GrammaTech, one of the leading developers of commercial embedded software assurance tools and advanced cyber security solutions, has released new research from VDC detailing the growing concerns in cyber-physical manufacturing systems within today’s smart factories.

The report, “Industry 4.0: Secure by Design,” summarises the results from surveying over 500 engineers to find that for Industry 4.0 to succeed, smart factories must be made secure by design, meaning security concerns should guide decisions from the earliest stages and through the full system development lifecycle.

IoT is opening up a broad range of new business opportunities and solutions like the smart factory. Unfortunately, the introduction of connectivity can unearth new vulnerabilities and magnify any existing software quality issues.

“Based on our research, action to prevent or mitigate vulnerabilities is not rising in parallel with the increasing awareness of the impact of security failures,” said André Girard, senior analyst at VDC. “Embedded engineers surveyed report that over 24 per cent of their projects have no security actions taken.”

According to 46 per cent of developers surveyed by VDC, cyber security concerns are very or extremely important on their current project, up from 37 per cent just two years prior.

Mark Hermeling, senior director of product marketing, added: “The results found by VDC agree with what we see with our customers. GrammaTech has been promoting a security-first design approach that leverages automated software tools as much as possible. Advanced static analysis, for example, plays an important role in a secure design lifecycle.”

Girard commented: “Increasing the use of automated testing tools, starting in the early stages of software design can help their engineering teams prevent many common coding errors and security weaknesses. The low existing use-rates of static analysis and binary analysis — tools that can help in the code acceptance process — suggests many Industrial Automation & Control engineering teams are not yet following best practices for third-party code use.”

One of VDC’s recommendations is a testing regimen including dynamic testing and static analysis to provide greater assurance that vulnerabilities are discovered and fixed. This can help embedded development teams secure their devices and accelerate their time-to-market in industry 4.0, as well as industries such as medical devices, aerospace, and transportation where software capabilities are key drivers of competitive advantage.