Security in Industry 4.0 : Cyber-attacks and countermeasures

: Industry 4.0 or the smart factory is a concept that aims to improve productivity and organize the means of production. Industry 4.0 introduces a new way of communication in which products and machines are connected to a computer network. Plant components can communicate locally (local area network) as they can communicate internationally (wide area network). Industry 4.0 has therefore created a globally interconnected system in which maintenance and optimization can be conducted autonomously based on artificial intelligence and the Internet of Things (IoT). While it is true that relying on computer networks in today's factories will allow them to have better control, however this will make them vulnerable to attacks that can threaten the economy or the security of a country , and here we are talking about cyber attacks . In this article we will discuss the different cyber threats to the smart factory, their impacts and possible countermeasures.


Introduction
The industry has evolved rapidly over the course of time.In its first evolution,the Industry 1.0 was known by the invention of steam engines and intense coal mining.The next revolution, the Industry 2.0 had mass production as its main feature , and it relied on oil and electricity.The third generation,the Industry 3.0, was primarily known for the emergence of new electronic and telecommunications technologies that led to the development of PLCs and information systems in factories., the Industry 4.0 has changed factories, in fact the fourth Industrial Revolution made factories more agile, more efficient and more competitive.The Industry 4.0 is based on data technologies, communicating sensors, the IIoT (Industrial Internet of Things), piloting, simulation and information processing software.Figure 1 illustrates the evolution of the industry over time.Industry 4.0 is no longer seen as a luxury but an obligation for factories wishing to survive and promote their activities.Thanks to specialized software, plant managers can customize productions, reduce costs and energy consumption, be able to remotely control and pilot the production equipment or even virtual networks, to control physical objects, allow the production equipment to self-diagnose.
Relying on new forms of communication, in particular computer networks, new connected machines , Cloud Computing, extends the vulnerability of factories and therefore leads to vulnerability that can jeopardize the activity of the factory and the entire Supply Chain .Attacks, whether intentional or accidental, are proliferating every day and are becoming much more sophisticated.In fact, the more communicating components are added in the plant, the more the vulnerabilities associated with it are added to the list of threats.In this article we will try to classify all the vulnerabilities and possible countermeasures to put in place in order to better secure an Industry 4.0 factory.
The rest of the article is organized as follows, in the second section we will discuss the main components of Industry 4.0.In the third section we will discuss the different threats related to Industry 4.0.In the fourth section we will present the recommendations and solutions to adopt to secure your plants.Finally,the fifth section will be devoted to the conclusion.

2.. Main components of the Industry 4.0
While Industry 4.0 provides unparalleled flexibility and improvement in production, production relies on several technologies to achieve this success.
Several technologies are associated with Industry 4.0, including IIoT, cyber-physical systems, cloud computing, artificial intelligence, big data.

2.1.Industrial Internet of Thing -IIoT
IIoT is the technology that allows all workstations, lines and logistics capacities to be all linked into a network.The network components communicate with each other and each of them communicates with the production control system.Objects integrated into a manufacturing process contain data in the form of design, production, or logistics parameters.The Industrial Internet of Things enables machines and systems to manufacture products practically in an independent way.

2.2.Cyber-physical system
A cyber-physical system is a composite autonomous system, combining sensors, software that posses data processing features and communication capabilities.The cyber-physical system interacts with its environment to drive physical processes and optimize industrial production.

2.3.Industrial cloud computing
Industrial cloud computing provides the essential platform for the secure sharing of data exchanged between machines and equipment in Industry 4.0 especially in the wider perspective where the unified production platform includes several production and logistics sites.

2.4.Artificial intelligence (AI)
Artificial intelligence (AI) enables machines to mimic forms of real intelligence, particularly the human brain, by integrating the ability to adapt its modus operandi according to external stimuli.AI in Industry 4.0 can be used to anticipate breakdowns and schedule maintenance.Thanks to its prediction assets, AI can also be used to simulate an industrial configuration by adding to the production parameters a flow of forecast data, economic, climatic and human behavior data.

2.5.Big data
Big data allows to massively collect structured or unstructured data from different sources In the context of Industry 4.0, this data can come from sensors, equipment or machines.Big data makes it possible to implement increasingly sophisticated process methods to control the quality of products along the supply chain (inventory management, transport, marketing, purchasing).

