Global
Austria
Bulgaria
Croatia
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Netherlands
Norway
Poland
Portugal
Romania
Russia
Serbia
Slovakia
Slovenia
Spain
Sweden
Turkiye
United Kingdom
Global
Argentina
Aruba
Bolivia
Brazil
Chile
Colombia
Costa Rica
Dominican Republic
Ecuador
El Salvador
Guatemala
Honduras
Mexico
Panama
Paraguay
Peru
Puerto Rico
United States of America
Uruguay
Global
Bahrain
Israel
Jordan
Kuwait
Lebanon
Oman
Pakistan
Palestine
Qatar
Saudi Arabia
South Africa
United Arab Emirates
Global
Australia
Bangladesh
India
Indonesia
Japan
Kazakhstan
Malaysia
New Zealand
Philippines
Singapore
South Korea
Sri Lanka
Taiwan (Chinese Taipei)
Thailand
Vietnam
ABB Review | 01/2025 | 2025-05-05
Industry 4.0 is revolutionizing industries through automation, artificial intelligence (AI) and big data. Optimized efficiency, reduced downtime via predictive maintenance and enhanced decision-making using real-time data are just some of the benefits that allow Industry 4.0 to drive cost savings, innovation, agility and, ultimately, competitiveness.
Sourav Kunal, ABB Pulp and Paper, Dundalk, Ireland, sourav.kunal@ie.abb.com
The intelligent embedded operational technology (OT) and industrial control systems (ICSs) that are central to the success of Industry 4.0 are generally connected to the cloud. As such, these devices face potential cyber threats, including malware, ransomware, data breaches and denial-of-service (DoS) attacks. To combat these threats, industries must implement strong cyber security measures such as encryption, multifactor authentication, network segmentation and regular software updates.
However, a remaining challenge faced by the vastly increased threat surface presented by OT and ICSs is how to attain real-time observability of these remote fleet of devices in terms of performance patterns, behavior anomalies and events. In short, there is a need for real-time intrusion detection on these resource-constrained embedded devices.
ABB’s proposed solution is based on an Extended Berkely Packet Filter (eBPF) approach. eBPF is a well-established technology that makes it possible to run special programs deep inside the Linux operating system in an isolated way. Technology makes the Linux kernel programmable without writing a single line of low-level kernel code. An application programming interface (API) allows eBPF to hook into the Linux kernel and listen to all types of system calls there. eBPF comes compiled with Linux kernels version 4.10 onwards, so it requires no extra installation.
An eBPF agent can be created that carries custom signatures and detects various types of attacks or anomalies on ICS protocols such as Modbus, DNP, MMS, etc. For example:
Events are reported to either a remote cloud operations team or local operator workstation. Critically, the agent watches for security events happening on devices in real time.
The agent can also be used to push detection signatures for a zero-day attack without rebooting the device. Further, deep packet inspection capabilities can be used to analyze incoming and outgoing traffic on the device.
ABB’s eBPF approach to cyber security provides continuous, inbuilt security event monitoring and anomaly detection. Based on threat intelligence, new detection signatures for zero-day vulnerabilities and newly disclosed weaknesses can be pushed to the on-field OT devices with zero downtime, thus reducing the interval between patch release and implementation.
The agent uses available eBPF technology and open-source tools, minimizing costs and, with the appropriate kernel version, can support legacy systems.
Advanced testing is underway, and it is hoped that this eBPF approach to cyber security that provides continuous cyber security monitoring and anomaly detection will soon be in use in the field.