Facts to keep in mind to address smart factory security vulnerabilities

The smart factory is a representative technology innovation field of Industry 4.0. It increases productivity by implementing digital automation with information and communication technology to the entire process from product design and development to manufacturing and distribution. Existing automation is segmented for each process, but the smart factory organically links and manages the entire process. All facilities and devices are wirelessly connected using information communication technology (ICT), allowing free exchange of data between processes.

Thanks to these advantages, smart factories are rapidly being applied to the manufacturing industry. According to Precedence Research, the global smart factory market size was evaluated at $129.74 billion in 2022 and is expected to hit around $321.98 billion by 2032, growing at a CAGR of 9.52% from 2023 to 2032. The North America region currently dominates the market, but the Asia Pacific region will likely have considerable growth.

In order to run a smart factory, technologies based on automation such as operational technology (OT) and industrial control system (ICS) are required. OT operates industrial machines and processes, whilst ICS oversees controlling them.

Because of their critical roles, they are a prime target for smart factory security threats. According to the cybersecurity report, The State of Industrial Cybersecurity, released by Trend Micro in 2022, 89% of electricity, oil and gas, and manufacturing companies said they had experienced a cyberattack affecting production and energy supply in the past 12 months. Among responding organisations experiencing cyber disruptions to industrial control systems and operational technology (ICS/OT), the average financial damage is approximately $2.8 million, with the oil and gas industry suffering the most.

These threats began to accelerate after Industry 4.0. In the past, most companies used dedicated hardware or software, so the cyber security risks were low. Smart factories began to be applied to manufacturing after Industry 4.0. Recently, as new technologies such as AI, cloud, and 5G were introduced, risk factors in the IT system of smart factories spread to the OT and ICS.

What is clear is that as the number of devices and systems connected to external networks increases, the vulnerability of OT and ICS has become obvious. Significant damage due to vulnerabilities in OT and ICS are witnessed all over the world. In 2020, Japanese automaker Honda suffered a cyberattack that damaged 11 of its overseas production plants, disrupting production. In 2021, a ransomware attack at JBS Foods, the world's largest meat producer, paralysed its facilities in the US, Canada and Australia, forcing it to shut down facilities and lay off employees. JBS was able to fix the problem only after paying a whopping $11 million to the hackers. In the end, we find that the larger the size of the company, the lower the level of cyber security in many cases, and hackers undoubtedly know how to break into the weakest points.

OT and ICS vulnerabilities are increasing every year. Fortunately, experts and advanced solutions in cyber security of industrial control equipment or industrial control software are gradually increasing. Among them, one-time authentication code (OTAC), a uni-directional dynamic unique identification authentication code, is attracting attention as a rising star.

OTAC provides all the advantages of commonly used authentication systems such as ID & password, device-type OTP, and tokenisation. Above all, it supports the generation of a unique dynamic code that can identify and authenticate users and devices simultaneously even in the off-the-network environment, and the generated code cannot be reused by other users. OTAC supports a safe smart factory environment by making it impossible to hack and control the device by utilising a dynamic code that changes every time to compensate for vulnerabilities of IoT devices, such as predictable passwords, unprotected network services, and inappropriate data transmission.

As the number of things connected to OT increases and connection with production facilities located in other regions or countries beyond physical production plants becomes essential, it becomes increasingly difficult to protect infrastructure through network separation. After all, if public networks and connectivity inevitably dictate the future, introducing more secure user and device authentication into OT should not be delayed any longer.