From WannaCry to the Roadmap of Industry 4.0
In May 2017, the "WannaCry" ransomware brought the world with a shock. The attack had alarmed for the emerging cyber attacks to the industrial systems. WannaCry hit many different industries. Japanese car industry players Nissan was hit. Its French counterpart Renault was forced to halt the operation at sites in France, Slovenia and Romania. The Lyttelton container terminal near Christchurch, New Zealand needed to take an emergency suspension of service. In UK, the National Health Services reported over 40 hospitals and clinics disrupted, turning away patients. In USA, Bayer reported two medical devices affected.
Industry 4.0, also known as the "fourth industrial revolution", was first proposed by the German government, followed by leading economies which introduced similar policy initiatives to upgrade the industry such as the "Industrial Internet" of the United States, and the "Made in China 2025". They are to promote the integration of data with sensors, Internet of things, big data analytics, Internet and other technologies, to link up production services, and to facilitate small quantity production of personalized products. This will significantly enhance efficiency and flexibility in production, but also lead to more network interfaces and larger flow of data over untrusted network, creating a whole new range of cyber security risks.
WannaCry demonstrated that a network worm can effectively scan the Internet for devices with vulnerability and exploit them remotely. It does not require any interactions from the user. Many legacy industrial control systems are not patched up-to-date due to compatibility issue. They are connected to a same flat network. If somehow one single device is exposed to the Internet and got infected, it can infect the internal network very quickly. The consequences of the attacks are financial loss, disruption of public services and even affect imply human life. The scanning activities for Internet devices are very popular. One such popular Internet device scanner, Shodan, found over 58,000 industrial control systems in Hong Kong were exposed directly to the Internet, in June 2017.
Improving cyber security in the industry to pave the way to Industry 4.0 is an essential step. We have to have the joint effort of information technology and operation technology personnel to promote the principle of "Security by Design" in the design of new products. This requires the joint effort of information technology and operation technology personnel. HKPC will organize an international technical conference in November to bring international experts to Hong Kong to share the most updated security development of Industry 4.0. A Cyber Security Corner will be set up in the "Smart Industry One", a soon-to-be-opened facility at HKPC to show the best practices on addressing cyber threats in "Industry 4.0". Please stay tuned.