欢迎来到报告吧! | 帮助中心 分享价值,成长自我!

报告吧

换一换
首页 报告吧 > 资源分类 > PDF文档下载
 

工业4.0网络安全:挑战与建议.pdf

  • 资源ID:98418       资源大小:270.48KB        全文页数:13页
  • 资源格式: PDF        下载积分:15金币 【人民币15元】
快捷下载 游客一键下载
会员登录下载
三方登录下载: 微信开放平台登录 QQ登录  
下载资源需要15金币 【人民币15元】
邮箱/手机:
温馨提示:
用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,下载共享资源
 
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,既可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

工业4.0网络安全:挑战与建议.pdf

INDUSTRY 4.0 CYBERSECURITY: CHALLENGES security aspects of new protocols used by Industry 4.0 solutions; skills to utilize security functionalities of the components and services (which may seem overly complicated to users if not adequately explained);methods of secure integration with legacy systems;information systems security over complex supply chains.Moreover, large manufacturing companies often are lagging in training employees who work with OT equipment and instead employ security solutions for Industry 4.0 systems without first ensuring take-up by employees. In addition, nowadays there are a limited number of state-of-the-art cybersecurity trainings dedicated to IT/OT convergence and Industry 4.0 systems and in any case, such trainings in most cases do not cover all essential aspects of these areas, are often very expensive and not always tailored to specific industry needs.RECOMMENDATION: PROMOTE CROSS-FUNCTIONAL KNOWLEDGE ON IT AND OT SECURITY Raising awareness on basic industrial control security as well as on the secure way for transitioning to Industry 4.0 and Smart manufacturing is of paramount importance. To address the lack of IoT and Industry 4.0 security talent, it is essential is to cultivate such knowledge both within and across organisational boundaries. Persons in charge of security within Industry 4.0 organizations should invest in state-of-the-art dedicated cybersecurity trainings that cover all necessary aspects specific to IT/OT convergence and Smart manufacturing. Lastly, trainings and courses at schools and universities (considering localisation to reach a wider audience) will further promote a better understanding of Industry 4.0 security among younger generations and thus in the long-term will contribute to raising awareness. The emergence of Industry 4.0 introduces new technologies into traditional OT environments and thus people familiar with OT that work in such environments need to adapt.4INDUSTRY 4.0 CYBERSECURITY: CHALLENGES & RECOMMENDATIONSMay 2019To promote cross-functional knowledge on IT and OT security, ENISA recommends:Encourage cross-functional security and safety knowledge exchange between IT and OT experts respectively. Launch security education and training in industries transitioning to Industry 4.0, including knowledge of state-of-the-art, best practices, methodologies and tools for secure convergence of IT and OT systems.Establish tailor made training courses focused on Industry 4.0 security to increase effectiveness of the training and assist OT and IT security experts to address relevant cybersecurity issues more efficiently.Develop competency profiles to provide IoT and Industry 4.0 specific awareness and education training for all staff.Introduce programs at schools and universities to address the lack of security and safety knowledge across the industry and to empower the next generation of IT and OT security expertsanise cyber-culture and cyber-hygiene induction courses for OT personnel and conversely safety-culture and safety-hygiene courses for IT personnel, also involving all staff. Introduce to OT people the notion of security and to IT people the notion of safety, with special mentions to cases where the two notions may align or not. CHALLENGE: INCOMPLETE ORGANISATIONAL POLICIES AND RELUCTANCE TO FUND SECURITYIndustry 4.0 operators, which are at various stages of Industry 4.0 adoption, often do not have appropriate governance structures in place for secure implementation of new technologies and secure maintenance of the existing ones. Defined security programs are rarely in place and in general comprehensive programs that consider security and safety in tandem are lacking. It is also often noted that security related roles and responsibilities of employees are not clearly defined and there is minimal planning to consider safety engineers within the cybersecurity ecosystem. This results in companies lack of resilience and vulnerability to potential security breaches.This is because to date cybersecurity was traditionally not perceived as a Board-level topic, since its impact on increasing revenue or optimizing cost remains generally unclear. This results in the fact that the majority of technological transformations mostly focus on increased functionality and business value rather than cybersecurity, i.e. hindering the potential negative impact of associated risks. A typical example of this is the ongoing migration of manufacturing companies towards Cloud. In general, companies decide to opt for Cloud solutions to benefit from cost efficiency and ubiquitous access to information. During this migration, security should be considered as a high priority issue and accordingly it should play an equally important role in decision-making as cost efficiency especially