Earlier this year, the world’s largest container shipping company Maersk was the victim of a massive ransomware attack. The malicious software behind the attack being the infamous NotPetya. The malware went on to infect systems on an international scale. Industries of all types, including construction and manufacturing, were hit by the ransomware. And malware threats are growing.
According to GData, in Q1 of 2017, there was a new malware strain discovered every 4.2 seconds. This increasingly flooded cyber threat landscape is being driven by the success of new techniques, like ransomware-as-a-service, that makes cybercrime much easier to perpetrate.
But it isn’t just malware that threatens our industrial and critical infrastructures.
Industry is changing. Our industrial and manufacturing processes, as well as the supply chains associated with them, are blossoming in the 21st century in the revolutionary guise of ‘Industry 4.0’.
Smart Industry and Blockchain Innovation
This new wave of smart industry is built on the back of automation, hyper-connectivity via cyber-physical systems, the Industrial Internet of Things (IIoT), and big data. In terms of growth, the IIoT is an accurate indicator of the swiftness of uptake of this vanguard. Research by Grand View has shown that the IIoT will be worth around $933 billion by 2025 with a CAGR of 27.8%.
This hyper-connectivity however, is a point of weakness for Industry 4.0. This has been confirmed by a survey from Honeywell, who found that the number 1 issue in industry today is cyber security, with 53% of respondents suffering plant breaches.
With increasing vulnerabilities within our industrial systems, we need to look at innovative ways of dealing with these threats and the management of the extended ecosystem to mitigate threats. The blockchain is one such innovation which could hold the key to industry 4.0 cybersecurity risk management.
Blockchain technology is usually associated with cryptocurrencies like bitcoin. However, it is also applicable to many other use cases, including in securing Industry 4.0. The blockchain is fundamentally a database of recorded transactions. Each transaction is associated with the previous one to build up the chain, and each block of the chain must be verified by multiple parties. In doing so, it becomes immutable, verifiable, and pseudonymised.
This basic structure of the chain is its power, and this provides multiple applications in a smart industry. Here we look at two specific uses of it within an industrial setting that can help to reduce cybersecurity risk:
Supply chain risk management: Smart industry requires a highly responsive supply chain. The extended supply chain ecosystem has been a point of weakness in cybersecurity for many years. Renowned attacks such as the massive Target Corp. breach, perpetrated via an HVAC supplier, show the weaknesses inherent in the supply chain. According to research by Bomgar, third-party vendor use is increasing and the associated risks will, in turn, increase.
Blockchain technology, including the associated mechanism of ‘smart contracts’ are ideal for supply chain risk management. The blockchain is an immutable ledger, and as such, is a paradigm of truth. For example, in the gold industry, blockchain is being used to track the entire lifecycle of gold as it passes through the supply chain. Each supplier, document, and transaction is validated as it progresses. The system also helps prevent the use of ‘conflict gold’.
Organizations are exploring the use of smart contracts — based on blockchain technologies — to manage supply chain risk ensuring that suppliers contract to agree to cybersecurity policies. Other organizations, such as Pfizer, are using smart contracts to track drugs across the chain, whilst ensuring the protection of company sensitive information.
Industrial IoT security and blockchain: Industrial Control Systems (ICS) are increasingly Internet-enabled creating a cyber-physical system. According to Securelist around 91% of ICS devices have a medium or high-risk vulnerability. The structure of the blockchain is decentralized but verified. This fits in perfectly with the way that IoT devices are connected together. In a hyper-connected network of IIoT devices, including critical infrastructure systems like ICS units, the blockchain offers a way to record and verify each device.
Each device can also be associated with ownership using a mechanism based on the concept of the ‘oracle’; the oracle can provide proof of sensor readings. Using this system, devices can be verified, and if found to be rogue, can be set to inoperable if a breach is detected.
Securing the Chain of Industry
As our industrial systems move into a more cyber-physical realm, built on hyper-connectivity and automation, it brings with it new challenges in security. Industry 4.0 gives us tools to develop more efficient, sustainable, and smarter machines. In turn, we need to be smart in our approach to securing these hyperconnected infrastructures, by using innovative ways of managing risk, security, and building in resilience.
Blockchain technology has the potential to help us innovate in cybersecurity. It can give us a robust mechanism, inherently pseudonymised and verified. The processes inherent in blockchain technology offer the smart industry ecosystem measures to cross-check its own suppliers and devices, whilst maintaining the confidentiality of sensitive information.