5G wireless technology is transforming telecommunication networks, enabling a plethora of connected devices that provide new capabilities and enhance innovation. This transformation is accelerating Industry 4.0, which has applied the benefits of IT capabilities on physical systems, enhancing many different control mechanisms. Using digital technology to replace legacy analogue controls, connected devices such as embedded digital controls, cameras, and sensors have ushered in an environment of ‘smart’ everything – from buildings and transportation to manufacturing and many other industries.
This has, in turn, created numerous endpoints vulnerable to cyber threats. With the broad adoption of 5G in industrial systems comes increased cyber risks that leave networks vulnerable to compromise. 5G networks are a likely target for cybercriminals to exploit sensitive data.
Mitigating security risks
Segregate networks: One way to mitigate risks across an organisation – and an important point of overall network security – is by segregating corporate and industrial or control networks via different architectures. By introducing a simple two-port firewall between the corporate and control networks, companies can achieve significant security improvements. If properly configured, such a firewall reduces the chance of a successful external attack on the control network.
Develop risk management plans and policies: To further mitigate the risk of cybersecurity compromise brought on by the infusion of billions of connected devices that 5G enables, risk management plans and policies are critical. Companies should continually evaluate and adjust these policies as 5G adoption continues to grow and as automation technology, cybersecurity threats, and personnel change.
Risk management plans and policies should be built on processes that focus on framing and assessing risks, responding to threats, and continuously monitoring processes and systems to detect such risks. For example, policy may include implementing symmetric encryption as a means of protecting data so that only the sender and recipient can use the key or password to gain access.
In the context of cybersecurity, these processes are mostly interrelated and will vary according to the size, location, landscape, and nature of the business and industry.
Build a security programme to deter cyber risk: Using these risk management policies, organisations should develop and deploy an industrial control security programme. Such a programme should work together with other IT security programmes throughout the enterprise. The security programme’s key elements should include building and training cross-functional teams, conducting regular security audits, and using an established risk management framework, such as the NIST cybersecurity framework.
While establishing a security programme is important, it’s equally important to continually update it to reflect changes in technology, operations and processes, industry standards and regulations, and any unique requirements for the security of specific equipment, processes, or facilities.
Develop a cross-functional team and promote cybersecurity culture: Cross-functional teams are an important part of a security programme. Because the domain knowledge across an enterprise varies, cross-functional teams can bring different but complementary knowledge and skills to managing and mitigating risk. For example, a team may include personnel from IT, engineering (specifically those knowledgeable about underlying automation and controls), and operations, plus cybersecurity and IT architecture subject matter experts. An information security manager should oversee the team and its ongoing work.
To further bolster the cross-functional team and its mission, organisations also need to create a cybersecurity culture that extends beyond the team and into the extended enterprise. This includes training and educating all personnel, implementing policies such as two-factor authentication throughout the organisation, and enforcing processes like cybersecurity clearances for contractors, vendors, and other tiered organisations that work with the company.
Conclusion
By utilising established cybersecurity frameworks and developing shrewd policies and practices, organisations can mitigate much of the risk posed by the expansion of 5G in Industry 4.0. Part of the journey is understanding the consequences of attacks, and taking steps to build not only secure networks and devices, but also a culture that recognises threats and vulnerabilities well ahead of an attack.
| Fax: | 0862 346 870 |
| Email: | [email protected] |
| www: | www.trxe.com |
| Articles: | More information and articles about TRX Electronics |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version