2.6.Threats related to Industry 4.0
The risks of attacks are increasing every day, critical industrial activities are now directly targeted by cyber attacks (energy and heavy production).Their identified vulnerabilities, and generally not protected, expose them to significant physical, environmental and / or financial consequences.According to the "Cisco 2018 Annual Cybersecurity Reports", almost 31% of organizations have been victims of cyber attacks related to the operational technology (OT) , while more than 38% predict the occurring of such cyber attacks.75% of experts give top priority to cyber attack protection, only 15% believe their companies can deal with different cyber attacks.Industry 4.0 generally has four main threats, these are denial of service, theft of intellectual property, industrial sabotage and finally the scourge of ransomware.These threats relate to attacks that can target components of the smart factory.
Figure 1 illustrates all of the cyberattacks threatening the Industry 4.0.These cyberattacks affect the hardware layer of the OSI model, especially the physical layer, layer 3 of the OSI model, the network layer and the layers 4 and 7 transport and network.In the rest of this section we will discuss the most prevalent and impacting the industry.

3.Denial of service
Denial of service is an attack that overloads equipment or services with a mass of data that they cannot process.The overload can be from a single source, in this case the attack is called DoS, or it could come from several sources, in this case the attack is called Distributed DoS ,or dDoS.In the case of the dDoS attack,a malware called botnets infects machines, then put them under the control of the hacker, who can order them to attack his victim.Since Industry 4.0 relies on a large number of interconnected devices, this attack remains very likely and can have a critical impact on the entire system.In article [1] the authors presented the Mirai botnet and its variants as well as the various damages that it can inflict upon an IoT architecture.In article [2] the authors exploited the DNP3 and Modbus protocol to inject traffic causing a denial of service.The Distributed Network Protocol (DNP3), which is used in automation systems primarily by electric utilities and water utilities.DNP3 was developed for communication between different types of control and data acquisition systems.It plays an important role in SCADA systems, and it is used by control centers, terminal units (RTU) and intelligent electronic devices (IED).The authors have shown that a simple authentication limit can lead to considerable losses.Article [3] proposed a new authentication method deployed at the IoT or IIoT level without the data being stored locally, authentication is based on challenges to verify identities.The authors of the article [4] exploited vulnerabilities in the UDP transport protocol ,and through NTP and DNS, were able to generate unusually high levels of traffic on the network to cause disruption.A new dDoS attack has been developed exploiting the MQTT protocol thus threatening the availability of the entire IoT and IIoT architecture [5].MQTT is a Machine-to-Machine (M2M) data transfer protocol that enables SCADA systems to access IIoT data.It is considered one of the main messaging protocols of the IIoT.In this article, the authors exploited a specific weakness in MQTT that allowed the client to configure server behavior.In order to validate the possibility of exploiting such a vulnerability, the authors proposed SlowITe, a new low rate denial of service attack aimed at targeting MQTT via low rate techniques.Specifically, the authors exploited the ability to set the Keep-Alive parameter of the server from the client itself, thus configuring the behavior of the server, in terms of connection close times, from the attacking node.

Data tampering and identity theft
Data tampering is an attack that involves altering data in transit between one node and another.This falsification can be carried out by interception during the transfer or by identity theft.Identity theft allows an attacker to get through the a node or a machine in the plant, thus making it possible to receive all the information that is generated at the plant, and to possibly respond instead of the legitimate machine.This attack is known as the Man in the Middle (MITM).These kinds of threats are very common in Industry 4.0 due to vulnerable identification mechanisms.The Transport Layer Security TLS protocol was developed to add a layer of security , by first of all authenticating communicating machines and verify the integrity of authenticated exchanges.However, this TLS protocol can be vulnerable to identity theft attack, the intruding machine can take the role of the server to participate in the challenge and recover the machine's authentication data and intercept its data and possibly modify them, without having the possiblity to intercept the intrusion.Article [6] proposed an effective new model to avoid this manipulation exploiting identity theft when establishing a TLS secure channel.The proposed authentication mechanism is based on the SISCA mechanism which is proposed in article [7] and relies on "ID-based Channel" authentication and server invariance.With the emergence of IoT technologies, the block chain has become essential.The block chain is a cryptography-based computer protocol used to secure data transferred digitally from a single source to a single recipient.Finally, the block chain brings confidence in the data through the non-centralization of authorizations, and authentication.All of these processes are "distributed" over a network which reduces the risk of errors or corruption.Thus this new technology makes it possible to solve genuineness problems related to a given data.Through article [8], the authors proposed a secure wireless mechanism using Block Chain technology that stores the extorted procedures of each record in a number of blocks.The blockchain scheme is typically used to extort information from the sensors and further preserve it in the blockchain to ensure security and provide transparency between users in various locations.

