Data protection for the fourth industrial revolution
Technological advances such as the rollout of 5G and the opportunity to connect devices and analyse data in real time and/or using artificial intelligence, have the potential to open up a wealth of opportunities across the manufacturing industry.
Figures from UK5G suggest that IoT-enabled initiatives to release the full potential of existing infrastructure alone could be worth more than £6bn per year to UK manufacturing, with benefits being felt in terms of improvements to everything from new product development, prototyping, sourcing raw materials or components and production, to inspection and quality control, packing, distribution, maintenance and servicing.
With such substantial gains to be made, the case for pursuing greater use of data led technologies is clear. However, the same data-processing advances that are enabling the fourth industrial revolution also mean that previously hypothetical security threats are also moving ever closer to reality.
Protecting manufacturing data and software from unauthorised access and modification requires the use of cryptographic algorithms, specifically encryption and digital signature algorithms. Together these can ensure that the data/software hasn’t been altered, it comes from a known source, and is protected for confidentiality.
For the past 20 years, the current encryption and digital signature algorithms have served this purpose well but, with the advent of quantum computers, this could all be about to change. Various experts predict that quantum computers will be available to state actors within 3-10 years and, once available, could be used to break these algorithms.
To address this, the US Department Commerce’s National Institute of Standards and Technology (NIST) announced the first results of its 6-year effort to standardise on new quantum-resistant algorithms earlier this summer. Three new digital signature algorithms have been announced and one encryption algorithm, with further encryption algorithms to follow.
You can view the full announcement here.
What are the risks and how can we protect our business?
Generating, ensuring safe access to and analysing ever growing amounts of data is key to realising the benefits offered by Industry 4.0, with massive amounts of data being harvested across the industry that could potentially become vulnerable to bad actors.
For example, steel production plants store large volumes of quality data that may be of interest to competitors; chemical production sites store analytical data and statistical process control algorithms that could be at risk; artificial intelligent algorithms could be leaked to competitors; while data breaches in critical infrastructure could potentially be disrupted by malicious state actors.
To date, data has typically been encrypted to ensure it is kept confidential, then signed with a digital signature to prove that it hasn’t been altered.
It was thought that current cryptographic algorithms would take many years to be broken using conventional computers. However, the exponential boost in processing power delivered by quantum computing poses a very real threat to this assumption.
In short, if you have data or software that today relies upon these algorithms, but still needs to be protected from unauthorised access and modification in the future, then you need to think about moving to the new algorithms as soon as possible.
We already know that various state actors are actively harvesting encrypted data (e.g. intellectual property data) so that it may be decrypted in the future, and safety critical software that is digitally signed today, could be maliciously updated, causing a future safety, environmental or security hazard.
How can we future proof our approach?
With this new challenge to cyber security, D-Sig is using a two-stage method:
The first is adopting a cautious approach when implementing new algorithms to make sure the implementations are truly robust. Algorithms are only being implemented within protected cryptographic hardware devices that have already gone through a formal evaluation process.
The second is giving the algorithms time to embed themselves, allowing time for large scale crypto-analysis to take place to ensure they are truly quantum-resistant.
Until we are fully confident on both points, we would encourage all manufacturers to adopt a hybrid ‘belt and braces’ approach to cyber security, implementing the new cryptographic algorithms but maintaining the current algorithms in tandem.
In practice, this means implementing double encryption and an additional digital signature: The original algorithms are used to sign and encrypt the data and then the result is signed and encrypted with the new algorithms. This creates a fall-back for the existing algorithms while adding the potential enhanced-security benefits of the new ones.
It’s an approach that requires new forms of public key certificates that are able to embed the public keys of the new digital signature algorithms – but this is quick and easy to provide through our own, proprietary software.
To keep abreast of the latest developments, visit our LinkedIn company page or find out more about D-Sig Certification Authority here.