The role of cybersecurity in Industry 5.0 | Stormshield

Whereas Industry 4.0 focused on improving productivity through Big Data, IoT technologies and intelligent machines, Industry 5.0 promises to be human, sustainable, resilient, with a renewed focus on people and society. So how does cybersecurity fit into this picture?

Ten years after the introduction of the official term “Industry 4.0”, the time has come for a new industrial revolution with Industry 5.0. Its aim is to put people back at the centre of industrial processes that are now overwhelmingly digitised. But the interaction between human and machine means that strong safety measures need to be implemented in industrial environments. So where does cybersecurity fit in? And within what timeframe? We explain more.


The promises of Industry 5.0

The idea that machines and technologies will eventually lead to the elimination of people in factories and at the heart of industrial processes is a vision of industry that no longer holds sway. In its focus on productivity gains, Industry 4.0 aimed to make factories “smart” by remotely controlling and supervising production.

So what is Industry 5.0? The new Industry 5.0 paradigm therefore aims to refocus on people. “The first priority is to improve workers' everyday conditions with new technical solutions and high-performance robotised machines,” explains Vincent Nicaise, Head of Industrial Partnerships and Ecosystem at Stormshield. He then emphasises a different issue: “To restore the image of industrial activity amid a time in history that is conducive to the theme of reindustrialisation in Europe. This also means increasing the attractiveness of a sector that has been suffering for several years by attracting the workers of tomorrow, as well as engineering know-how.” The Industry 5.0 mantra: to benefit workers, companies and the planet. This involves “using new technologies to ensure prosperity in terms of jobs and growth, but also (and most importantly) considering the planet's production limits,” emphasises Stéphane Potier, Head of IoT & OT Cybersecurity at Advens. In this respect, this new industrial paradigm is the polar opposite of the threat of a 100% automated factory that destroys jobs. The robot is not seen as an autonomous entity, and does not replace human expertise. “Robots are collaborative, freeing operators from tedious tasks,” he continues. The main purpose of the machine is to assist operators in their tasks by providing new functional capabilities through the inclusion of artificial intelligence, augmented reality, robotics and IoT. Firmly focused on a sustainable production approach that considers the climate imperative, Industry 5.0 incorporates new criteria such as the energy efficiency of technologies, the prioritisation of renewable energies and a self-sufficiency approach. Energy is a key issue for Industry 5.0 players. They are required to consider the energy consumption not only of machines, but also of the production system in general. “The issue of rare earths, which are present in many industrial components and machines, is becoming a crucial one,” says Stéphane. “For example, today's motors use far fewer rare earth resources, and are made from more readily available materials.

The resilience factor is also a fundamental one for Industry 5.0, which is adapting to a macro-economic and geopolitical environment that constantly demonstrates the need to be able to adapt to sudden change. Marc Bagur, Head of Human-Machine Performance at Airudit, believes that this represents a tremendous strategic opportunity for manufacturers. “Those who choose to focus on human values, rather than technology, are adopting a general approach and structural model that performs better in the long term. “The issue is no longer simply one of digitising the industrial environment at all costs, but of aiming for “systemic robustness that is socially, humanely and ecologically acceptable.” He goes on to point out that this requirement “perfectly matches those of the new generations of engineers and workers for whom alignment with ecological values, the question of energy resources and social stability are crucial issues today”.

However, as the maturity levels of the various industrial systems vary, it remains difficult to assess precisely when this new paradigm will actually be operational. And Industry 4.0 is still relatively new...


Industry 4.0 vs industry 5.0: substitution or complementarity?

