New industry standards must be met to achieve cybersecurity
Need to interact with other factory systems through the cloud
Network attacks require defense in depth and zero trust


Industry 4.0, which includes the digitalization of factories, can mean many different things to business executives in the industrial market sector. In particular, cybersecurity can become more important as various devices in factories become smart and networked due to digitalization.

For example, this could mean transforming a factory with greater levels of automation and customization to reduce operating costs and deliver greater value to customers.

As suppliers of systems and subsystems make their factory devices smarter, they can enable real-time decision-making and autonomous interaction of manufacturing cells across larger multicell systems and enterprise systems. Depending on how you choose to leverage Industry 4.0 solutions, your solution adoption strategy will determine where these solutions are integrated into your value chain and how deeply they are integrated within your factory.

Factory digitalization is changing the entire value chain, affecting both the top line and bottom line of a company. The most talked about innovation is the creation of new revenue streams, either through new products, services, or a combination of the two.

Digital manufacturing, processing utilization, and data analytics at the edge demand new product innovations, while metadata collection enables new services that optimize control, maintenance, and utilization. On the other hand, efforts are being made to improve distribution network efficiency and operational performance to reduce costs.

These improvements require the introduction of smarter products and services into the factory. Realizing Industry 4.0 requires the use of more innovative products. In addition, depending on how Industry 4.0 solutions are utilized, cybersecurity strategies will vary to ensure the successful introduction and expansion of digital solutions in the factory.
Cybersecurity strategies will also vary depending on how widely digital solutions are deployed at the edge of the industrial control loop. Traditional industrial automation architectures have relied on isolating field devices from the rest of the plant’s information systems, services, and applications to protect against cybersecurity threats.

Moreover, since actual field devices are typically point-to-point solutions with limited data exchange or edge processing, cybersecurity risks are prevented from spreading from one device to the entire system. Changing this architecture all at once is not an easy task, so a step-by-step approach is needed.

To adopt Industry 4.0 solutions more aggressively, companies must decide how much advanced technology to integrate into their factories and how to implement cybersecurity to more actively leverage Industry 4.0. The new industrial automation architecture will look completely different from the past.

The factory has traditionally been divided into five layers, such as the Purdue model, but the future factory architecture will not follow this model. Future field devices will combine sensing and actuation areas with manufacturing execution and control. These devices will be directly connected to the factory’s integrated network, as well as enterprise systems, the Internet, and cloud services.

Therefore, even if just one device is compromised, the cybersecurity of the entire system is at great risk. Whatever the future Industry 4.0 architecture will look like, achieving the ultimate goal will require a phased approach and an effective cybersecurity strategy, depending on the degree of digitalization each organization pursues.
3 Steps to Realizing Cybersecurity Industry 4.0
There are differing opinions on what the future of Industry 4.0 will look like. Some say that the traditional factory will remain largely the same, while others say that the new factories will be almost completely devoid of the old. But what everyone agrees on is that the factory is changing, and that change will not happen overnight.

There are several obvious reasons for this, but the most basic one is the lifespan of the equipment used in the field today. These devices are designed to operate for 20 years or more. These devices can be modified to provide additional functionality or connectivity, but this still imposes hardware design constraints and compromises on the factory's system architecture.

From a cybersecurity perspective, such modified devices always pose risks. In order to make the devices secure in terms of security, secure architecture and system design are necessary. Modifying devices to have security functions is only a stopgap measure and will inevitably leave vulnerabilities in terms of cybersecurity. In order to transition to full digitalization, a high level of security is needed to block cyberattacks without compromising real-time information sharing and decision-making capabilities.

For cybersecurity in Industry 4.0, resiliency, the ability to recover quickly from problems, not only has a powerful impact on how cybersecurity is implemented, but is also an essential element in advancing to cybersecurity Industry 4.0.

The first challenge to achieving cybersecurity is to meet new cybersecurity industry standards. This requires a change to embrace a different approach. Traditionally, information technology (IT) security solutions were used to isolate, monitor, and configure network traffic, but this approach is not sufficient to respond quickly in an Industry 4.0 factory.