when manufacturing companies choose public clouds and thus increase the risk of exposing their data and operations, while at the same time improving their resilience.Furthermore, it is worth highlighting that ensuring security of a system or solution, both in the context of Industry 4.0 vendors and operators, requires funding and commitment from top-level management. However, as there is no clearly discernible link to generate profits from investing in cybersecurity, it is often the case that due consideration to cybersecurity is given when a security breach directly leads to financial losses. Striking the proper balance between the costs and the need for security remains an open challenge. Industry 4.0 operators, which are at various stages of Industry 4.0 adoption, often do not have appropriate governance structures in place for secure implementation of new technologies and secure maintenance of the existing ones. 5INDUSTRY 4.0 CYBERSECURITY: CHALLENGES & RECOMMENDATIONSMay 2019RECOMMENDATION: FOSTER ECONOMIC AND ADMINISTRATIVE INCENTIVES FOR INDUSTRY 4.0 SECURITYIt is clear that lack of security has the potential to significantly affect business continuity. Industry 4.0 is no exception given the criticality of related operations and the associated impact on safety as well. In this respect, best practices for business continuity can serve as a driver for investing in cybersecurity solutions and accordingly for supporting the unobstructed operation of Industry 4.0 processes. Investments in cybersecurity should not be driven only by fear of losing money. It is equally if not more important, for industries and organisations to not look at cybersecurity only as a cost, but to also start seeing it as an important business opportunity. Cybersecurity can be an important competitive advantage for businesses, since it leads to having secure, reliable and trustworthy products and services. Accordingly, cybersecurity is an enabler of business opportunities, not a hindering factor and certainly not another item on a checklist.Nonetheless, economic and administrative stimuli are also required to incentivize investments in Industry 4.0 security, given that maturity and mentality of organisations and businesses needs to grow further when it comes to identifying the role and importance of security. To foster economic and administrative incentives for Industry 4.0 security, ENISA recommends: Establish administrative structures for top-level management to discuss and exchange views with cybersecurity experts and CISOs.Launch funding schemes for SMEs and other bodies to support their transition to a secure Industry 4.0 ecosystem, including financial support for cooperative actions.Incentivize innovation and R&D activities for securing IT and OT environments, components and systems.Ensure a homogeneous and stable legal environment for Industry 4.0 cybersecurity to allow companies to plan long-term, sustainable business strategies including the aspect of security. Consider the development of certification schemes for Industry 4.0 security (taking into account the inherent particularities when defining the target of evaluation), since they promote harmonisation of the market, increase consumer trust and open up new business opportunities.Promote Public Private Partnerships (PPPs) focused on Industry 4.0 cybersecurity to benefit from multi-stakeholder dialogues and much needed synergies.Investments in cybersecurity should not be driven only by fear of losing money. It is equally if not more important, for industries and organisations to not look at cybersecurity only as a cost, but to also start seeing it as an important business opportunity. 6INDUSTRY 4.0 CYBERSECURITY: CHALLENGES & RECOMMENDATIONSMay 20193. PROCESSESCHALLENGE: LIABILITY OVER INDUSTRY 4.0 PRODUCTS LIFECYCLE IS POORLY DEFINEDLiability for Industry 4.0 cybersecurity is an open issue (a gap also identified for most of emerging technologies) as accountability for Industry 4.0 cybersecurity incidents remains unclear. There is a large number of stakeholders involved in the supply chain and in the use lifecycle of Industry 4.0, therefore apportioning liability in the aftermath of a security incident becomes challenging as currently, only general provisions of liability are applicable. The major difficulty in finding a clear solution for liability stems for the inherent complexity of the ecosystem. The majority of Industrial IoT devices are usually built from a large number of components manufactured by multiple vendors, in disperse locations (possibly subject to different administrative and legal constraints) and including vendors of the software embedded in the devices. The complexity of the supply chain further exacerbates relevant concerns. Apportioning liability thus remains an open challenge.In the context of cybersecurity, an Industry 4.0 device manufacturer is broadly expected to implement functionalities in its product that would enable a proper level of security. In a similar fashion, the role of Industry 4.0 operators would see them using these available security features and perform all security upgrades provided by the manufacturer. In reality, the situation is more complicated. The long lifespan of