Industry 5.0 is not just another iteration in the forced march towards progress. This new paradigm should be seen as a complement to the Industry 4.0 paradigm and aims to place the issue of technological innovation within a specific framework, centred on the human-sustainability-resilience triangle. To achieve this, Industry 5.0 draws on the effectiveness of Industry 4.0 technologies; for example to solve problems linked to sustainability criteria. “To reduce the energy consumption of a machine, whether new or old, you first need to be able to measure its consumption. Industry 4.0 provides us with the tools to do this, using sensors, meters and IoT systems,” Stéphane emphasises. In addition, we can try to improve the operation of a machine that is consuming too much energy. Firstly, with predictive maintenance to influence the lifespan of the machine, and secondly, with artificial intelligence to reduce consumption“. In its report, “Industry 5.0 - Towards a sustainable, human-centric and resilient European industry”, the European Commission stresses this synergy. We also need to address the weaknesses of Industry 4.0, which until now has developed in a way that is too far removed from societal issues. The aim is to produce manufacturers who are not only productive and efficient, but also capable of inspiring confidence through values that reflect current times and the challenges posed by new generations.

How can we use these strategic guidelines to prepare for the industry of tomorrow? Today's Factory 4.0 is heavily digitised, with Big Data for data management, IoT for precise measurements, 5G for networking industrial sites and edge computing for deploying greater computing capacity at machine level. However, it must also take account of a particularly complex macro-economic and geopolitical context, marked by rising energy prices and the urgency of environmental issues. Preparing an industrial response to these civilisation-level challenges therefore requires not only targeting the right investments in the right places, but also reviewing processes at every stage of the production chain. Vincent believes that this modernisation of industrial facilities requires both “new knowledge linked to technically innovative protocols and processes, and new skills for workers – the key players in the production chain”. As Industry 5.0 introduces a new layer of information, it creates new needs, and this has a direct impact on the issue of staff training. “We can choose to create new positions, such as local representatives responsible for applying the new safety protocols on machines in plants spread around the world, or we can opt to increase the skills of operators,” he explains.

Is this an opportunity to at last give cybersecurity a central role in industry?


What role should cybersecurity play in Industry 5.0?

At FIC 2022, the question of cybersecurity in industrial environments was on everyone's lips. This is because the connected factory has a greatly enlarged attack surface, and thus similarly enlarged security issues. The combination of an increasing number of robot machines, growing interconnection, IoT integration, a dose of augmented reality and new man-machine interfaces means that the number of potential security flaws in systems is increasing.

A report from Claroty states that 82 industrial manufacturers were attacked in 2021 alone. In the same year, the number of vulnerabilities detected rose sharply from 637 to 787. These are all critical entry points... Often cited as an example, obsolete operating systems running on factory equipment are among the most frequent causes of vulnerability in terms of industrial cybersecurity. The old classic Windows XP remains an essential system for certain industrial environments, and requires special cybersecurity tools to reduce the risk. The consequences of a cyberattack on an operational environment have a massively enlarged impact, from bringing production lines to a complete halt through to actually endangering workers – not to mention a major reputational impact for affected companies. Not to mention the environmental risks, to which Industry 5.0 is particularly sensitive.

So the question is: what cybersecurity solutions should be used to protect tomorrow's industrial environments? Two scenarios are under consideration for addressing the challenge of Industrial Security 5.0. The first is a “revamping” scenario in which the production chain is updated by building the issue of cybersecurity into the equipment itself. In this first scenario, the installation of “firewall-type components is a good way of segmenting flows and analysing protocols,” says Vincent Nicaise, as is “tougher protection for workstations, supported with extensive management of USB ports, Wi-Fi networks and access.” Above all else, choosing sovereign cybersecurity solutions is in this case a way of ensuring transparency and avoiding any risk that data could be exploited for malicious purposes. The aim in this case is to have access to well-controlled sovereign information, thus mitigating the risks of compromise and attacks by foreign bodies. This is the only way to ensure defence in depth with no weak links. The second scenario in Industry 5.0 concerns more recent devices that incorporate cybersecurity as a native feature. But to achieve this, the human aspect and a collaborative approach will be key; much more than just raising awareness, it calls for the implementation of meaningful collaboration systems between the teams in all the new projects. This covers the security needs of cyber teams on the one hand, and the operational constraints of IT teams on the other. A joint approach is needed to compare points of view and reach compromises that satisfy both cyber and OT constraints.

