Protecting Industry 4.0 against Advanced Persistent Threats

The SADCIP project has arisen from the need to deal with increasingly intelligent and autonomous industrial and monitoring systems, capable of collaborating with each other to meet a common objective: provide efficient and real-time manufacturing and logistics from anywhere, at any time and anyhow [1]. However, any new condition that implies open communication with the Internet and the adaptation of heterogeneous (wireless) systems can, certainly, bring about numerous interoperability and security problems [2]. What types of problems? From a slight fault or anomaly within the operational applications, to massive and distributed attacks of a subtle and potentially damaging nature. Such problems can even have an aggressive effect on the welfare of other critical infrastructures. It is not the same to protect all those operational elements involved in the construction of each component that forms, for example, a bicycle, as the components that comprise a system of transport of greater reach, such as, a plane or a train. Therefore, it is self-evident that there is a relationship between the need to protect todays industry and the need to ensure protection, at all levels, of the rest of the dependent, critical infrastructures. In addition, this characteristic underlines the criticality degree of a new paradigm related to the Internet of Things known as Industry 4.0, which in itself, can also be considered as a critical infrastructure. Industry 4.0 (cf. Figure 1) constitutes a technological progress within the traditional industry. Here, both novel and existing systems coexist and share, in a centralized or decentralized way, resources, data and actions. As a result, novel services are enabled, and efficiency is increased. However, the nature of this context makes it difficult to trust fully on the goodness of the whole system, as multiple vulnerabilities are born mainly because of its complexity and heterogeneity. Moreover, in this particular context, one of the most dangerous threats are advanced persistent threats, or APTs. Therefore, SADCIP looks towards improving the state of the art, trying to find the necessary tools to a) monitor the technical capacities of the operational elements in the field, and b) detect relative evidence that, if applicable, should be addressed through optimal proactive response systems [3].