Industry 4.0 solutions (especially in comparison to IT systems) and the financial commitments related to their long-term maintenance (e.g. software patching), both aggravate the requirements on manufactures, users and operators of such solutions. Shared ownership of connected, Industry 4.0 solutions, unclear or unspecified role assignments and lack of provisions in procurement contracts and service level agreements further complicate the issue of liability. RECOMMENDATION: CLARIFY LIABILITY AMONG INDUSTRY 4.0 ACTORSThe Industry 4.0 paradigm introduces emerging technologies and services in manufacturing and the industrial ecosystem in general. Given the cyber-physical nature of this paradigm, security and safety are tightly intertwined. Therefore, it is of particular importance to address liability concerns not only to protect end-users and consumers of such products and services, but also to stimulate corresponding investments through a comprehensive and stable legal framework. The European Commission has recently published a Staff Working Document that sets the scene for liability issues in emerging technologies such as IoT and Artificial Intelligence2. This will serve as a reference point for forthcoming work.The question of where liability may fall lies between the different and diverse stakeholders of the Industry 4.0 supply chain, such as developers, manufacturers, providers, vendors, aftermarket support operators, third party providers and the end users, to name a few. 2 See EC Staff Working Document on “Liability for emerging digital technologies”: ec.europa.eu/newsroom/dae/document.cfm?doc_id=51633, April 2018The major difficulty in finding a clear solution for liability stems for the inherent complexity of the ecosystem. 7INDUSTRY 4.0 CYBERSECURITY: CHALLENGES & RECOMMENDATIONSMay 2019To clarify liability among Industry 4.0 actors, ENISA recommends:Address liability issues in the context of European and national legislation and case law, especially where gaps in existing legislation are identified.Adjust procurement language to clarify liability among stakeholders in supply chains, e.g. specify Industry 4.0 cybersecurity requirements as part of SLAs (Service Level Agreements) and contracts during procurement. Assess the potential of cyber-insurance policies to transfer residual cyber risk and reduce the impact of cybersecurity incidents, for which an entity might be held liable.Raise awareness of end users and consumers on their rights concerning liability legislation.Specify in a clear manner the legal obligations of Industry 4.0 operators when it comes to liability.CHALLENGE: FRAGMENTATION OF INDUSTRY 4.0 SECURITY TECHNICAL STANDARDS The current landscape of standards and policy initiatives related to IoT and Industry 4.0 cybersecurity is quite large, covering security aspects at both a horizontal and vertical (application specific deployments, e.g. automotive, health, and consumer) manner. In the context of IoT, many high-level reference documents have been published, as well as baselines, good practices, checklists and general guidance3. Concerning connected industrial systems and manufacturing systems in particular, there are also useful sources that may serve as guidelines for relevant stakeholders4. However, when it comes to Industry 4.0 and Smart Manufacturing the situation is slightly different. Given the nascent nature of these areas, comprehensive initiatives to address security in a holistic manner are lagging behind. Nonetheless, it is important to refer to some notable examples that already exist (such as IEC 624435or the efforts under IUNO/Industrie 4.06to name a few). Accordingly, interested parties currently utilize documentation that is only partially applicable to the broad spectrum of Industry 4.0 and Smart Manufacturing.The fragmentation of Industry 4.0 security standards and initiatives is of particular importance for the manufacturing sector. Large manufacturing companies commonly have sites spread across the world. Accordingly, the lack of uniform standardization efforts at a global level results in a situation when sites that belong to one organization cannot collaborate and share security expertise and solutions with each other, as they are subject to different schemes. Moreover, secure collaboration across companies is also hindered. At the same time, it is promising that cross-mapping initiatives have started to evolve, e.g. ENISA Baseline Security Recommendations for IoT7, UK Government Code of Practice for Consumer IoT Security8, NIST Internal Report 82289. Whereas, such initiatives contribute to increasing homogeneity in the area of IoT security, further work to expand them in the Industry 4.0 ecosystem is desirable10.3 ENISA online tool for IoT and Smart Infrastructures Security maintains a continuously updated list of relevant efforts mapped against the ENISA IoT Security Baseline: https

注意事项

本文(工业4.0网络安全:挑战与建议.pdf)为本站会员(电脑达人)主动上传,报告吧仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知报告吧(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。




关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

copyright@ 2017-2022 报告吧 版权所有
经营许可证编号:宁ICP备17002310号 | 增值电信业务经营许可证编号:宁B2-20200018  | 宁公网安备64010602000642号


收起
展开