Where the first three industrial revolutions were driven, respectively, by steam, electricity, and electronic automation, 4IR takes advantage of the latest developments in computing and networking technologies. There are multiple disruptive technologies that lie at the heart of 4IR and span the entire value chain. The combination of connectivity and computational power coupled with sensors is driving the development of the Internet of Things (IoT). Key support technologies for these systems come from machine learning (ML), artificial intelligence (AI), and advanced data analytics made possible by cloud and edge computing. Combined, these technologies provide the ability to coordinate activity across multiple locations and with the rest of the supply chain to monitor production equipment and other infrastructure to aid a variety of applications, including the planning of preventive maintenance, the optimisation of resource usage, and the personalisation of production. These changes are not just seen in manufacturing. There are paradigm shifts in sectors like energy, which through the increased use of renewable energy and electric vehicle charging networks, sees a need to balance supply and demand dynamically.
As a trusted technology supplier, NXP sits at the forefront of 4IR and provides the edge processing and networking platforms that can drive next-generation automation systems that underpin flexible factories and smart industrial infrastructure.
Most technology-related efforts are concerned with ensuring that systems improve. But each change can come with risks. The wider community has seen the problems that can come with ubiquitous connectivity and widespread use of embedded hardware. The Mirai botnet attack demonstrated how internet routers sitting in consumers’ homes could be reprogrammed and used to conduct distributed denial-of-service (DDoS) attacks against vital services.
The remote monitoring that lies at the heart of 4IR systems not only delivers improvements in connectivity and efficiency, but it greatly enlarges the surface of attack of these systems, making them increasingly obvious targets for exploitation by cybercriminals. The connections that convey data to the cloud and around the local IoT networks provide obvious points of ingress. But there are many potential indirect connections that come from the widespread use of wireless-enabled devices.
Ensuring security
As a result, among the advances 4IR offers, the question arises: how do we ensure that these technologies are not misused or abused? Security is now a critical concern for organisations implementing 4IR systems. There are many potential risks. The presence of so many connected devices within an organisation’s network increases the risk of vulnerabilities being discovered and exploited by attackers. The emergence of AI increases the risk further by providing cybercriminals with additional tools to identify weak spots that can be exploited. If compromised, devices may be used to damage infrastructures and obtain proprietary or sensitive data surreptitiously.
As governments recognise the reality of cyberattacks, they are introducing stronger regulations to prevent their potentially far-reaching impacts. In Europe, for example, the Cyber Resilience Act, which will demand only compliant devices be placed on the market, will impose strict security requirements on manufacturers. These regulations will demand not only secure products but also secure processes within organisations. Companies must implement risk assessments, track vulnerabilities, and report and act on incidents to remain compliant.
Further impetus for security in the industrial space comes from infrastructure owners who are looking for equipment and systems certified against key cybersecurity standards from leading bodies such as the International Electrotechnical Commission (IEC). The IEC 62443 series of standards sets best practices for security and provides guidance to system integrators and suppliers on how best to implement and maintain security in automation and control systems.
An effective security architecture needs to establish trust between the devices and computers that interact across the network, attest to the health and integrity of those devices, employ real-time authentication to differentiate between genuine and manipulated data and protect data from eavesdropping.
Launched in 2020, NXP’s EdgeLock Assurance program provides a comprehensive approach to security, covering both technical and organisational aspects, and ensuring compliance with global standards. The NXP EdgeLock Assurance trust marks provide OEMs and their customers confidence and assurance that NXP components have been developed with security in mind and according to industry-leading security practices. In particular, NXP security maturity process is certified against IEC 62443-4-1 standard.
The security landscape is constantly shifting. Systems are extremely complex with growing software stacks increasing the attack surface, threats are multifold and new threats constantly emerging as hackers uncover new vulnerabilities and modes of attack. In this constantly changing environment, the concept of resilience takes centre stage. This involves implementing regular system updates to fix vulnerabilities, implementing processes and systems that can detect abnormal device behaviours and taking action to restore systems to a trusted state. This also means regular renewal and update of credentials used for example to control device access. NXP’s EdgeLock 2GO service allows manufacturers to update device security over-the-air, renewing credentials as needed.
A critical element of the resilience offered is the concept of a root of trust (RoT) - the hardware foundation that serves as a cornerstone for secure operations on the device. NXP has integrated hardware roots of trust into its microcontrollers and processors, in particular the EdgeLock Secure Enclave technology, which provides enhanced protection of security functions as well as advanced capabilities to manage security over the device lifecycle.
There are more fundamental shifts on the horizon. As quantum computing grows to be more powerful, traditional cryptographic methods such as RSA, and Elliptic Curve Cryptography (ECC) will become vulnerable. Upgraded protection can thwart these attacks and demonstrates the role post-quantum cryptography (PQC) will play in securing embedded systems. Cryptography is the cornerstone of protection mechanisms. Encryption guards data from being read by attackers and enables controlled access to devices. It supports the ability to determine whether devices can be trusted and enables methods that prevent illegitimate software from being installed and used on computer systems and IoT devices.
Transitioning to PQC will require the development of new protocols for secure connections and the coexistence of classical and quantum-ready cryptography during the transition period. NXP, a leader in this space, is collaborating with information security agencies and standards bodies like NIST to develop PQC standards and ensure the security of future technologies. Not just on high-end computing devices, but IoT and embedded systems, which face stringent constraints in terms of memory capacity and execution speed.
As the shift to 4IR continues, the importance of cybersecurity cannot be neglected. The interconnected systems that power modern industries must be protected from misuse and attack. With quantum computing on the horizon, cryptographic agility and resilience are becoming essential to ensure that these technologies remain secure.
NXP is leading the charge by developing secure, future-proof solutions that safeguard the innovations of Industry 4.0. By adopting strong security practices, embedding resilience into systems, and anticipating future challenges, we can create a secure and trustworthy technological landscape for the future.
Author details: Denis Noёl, Director Strategy & Marketing, Secure Connected Edge - NXP Semiconductors