This assumes, of course, that manufacturers are ready for cybersecure Industry 5.0 of this kind.


The industry of tomorrow and cyber-maturity: are manufacturers ready?

According to an April 2023 study by Wavestone, the cyber-maturity of large organisations in France remains low: only 49% of those surveyed considered themselves to be mature. This average is similar in the industrial sector alone, with 49.4% of respondents declaring themselves to be mature in the area of cybersecurity. And although the industrial sector is up 4.6 points on last year, the security of industrial systems is one of the outstanding issues that large companies are struggling to address (along with third-party management and security in the cloud).

In an attempt to require such organisations to adopt cybersecurity standards, European laws and regulations will soon apply, such as the NIS2 directive for managing subcontractors in sensitive environments and the Cyber Resilience Act for hardening connected digital products. In Vincent Nicaise's view, these laws will help professionals to adopt a series of practical safety measures: "Once the Cyber Resilience Act has been implemented at European level, manufacturers will – for example – be required to incorporate security features into their equipment.” At the same time, standards such as MITRE ATT&CK or NIST can also help to increase the maturity of manufacturers with regard to cybersecurity. Regardless of the medium used, a full and thorough technical diagnosis should enable manufacturers to rapidly increase their resilience in the face of attacks in the move towards Industry 5.0.

An aware person is worth twice as much. And this, I think, is a point that ties in with the principles of Industry 5.0, which marks the collaboration between human and machine.

Stéphane Potier, Head of IoT & OT Cybersecurity, Advens

In operational terms, this capability can take the form of the segmentation of networks and production environments, the use of encryption for sensitive data flows, the implementation of strong authentication systems and the continuous monitoring of sensitive infrastructure. It is therefore absolutely crucial to raise awareness and train staff in how to detect cyberattacks. “Operators are familiar with their machines and are well aware of how their tools normally react,” insists Stéphane Potier. “If you make them aware of the issue of cybersecurity by explaining the different types of attack and the potential impacts on their working environment, it helps to keep them on their toes. Operators will then be able to detect an abnormal situation very quickly and report it to their CISOs”. He points out, however, that awareness raising in the OT environment is not as widely implemented as it is in the IT environment. “Contrary to the popular cybersecurity adage that the main vulnerability lies between the chair and the keyboard, I believe that the solution lies between the chair and the keyboard,” he notes. He continues: “An aware person is worth twice as much. And this, I think, is a point that ties in with the principles of Industry 5.0, which marks the collaboration between human and machine”.


To be effective, Industry 5.0 will therefore need to combine its cardinal principles – people, sustainability and resilience – with increased cybersecurity awareness, coupled with the integration of robust devices at the heart of its systems. In other words, cybersecurity will need to be an integral part of this new industrial paradigm for all companies wishing to accelerate in this direction.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
To address cyberthreats to OT networks – a phenomenon which is on the rise – Stormshield recommends a single, comprehensive approach. The aim is to ensure that networks function properly and that there is continuity of activity for all stakeholders: energy, transport, industry, health, etc.
In addition to the regulations that are “forcing” some to choose sovereign solutions, it remains the responsibility of other industrial players to apply these same rules and take action throughout the security chain. But why is this concept of sovereignty so important? A guest column by Vincent Nicaise, Head of Industrial Partnerships at Stormshield, and Yoann Delomier, OT Team Leader, Wallix.
About the author
Khobeib Ben Boubaker Head of D.M.I. Business Line, Stormshield

A graduate of CESI engineering school and holder of an ESCP Europe MBA, Khobeib began his career at Alcatel Lucent in the Submarine Network entity. His first love was the design of fibre optic systems for intercommunication between countries and operators. R&D engineer, international trainer, business engineer, then Business Unit Director: Khobeib wore many technical and business hats for a decade before coming to Stormshield. And following an initial post as Business Developer for the industrial security offering, he is now at Head of DMI (Defence, Ministries, Industry) Business Line to support the company's strategic ambitions for IT/OT cybersecurity.