MOD 2

SKILL SET REQUIREMENTS

Creativity & Innovation: With an avalanche of new technologies, new products and new ways
of working there is an important need of being creative to draw the benefits from changes.
Creativity is characterized by the ability to perceive the world in new ways, to find hidden
patterns, to make connections between seemingly unrelated phenomena, and to generate
solutions.
Entrepreneurial Thinking: Entrepreneurial Thinking skills refer to the ability to identify
marketplace opportunities and discover the most appropriate ways and time to capitalize on
them. It is more like a state of mind that opens your eyes and business processes to hidden
opportunities.
Problem Solving: It is mainly about attaining mental elasticity to solve the unforeseen problems
and being able to relate them to the landscape that's changing at breakneck speed and getting
more complex. Solving problems involves both analytical and creative skills.

Critical Thinking: As taking decisions becomes a more involved process, businesses are
looking for people with logical reasoning skills who can come up with multiple solutions to a
problem. In the age of Al, critical thinking skills will be complementary to any form of Al and
other technologies.

Conflict Management: Avoiding conflicts in an organisational format, identifying conflicts if

any and resolving conflict is a key skill for a manager. Thus managing and resolving conflict
requires emotional maturity, self control, and empathy.

Decision Making: Decision making is the process of making choices by identifying a decision,
gathering information, assessing alternative resolutions, implementation and following up.
Decision-making is an integral part of modern management
Analytical Skills: Analytical skills are the thought processes required to evaluate information
effectively. Analytical skills are the ability to visualize, gather information, articulate, analyse,
solve complex problems, and make decisions.

Coordinating with Others: Effective communication and team collaboration skills will be a top
demand among job candidates in any industry.

Social Intelligence: Social Intelligence talks of and considers the application of social and non-
formal platform for beneficial outcomes. It involves spotting right areas at right time and
understanding the need and use of such platforms for different purposes and also as alternatives
to connect for innovation and creative linkage.

Emotional Intelligence: Emotional intelligence can be defined as a person's ability to handle

their emotions. An emotionally intelligent person is able to express and control their emotions
effectively.
DEVELOPMENT PROCESS
Skills development is the process of identifying your skill gaps, and developing and honing
these skills. It is important because your skills determine your ability to execute your plans
with success. The benefits of Skill Development include increased business profits, improved
performance, improved accuracy & quality. improved communication, complies with rules &
regulations, improved recruitment & career opportunities, and development of good customer
relations.
WORKING IN INTERDISCIPLINARY TEAMS
Although Industry 4.0 is associated with state-of-the-art technologies, human perspective is
also critical and bring important challenges. Industry 4.0 involves many research areas
including, mechatronic engineering, industrial engineering, and computer science. This nature
of Industry 4.0 brings the need for working in interdisciplinary teams, realizing
interdisciplinary tasks and provide interdisciplinary thinking. In traditional universities, which
focus on a single engineering discipline, it is not easy to equip the students with
interdisciplinary skills required for Industry 4.0. Program structures and/or course syllabuses
may be updated to improve the interdisciplinary skills.

INNOVATION AND ENTREPRENEURSHIP

Economic development cannot be expected without innovation and entrepreneurship. These
two have an important role in economic development. Their role has become even more vital
in the era of Industry 4.0. Therefore, these should be aligned with the education requirements.
According to Jeschke (2015), all companies need to implement innovation process
management so that they can face the competition and can survive during the financial crises.
The needs of companies tend to rise as the innovation cycles become faster. Normally,
innovation is classified into the following two categories:
1) Evolutionary Innovation: Such innovations are referred to continuous and incremental
developments made in technology or processes.
2) Revolutionary Innovation: Such innovations are referred to completely new and disruptive
changes in technology and processes.
Two research areas to explain the innovation and entrepreneurship:
1) Innovative Materials and Tools: This research area of innovation and entrepreneurship
explains the new materials and tools which help in the development of new products. In the era
of Industry 4.0, the use of new materials like Nano-technological material is prominent.
2) Innovation/Entrepreneurship Business Models: Recently, many changes have been made to
innovation management and the two important concepts that have gained popularity are open
innovation and crowdsourcing. Open innovation recommends companies to make use of
external ideas if they wish for technological development. Therefore, these two concepts
should be emphasised in the new education for industry 4.0. No doubt, the classical
entrepreneurship skills are important for students but the knowledge of novel skills like new
business thinking, collaboration with different parties, communication with various
stakeholders, etc. are equally important for them.
E-Learning Technologies: Technologies regarding Industry 4.0 education can be classified into
three main groups. The first group is related with virtual labs and augmented reality for
education. The second group is using gamification for education and the third group focus on
learning analytics.

