Industry 4.0 is hugely bridging technological advancement. Is it laying the path towards more industrial development and going for the next stage of the industrial revolution such as Industry 5.0. How about tackling industrial cybercrime?

The inadequacy of the industrial world to fight and provide 100% protection to any industrial security threats shows the vulnerability of the situation.

A survey conducted by Bitkom shows the impacts by the perceived future industrial security threats in IT industries in Germany in 2018:-

• Zero-day exploit
• Infection with malicious software or malware
• Increased number of networked devices (IoT)
• Lack of qualified IT security staff
• Backdoors or trapdoors
• Fluctuation of employees is increased
• Computing power tapped eg. Unnoticed mining of cryptocurrencies.

In 2017, a survey by VDMA shows the impact of security incidents in Germany:-

• Capital damage
• Loss of production
• No effects
• Loss of quality
• Danger to machinery/ plant
• Reputation/ image damage
• Critical loss of know-how
• Risk to safety (people, environment)

So how about tackling the serious Industrial security issues. The organization needs to address the issues with preventive measures either being ahead or after the company got affected. Well in both the scenarios, the loss is likely to be more in the latter case.

The security measures in use in the process or organizational-related issues in the company are:-

• Definition of access rights for specific information
• Clear classification/labeling of trade secrets
• Clear rules for handling sensitive information
• Definition of access rights for certain rooms in the company
• Special rules for taking IT and TC equipment on business trips
• Clean desk policy
• Security certifications (e.g. ISO 27001; BSI Grundschutz or similar)
• Introduction of an information security management system (ISMS)
• Regular security audits

The survey by Bitkom shows the technical IT preventive security measures in companies in 2018. The most used security measures in companies in 2018:-

• Regular backups of data
• Virus scanner
• Firewalls
• Password protection on all devices
• Encryption of network connections
• Logging of access
• Electronic access control
• The other security measures that are used but not on a wider scale in companies in 2018 are:-
• Intrusion detection systems
• Penetration test
• Securing the internal company network against data leakage from the inside
• Extended procedures for user identification
• Encrypted e-mail traffic
• Encryption of data on data carriers
• Tap-proof voice communication, e.g. Skype

The companies in Germany using the cyberattacks detection methods in 2018 are:-

Cybercrime is just not the company issue to tackle but has earned attention and support from external sources. The different authoritative legal organizations present in society are also fighting against such cybercrime.

The industrial security supporters in Germany in 2017 (VDMA) are:-

• Industry associations (VDMA, ZVEI, NAMUR, …)
• Suppliers
• Industry consortia (IIC, Plattform Industrie 4.0)
• BSI/ ENISA
• Science/ research
• Standardisation organisations (DIN, ISO, …)
• Government agencies/ ministries
• Police/ Criminal investigation departments
• Office for the Protection of the Constitution
• Legislators (EU, national)
• Courts
• Customers

A question asked by the VDE, How to protect against cyber-crime?

The question was asked to 105 company employees about the preventive measure that thinks to counteract the cyber-crime in 2019:-

• Training of all employees
• Further training for IT staff
• In-house IT specialists
• External service provider
• Not enough budget available, therefore not at all
• Do not have an expert, therefore not at all

Source:- Statista