Countermeasures
As a response to the various IIoT cyberattacks, several solutions and equipment can be put in place to guarantee the availability, confidentiality, integrity, authentication and non-repudiation of data.

4.1.Encryption
It is important to ensure that production facilities are safe for people, the environment and the data and information they contain.Data must therefore be absolutely protected against misuse and unauthorized access.The first risk concerns industrial espionage, in fact, a low level of encryption in the cloud environment is a major problem because a hacker, or an organization, can bring down many factories and not just a single site.The use of VPN (Virtual Private Network) solves several problems mainly of availability, confidentiality, integrity and authentication of data.

4.2.Firewall
Preventing unsolicited connections can reduce but not negate the risk of infection with viruses and malware.A firewall is a device that can authorize or prohibit a flow according to its attributes.The latter, in a factory is often configured in different zones at least three; the Inside zone, the Outside zone and the DMZ demilitarized zone.Communication between these zones is governed by security levels, in which the Inside zone is level 100,and the outside zone is 0 , while the DMZ zone is between 0 and 100.Communication between a higher level to a lower level is allowed while the reverse is not , only after a manual authorization has been granted by the administration.Most often, any connection from the outside is redirected to the DMZ which can tolerate failure or else it does not contain confidential information.

4.3.Antivirus and Malwares
More than filtering, it's about inspecting.Because most viruses hide behind authorized traffic, deep packet analysis systems can analyze signatures and determine the type of virus.In Operational Technology -OT, it is impossible to control computers because they can be embedded inside PLCs and you cannot install an antivirus on them.To protect themselves from infected USB keys, factories can install electronic customs posts that materialize the separation between the OT and the IT.This is a secured USB port that allow only signed files to be transfered .Likewise, installing an antivirus has side effects on the performance of the machine on which it is installed.The Norman Shark ICS Protection solution allows a workstation to accept a USB key only if it has been scanned and guaranteed to be virus-free.In addition, with its Trend Micro Portable Security 2 solution, the eponymous publisher offers its antivirus in the form of a USB key to scan equipment on which it is not possible to install software.Learning Classifiers detection of botnets malware from benign applications and in then classification of malwares dataset on a base of family.+performedan analysis of Android botnets that employ HTTP traffic for their communications using machine learning : 1networklevel behavioral malware classification system that focuses on HTTP-based malware and classification malware samples based on a notion of statistical similarity between the malicious HTTP traffic they generate.2-the samples belonging to the same malware family have structural similarity between HTTP malicious traffic traces.[15] Computer and Network Forensics: investigating network traffic what and if any content can be revealed while someone investigates network traffic, meaning doing packet sniffing, with a special monitoring and analyzing tool, Wireshark.encryptation [16] ENERGY-GRID THREAT ANALYSIS USING HONEYPOTS cyber threats to smart energy grids a high-interaction honeypot that simulates a grid named GridPot [17] Securing In particular, published literature lacks validation of solutions using data from real electrical substations.Furthermore, and as a result, many published approaches do not focus on providing solutions that are truly tailored to practical implementation at the physical application layer novel use of configuration information from the SCD file in order to automatically configure the deployed IDS to the substation where the IDS is installed.The proposed solution also adopts detection appraches based around expert knowledge such as GOOSE and SMV parameter configuration data [37] Multi-Channel Security through Data Fragmentation security architects to develop a secure, multi-channel communication system increasing the number of channels utilized [38] Intrusion Detection for Smart Grid vulnerabilities associated to the smart grid.
anti jamming and spofing using algorithms [39] Communication Systems Firewalls: A study on Techniques, Security and Threats

5.Conclusion
Through this article we have discussed the role of Industry 4.0, its components and the associated cyber attacks.Although Industry 4.0 has become a necessity to increase production and ensure efficient communication between different machines, the latter is seen as an active field for cyber attacks.Protection against cyber attacks on an industrial network does not stop with the deployment of the most sophisticated solutions, but also to the awareness of users because most attacks can exploit the naivety of employees or the neglect of the impact of the cyberattack on the continuity of production.

Table 1
illustrates a summary of the most prominent cyberattacks in the Industry 4.0

Table 1
List of the most prominent cyber attacks in Industry 4.0 Mirai identifies vulnerable IoT objects with a default ID and password table and then simply logs in to install the malware

Table 2
illustrates all of the work carried out in relation to cyber attacks on industrial networks.

Table 2
Liste of cyber attacks and their solutions