Innovation in Cybersecurity and Industry 4.0

The term industry 4.0 first appeared at a fair in Hannover, 2011, Germany (Pfeiffer, 2017). It is based on three other industrial revolutions that took place previously: the steam engine, the manufacturing assembly line and automation (Kaltenecker, 2019). The fourth revolution brings the digitalization of the process and the smart factory.

The construction of a cybersecurity solution usually takes into account the triad, confidentiality, integrity, and availability.

Confidentiality guarantees protection for information, preventing unauthorized people from having access to it. The industry stores a large amount of data and documents that can reveal the functioning of its processes, the innovations used, its market strategies, among other information. Corallo et al. (2020) identify some impacts related to loss of confidentiality, such as loss of intellectual property and industrial secrets, reduced competitiveness, and damage to its image and reputation.

Integrity aims to ensure that data is not altered, directly influencing managers' presentation of information and decision-making. In the industry's specific case, the integrity can modify the machines' configuration data and cause them to work in the wrong way, even outside the operating parameters, which can lead to a severe problem. Something similar happened with centrifuges in the case of Stuxnet. Corollo et al. (2020) say there are the following impacts on the business, sabotage to critical infrastructure, damage to operating technologies, degradation of product quality, violation of standards to be respected by the industry (such as ISO).

Availability is the ability to access data whenever you need it. That is fundamental in the industry because the machines, equipment, and others tend to work 24 hours a day. Their unavailability means a lack of production and, therefore, loss of revenue. Corollo et al. (2020) understand that unavailability can even tell the loss of an employee's life when, for example, a machine or a sensor stops working, and a robot makes a fatal move.

The three cybersecurity requirements have a different relevance when talking about industry 4.0. In information technology systems, the highest priority usually falls on data confidentiality. As already noted, availability is the highest priority requirement (Benias & Markopoulos, 2017).

The strategy to be defined for protecting an industry's cyberspace must take into account several characteristics mentioned in this work. For example, the network number becomes much more significant, allowing an employee with direct access to equipment. Usually, devices prepared for the Internet of Things have ways to be accessed stand-alone. In a fourth industrial revolution environment, the factory and the suppliers and the customers themselves will be connecting to the factory infrastructure, when the factory, for example, needs to place an order for raw materials or when accessing the customer's product to identify some update or maintenance.

Consequently, cybersecurity should have a well-defined strategy as its starting point in the context of cyber resilience and risk management (Culot et al., 2019).

For Benias & Markopoulos (2017), Industrial Control Systems cybersecurity should be based on three high-level approaches:

• Harden the Perimeter through a complete separation between the factory network and the office network. According to the authors, this can be done with a firewall and/or demilitarized zone (DMZ);

• Defense in Death, meaning creating protection levels, where each level has a more incredible difficulty to be overcome. Thus, in case the breach occurs at the perimeter, there will still be several levels to ensure protection;

• Remote access. As explained earlier, remote access is inevitable, given the very definition of industry 4.0. Therefore, the personnel must access the network using a VPN.

While the previously reported actions may be an excellent start to cybersecurity, it is clear that it will not be enough to protect the industry from attack fully. They can still occur through social engineering, poorly trained employees who click on a suspicious link in an email, among other possibilities. The truth is that however, excellent and better the protection, it will fail. And right now, the cybersecurity team, as well as the risk management and control systems, must be functioning correctly.

The company must use some framework, methodology, or guideline to make adequate management of the risks involved because of what was presented. In these cases, there is usually a combination of processes and tools to help the industry avoid a bigger problem. Among the standards used there are the NIST 800-53 and the IEC 62443. Regarding the frameworks, NIST (2018) is one of the most interesting and covers a wide range of activities to be performed. The advantage of using these methodologies is that they were thought and developed by various governments, academia, and private sectors. Besides, they tend to be continually evolving as new technologies, new learning, and further violations are discovered.

Finally, the implementation of industry 4.0 is related to some models developed worldwide. The German model is one of the most advanced and well-known in the world. He is captained by the German Federal Ministry for Economic Affairs and Energy and the German Federal Ministry of Education and Research. It is known as RAMI 4.0 (Reference Architectural Model Industrie 4.0). Its content and documentation can be accessed at HTTPS:// www.plattform -i40.de/ PI40/ Navigation/ EN/ Home/ home.html.

The use of these reference models, especially those that are more advanced, already includes cybersecurity. In fact, its development is already based on the "Security by Design" approach.

That's it for now! Thank you for reading this article!