be no oversight, because the costs to be paid would be very high.
Article by Infosecurity Mexico.
