Italy is now launched towards Industry 4.0 technologies, but there is still too little awareness and strong underestimation of IT security:
the risk is to expose companies and the country system itself to very significant risks.
It must be strongly emphasised the close connection that must remain between the two worlds, and in particular it must be emphasised that the Industry 4.0 plan, if not properly “controlled” by the cybersecurity system, runs the risk of not only not achieve the goals everyone hoped for, but rather to be a boomerang for the realities involved and for the country as a whole.
Cybersecurity: what it is and why it is threatened by Industry 4.0
Cybersecurity properly means computer security, i.e. the set of all technologies aimed at protecting computers and computer systems from attacks (viruses, hackers) whose consequences are loss or compromise of data and information. Not to be confused with the information securityas it depends exclusively by computer technology.
Returning to Industry 4.0, it is certain that it will have to be the bearer of of innovations in process, product, management, services, with very important impacts on all production facilities, end products and people. This is possible because of the ICT technologies and to what is known as cyberspace, the union of thousands of data networks and software that connect people from all over the world.
It is hoped, in particular, that Industry 4.0 can be the extension to the manufacturing world - but not only - of a status of Always-on already widely experienced and widespread at the individual level: that of the perpetually connected. This means bringing, also in the productive world, Cloud, Broadband (if not ultra-wideband), Robots, Drones, Big Data, Artificial Intelligence and the IoT, the Internet of Things in any field.
But, then, why should cybersecurity be threatened by this new technological system?
Let's look at all the various risks:
- All technologies and especially the IoT have already increased disproportionately, and will continue to do so, the attachment surface. That is to say, the opportunity to launch malicious and disastrous attacks by cyber criminals, understood as individuals, criminal organisations, if not more or less neighbouring sovereign states. This significantly increases the risk of loss of basic information, data and know-how for companies, all at a very low cost for hackers. In this sense, one should never think that the problem does not concern us “because we have antivirus”, but we need to go deeper by asking, for example, what and if there are protection tools on the smartphone connected to the corporate information system; who wrote the software; who provided the OS; who sold the servers and corporate hardware. And so on.
- A less obvious, and more insidious, risk is that hackers use the companies' own products as a base, if these were not properly designed, to launch attacks also on third parties. A disaster for companies, which would have to pay the damages and suffer the consequences in terms of image and market share.
- Then there is the problem of lack of sensitivity to the cybersecurity issue. Taking into account the teachings of the Social Engineering, is the human component (Man-in-the-middle) the weak link in the chain, and one of the easiest and cheapest ways for a hacker to enter the system.
How to act for Cybersecurity 4.0
So Industry 4.0 is to be avoided? Absolutely not, but we must act fast to ensure all levels of digital security.
In particular:
- It is necessary to significantly increase the level of awareness at every level, so from CEOs to board members, from every employee to technicians up to CTOs.
- Assess carefully cyber-risk, also by exploiting the National Framework developed by the CINI National Cybersecurity Laboratory based in turn on the one developed in the States by NIST.
All necessary actions and countermeasures must then be arranged and deployed, starting with the university and academic world, even at government level. In the academic world we need make every effort to increase workforce in the cyber field, especially since the lack of cyber experts will increasingly prove to be a risk and thus a possible detriment for the country.
Universities are today called upon to play their important part with diversified actions, including the cyberchallenge distributed throughout the country, specialised master courses (both level 1 and level 2) as well as the activation and promotion of new Master's degree courses for the training of cyber experts who are characterised by both a high level of technological competence and a strong multidisciplinary culture.
The academic world alone is not enough, without targeted interventions and initiatives at the political level. It must be recognised that in Italy we are by no means at year zero of technology, but this does not require you to start a major investment campaign to prevent the Bel Paese from ending up on the list of inadequately cyber-equipped countries in the near future.
This means putting into practice all the actions needed to create a national cyber ecosystem, including organisations of an appropriate size (both in terms of personnel and expertise) that are well integrated in the public and private sector, with strong collaboration between the research, government and industry sectors. In particular, what is needed is the activation as soon as possible of a Italian MITRE, with some sections (e.g, for Italians yes, only) that serve to create a national cloud.
A practical example
The introduction of device-to-device communications, referred to by terms such as IoT - Internet of Things or Industry 4.0, therefore leads to a definitive change at the level of security logics. Cambiano tutti i meccanismi di autenticazione e autorizzazione, ma anche – come si è appena visto – le modalità con cui communications must be made secure and reliable.
It is a revolution that has been going on for 20 years now, in both the consumer and enterprise sectors, and it is during this time that we have seen how the devices used daily by millions of people contain more and more information and increasingly complex, part of a technology that never stops evolving. This, as we have seen, on the one hand creates new opportunities for communication and data exchange, and on the other hand poses the need to put all this data in perpetual security.
How can a company, in the practical field, guarantee precisely this security for its data and those of its users. There are several solutions on the market. One, for example, is to identify together with customers all cybersecurity risks in order to mitigate them and keep them constantly under control.
There are companies that provide the right mix of contextual knowledge, processes and technology, and support companies in the design phases of their products, from design to final realisation to find the most suitable solution each time, and at a technological and process level. These are companies that, strengthened by their experience and partnerships with leading suppliers and all the latest technologies, can provide the customer with operational supervision (both remotely and in presence) with varied skills for the entire duration of the implementation and service.
They also provide the possibility, thanks to the CSOC - Cyber Security Operation Centre, to combine service delivery with constant security monitoring to reduce risks.
