Manufacturers are considering protected intranet options since a malicious hack, crash or other type of network mishap could have stunning company-wide ramifications. Taking on this risk requires levels of careful planning and informed decision-making. The interconnected nature of industry 4.0–driven operations and the pace of digital transformation mean that cyber attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks. For cyber risk to be adequately addressed in the age of industry 4.0, cyber security strategies should be secure, vigilant, and resilient, as well as fully integrated into organizational and information technology strategy from the start.
 
Cyber security concerns the protection of a plant or machine from unauthorized access from outside as well as the protection of sensitive data from corruption, loss and unauthorized access from within. This includes explicit attacks as well as unintentional security incidents. It is an important concern for manufacturers, integrators and operators of automation systems. Minimizing risk in the area of cyber security comprises both comprehensive security mechanisms and integrating security activities into the whole lifecycle. This means security considerations should be taken into account during development and engineering as well as service and operations activities.
 
The challenge for security is that – unlike functional safety – security mechanisms need to adapt continually to new threats. This may be due to occasional updates, because viruses, worms, Trojans etc. keep evolving and security gaps can ultimately impair production along with all its functional elements. In order to respond flexibly to the prevailing threat scenario, there must also be a comprehensive security strategy comprising multiple layers to underpin the protection of safety applications. The comprehensive protection of production and safety-relevant control data during transfer, processing and storage must address the following areas of security:
 

Physical security and availability of the IT systems

Network security

Software application security

Data security

Operational safety