For c-suite decision makers and boards of directors in industry, safety in the workplace is an issue that has surged in importance over the last two decades. Ethical and legal scrutiny when it comes to managing employee (opens in new tab) safety has increased markedly during this time, and executive teams are constantly under pressure to ensure that safety standards keep pace with rapid technological innovation.
Cybersecurity (opens in new tab) has now become an equally vital concern for executive teams, and even more so in the age of Industry 4.0 and increasingly networked industrial workplaces. According to the manufacturing industry trade body MAKE, half of UK manufacturers were impacted by cybercrime in the last year with over 20% facing losses up to £25,000.
About the author
Alex Nehmy is Director of Industry 4.0 Strategy at Palo Alto Networks (opens in new tab).
Technology advances involving data and robotic automation (opens in new tab) mean new cybersecurity workplace risks where industrial equipment and processes are concerned. Managing such risks demands a concurrent shift in workplace safety approaches, which means that mitigatory steps must be aligned with your organization's cybersecurity strategy and handled with extreme care.
Workplace safety and the new industrial workplace
Today, industrial machines can more accurately be labelled industrial robots, given they are mostly computers with machinery attached, a direct result of the Industry 4.0 revolution.
According to a recent International Federation of Robotics report, a record 3 million industrial robots are reported to be currently operating in factories around the world and installations worldwide are anticipated to grow by 13% by 2022. This indicates that investment in industrial computer robotics is surging to the extent that it will be difficult to compete effectively without them in the near future.
Such a competitive disparity will become even more pronounced as AI and autonomous machinery increasingly take center stage alongside human employees. As industrial workers collaborate increasingly with robots on a day-to-day basis, risks of malfunctions and workplace injuries as a consequence are likely to rise.
This is particularly pertinent from a cybersecurity perspective as malicious actors are increasingly likely to target industrial settings for cyber attacks. As such, industrial robots must be factored into organizational cybersecurity strategies as risk vectors. Industrial robots should be assessed for vulnerabilities as carefully as any other digital devices with security safeguards built into designs and operation procedures.
In the context of industry 4.0, companies have a duty to ensure a safe workplace, while also being a secure cyber workplace. Industrial business decision makers therefore have important responsibilities to iterate effectively when it comes to cybersecurity initiatives for industrial robotics in order to provide a safe environment, particularly when it comes to working with autonomous systems.
Ensuring a safe industrial workplace with ZTNA
A key consideration for Industry 4.0 businesses is the need to implement a culture of accountability for all things cybersecurity throughout organizational hierarchies. Often this starts from the top with a Chief Information Security Officer in place to assess cybersecurity risks and ensure there are no vulnerabilities, but Industry 4.0 organizations must ensure ownership and accountability for cybersecurity from the board down to workers on the shop floor.
A strategic approach to cybersecurity in Industry 4.0 workplaces is vital. Implementing a Zero Trust (ZTNA) model to reinforce Industry 4.0 robotics will help in effectively mitigating against cybersecurity risks in the workplace. In Zero Trust, identifying critical and valuable data, assets, applications, and services is key to prioritize where to start and to effectively create Zero Trust security policies. By identifying the most critical assets, organizations can focus efforts on prioritizing and protecting those assets.
A comprehensive Zero Trust approach encompasses users, applications and infrastructure. The first step of any effective Zero Trust effort requires strong authentication of user identity, application of “least privilege” policies, and verification of user device integrity. A fundamental maxim of Zero Trust is that applications cannot be trusted, and continuous monitoring at runtime is necessary to validate their behavior.
This means that all applications in Industry 4.0 systems should have Zero Trust applied to remove implicit trust with various components of applications (opens in new tab) when they talk to each other. Where infrastructure is concerned, everything infrastructure-related—including routers (opens in new tab), switches, cloud, IoT (opens in new tab), and supply chain—must be taken into account with a Zero Trust approach.
Industry 4.0 cybersecurity and microsegmentation
In an Industry 4.0 context, IoT and robot devices in the contemporary industrial workplace must be accounted for and guarded with a watchful eye at all times to provide and maintain consistent checks and balances. This enables IT security departments to carefully and consistently scrutinize the behavior of all devices throughout the organization to review and guard against anomalous and potentially malicious activity.
By ensuring all digital interactions are vetted for vulnerabilities at every stage, an industry 4.0 organization's security architecture can be reinforced effectively to mitigate against attacks. From a tactical perspective, combining ZTNA with microsegmentation to reduce the attack surfaces of industrial systems can also help minimize the risk of system compromise. This will help in reinforcing visibility, granular security and dynamic adaptation across networks, data centers and clouds.
As industrial robots proliferate throughout industry and workplaces to demand effective co-living with human employees, cybersecurity will increasingly be viewed as a core component of an effective workplace safety approach. Industry 4.0 senior leadership and organizations must begin treating cybersecurity as a workplace safety issue, putting in place security and safety programs to manage risk effectively.
We feature the best endpoint protection software. (opens in new tab)
Gloss