While the spectacular development of Industry 4.0 brings real added value to industrial companies, the potential vulnerability to cyberattacks has never been greater. The interconnection of systems, machines and networks in production chains makes the security of operational technology systems increasingly crucial.
There is no such thing as zero risk when it comes to IT security.
Nicolas Sanitas, Senior Advisor and Digital Community Coordinator, Luxury innovation
Cybercriminals are making no mistake: according to a survey conducted by information systems security specialist Kaspersky Industrial CyberSecurity, industrial cyberattacks increased by 34% in 2022 and a third of when 32% of companies surveyed admitted have been the victim of… 20 attacks or more!
16% of cyberattacks threaten the survival of a business
There is no shortage of examples: Toyota, in 2022, forced to stop production in around fifteen of its sites in Japan, for a production loss of 5% across Japan; the Norwegian group Norsk Hydro specializing in aluminum, paralyzed in 2019 by ransomware, with an impact estimated at 60 million euros… In 2021, the French pharmaceutical and dermo-cosmetic group Pierre Fabre also had to cease all its production activities for a month and close its warehouses for two weeks following a ransomware attack.
An information report published in 2020 by the French Senate estimated that 16% of cyberattacks threaten the survival of a company in 2020.
Contrary to popular belief, it is not necessarily large multinational groups that are most targeted. They generally have the human and material means to protect themselves and the fact that they are distributed across several sites increases their resilience.
An information report published in 2020 by the French Senate estimated that 16% of cyberattacks threaten the survival of a company in 2020.
Nicolas Sanitas, Senior Advisor and Digital Community Coordinator , Luxury innovation
Thus, rather than attacking a large player, the attackers will prefer to multiply attacks against smaller structures. Their isolated nature, as well as their more modest size and means, make them more vulnerable, and therefore more accessible, targets.
This vulnerability comes, among other things, from the fact that industrial equipment has fairly long life cycles, measured in dozens of years. Very often, they rely on operating systems that are no longer even maintained.
NIS2: a European obligation
Beyond the obvious “common sense” for a company to have a cybersecurity policy that is relevant, the European Union has drawn up, in 2022, the NIS2 directive (Network and Information Security Directive), supposed to be transposed into national law by October 17, 2024. The text aims to strengthen the resilience of critical infrastructures, including certain industrial sites, by imposing stricter obligations on them in terms of cybersecurity. If, initially, less critical sites are not directly impacted, they will necessarily become so from the moment they are subcontractors of the entities concerned.
Compared to the first version of the directive, NIS2 provides for the implementation of technical and organizational measures to prevent and manage cybersecurity incidents: detailed knowledge of the infrastructure, regular risk assessments; training of staff in good practices; rapid reporting of incidents to the competent authorities…
For industrial players in Luxembourg, this regulatory and legislative development requires an allocation of resources dedicated to the protection of systems. But the “advice” component and the interaction, even collaboration, with the authorities and other key players in the sector are essential to ensure an effective response to incidents.
Tailor-made support
Cybersecurity awareness is one of the pillars of the activity of the Luxembourg Digital Innovation Hub (L-DIH), managed by Luxinnovation, whose mission is to help the digitalization of manufacturing companies. In partnership with the Luxembourg House of Cybersecurity, the L-DIH is able to respond from an appropriate angle to the problems encountered by the market.
It offers specialized training for professionals in the industrial sector, ranging from threat detection to incident management, and allows companies to train on the latest technologies and better understand security issues linked to the Internet of Things ( IoT), artificial intelligence and automated systems.
Of course, everything cannot be implemented at once and it will first be a matter of establishing a road map and dealing with the most urgent matters. To do this, the L-DIH provides the companies concerned with a wide range of tools and specialized partners, like so many compasses that can guide them on the path to cybersecurity.
A route that has no formal final destination – achieving zero risk is impossible – but on which progress is entirely possible in a highly secure environment.
More information on et .
