Security in manufacturing environments has traditionally depended on the industrial automation pyramid, shown in the left part of the figure below. This model is characterized by strong barriers between different integration layers, a closed environment and proprietary technologies from just a few vendors. However, this is about to change as the pyramid limits productivity, efficiency and being first-to-market.
Driven by trends such as Industry 4.0 and digital twins, new technology paradigms are appearing in the industry domains, such as decentralized architectures, interconnected wireless devices across layers, edge-to-cloud communication and general-purpose components from a variety of vendors.
Unfortunately, major security risks can arise due to the integration of new technologies, as this introduces new forms of attacks. The collapse of the automation pyramid is expected to become a security catastrophe. SINTEF, through the Ragnarok project, reenforces its capabilities in (I)IoT security to provide the best expertise to its partners.
The ongoing convergence of IT and OT technology is paving the road for using cheap and mass- produced general purpose components, i.e., microcontrollers, where only a small subset of their real capabilities are used. The additional capabilities can be exploited for large scale cyber-attacks as they share common vulnerabilities. ENISA shows that lack of security standardization and safe/secure coding guidelines is exacerbated for third party IoT components and suggests that “Secure Integration of Untrusted IoT in Trusted Environments” should be one of the main emerging cybersecurity areas in the future EU-calls.