As devices become connected and share information in real time, hardware security solutions must enable factory devices to make autonomous, real-time decisions and respond quickly.

As the approach to cybersecurity changes, companies need to adapt to address new challenges. Many companies are restructuring their cybersecurity organizations to be more integrated with traditional engineering organizations and more tightly integrated with operational project teams. The first step to achieving Industry 4.0 is to build an organization that can execute a cybersecurity solution strategy that adheres to industry standards and best practices.

Once you have a solid foundation to meet new security standards and are equipped to manage security requirements across the product lifecycle and across the enterprise, you can then turn to increasing autonomy within the factory cell. Autonomy can only be achieved if the devices within the factory are smart enough to make decisions based on the data they receive.

This cybersecurity approach is a system design that builds devices on the edge that can verify the trustworthiness of data where it is generated. This allows for real-time decision-making provided by cybersecurity systems that can receive input from the real world, verify that it is trustworthy data, and then autonomously take action on it.

The final challenge is to connect the factory to the cloud, and to enable it to interact with other factory systems via cloud services. This requires a comprehensive introduction of digital solutions, and only then will it be possible to realize a fully digitalized factory. Today, devices are already connected to the cloud, but in most cases this is only for receiving data. This data can be analyzed and decisions can be made in remote factories.

These decisions can lead to advances or delays in maintenance, or adjustments to automated processes. Today, these decisions are rarely made in the cloud, and are controlled locally, isolated from enterprise systems. As factories become more highly autonomous, monitoring and control through cloud services and sharing real-time information with enterprise systems will become more organic.

Connected factories using hardware security
Hardware security is needed to achieve the high level of security required by industry standards in connected solutions for factories. Increased connectivity means increased risk. Defending against these threats is difficult with existing IT security solutions and requires device-level security combined with a hardware root-of-trust (RoT).

Since multiple devices are connected to the network, if one device is compromised, it can become an entry point into the entire system. Then, damage caused by one of these entry points can expand to the entire network damage and make the main infrastructure vulnerable. Existing security techniques based on firewalls, malware detection, and anomaly detection require continuous updates and configuration and are prone to human error.

Today, we must consider that attacks can come in through the network at any time. To defend against these attacks, we must adopt defense-in-depth and zero-trust techniques. Hardware root of trust is required in devices to ensure that connected devices are operating properly. Equipping today's devices with the right hardware security devices is key to transitioning to tomorrow's digital factory.

Analog Devices (ADI) has developed Sypher-Ultra using Xilinx’s ZUS+ (Zinq UltraScale+ MPSoC) FPGA family. Sypher-Ultra provides a high level of assurance for data integrity through a high-assurance encryption system using multi-layer security control. Additional security features developed by ADI are used on top of the ZUS+ security foundation to easily meet security requirements such as NIST FIPS 140-2, IEC 62443, and automotive EVITA HSM.

CypherUltra sits between the embedded ZUS+ and the end application, providing a single-chip solution for secure operation. To provide high-assurance security capabilities, CypherUltra uses a trusted execution environment (TEE) to provide a foundation for secure data.

Security-related functions are mainly executed in the real-time processing unit and programmable logic, and applications can be easily added to the application processing unit. Development work does not require expert knowledge of complex security design and certification, and a very high level of security operation can be trusted.

Achieving high levels of device security to transition to a digital factory is not an easy task. Implementing security is a complex task that requires expertise. ADI’s security platform provides a solution that can implement security close to the edge of the industrial control loop. It reduces development risk and saves significant time by eliminating complex tasks such as security design, security standard certification, and vulnerability analysis.

The solution provides easy-to-use secure APIs for commonly used mainstream platforms, allowing high-assurance security and high-level applications to coexist on a single FPGA.

ADI’s CypherUltra products use Xilinx ZUS+ products to isolate sensitive cryptographic operations and block unauthorized access to sensitive IP, providing a solution for hardware security at the edge of the connected factory.


This article is adapted from a paper titled, “The Role of Hardware Security to Meet Industry 4.0 Aspirations” by Erik Halthen, Security Systems Manager, Industrial Solutions, ADI’s Cybersecurity Center of Excellence.