Virtual Labs and Augmented Reality: Virtual labs refer to software for interactive learning
based on simulation of real phenomena. It allows students to explore a topic by comparing
different scenarios, to pause and restart the application for reflection and note-taking, to get
practical experimentation experience over the Internet (Igi-Global 2017). Augmented reality,
on the other hand, is a live direct or indirect view of a physical, real-world environment whose
elements are augmented by computer-generated sensory input such as sound, video, graphics,
or GPS data.
Gamification: Gamification is the application of game-design elements and game principles in
non-game contexts. Typically, gamification tries to improve user engagement and
organizational productivity. Gamification is also important for learning systems since it
captures the attention of the learner via game principles such as narrative, instant feedback,
leveling up, and progress indicators.

Learning Analytics: Learning analytics (LA) is the application of data analytics into e-learning
environments. LA measures and collects data about the learners and their context to understand
the level of learning and optimize the future actions

CYBER SECURITY
Cyber refers to the technology that includes systems, networks, programs, and data. And
security is concerned with the protection of systems, networks, applications, and information.
In some cases, it is also called electronic information security or information technology
security. Cyber Security is the body of technologies, processes, and practices designed to
protect networks, devices, programs, and data from attack, theft, damage, modification or
unauthorized access. "Cyber Security is the set of principles and practices designed to protect
our computing resources and online information against threats."

OVERVIEW OF CYBER SECURITY IN THE INDUSTRY 4.0 ERA

Industry 4.0 includes three essential stages:
Firstly, getting digital records through sensors that attached to industrial assets, which collect
data by closely imitating human feelings and thoughts. This technology is known as sensor
fusion.
Secondly, analyzing and visualizing step includes an implementation of the analytical abilities
on the captured data with sensors. From signal processing to optimization, visualization,
cognitive and high-performance computation, many different operations are performed with
background operations. The serving system is supported by an industrial cloud to help to
manage the immense volume of data.

Thirdly, the stage of translating insights to action involves converting the aggregated data into
meaningful outputs, such as additive manufacturing, autonomous robots and digital design and
simulation. In an industrial cloud, raw data is processed with data analytics applications and
then turns into practically usable knowledge.

Increasing data density with Industry 4.0 and the fusion of information technology and
operational technology brings with it newer challenges, particularly of cyber security (Frost
and Sullivan 2017).
Cyber security is the core issue that all governments follow at the highest level of importance.
It is a protection of business information and precious knowledge about a subject or system in
digital shape against abuse, unauthorized access, and thefts (Kaplan et al. 2011).

TYPES OF CYBER SECURITY

Network Security: It involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruption, and misuse. This security
helps an organization to protect its assets against external and internal threats.

Application Security: It involves protecting the software and devices from unwanted threats.
This protection can be done by constantly updating the apps to ensure they are secure from
attacks. Successful security begins in the design stage, writing source code, validation, threat
modeling, etc., before a program or device is deployed.

Information or Data Security: It involves implementing a strong data storage mechanism to

maintain the integrity and privacy of data, both in storage and in transit.

Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.

Operational Security: It involves processing and making decisions on handling and securing
data assets.

Mobile Security: It involves securing the organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and other similar devices against various
malicious threats. These threats are unauthorized access, device loss or theft, malware, etc.

Cloud Security: It involves in protecting the information stored in the digital environment or
cloud architectures for the organization. It uses various cloud service providers such as AWS,
Azure, Google, etc., to ensure security against multiple threats.

Disaster Recovery and Business Continuity Planning: It deals with the processes,
monitoring, alerts, and plans to how an organization responds when any malicious activity is
causing the loss of operations or data. Its policies dictate resuming the lost operations after any
disaster happens to the same operating capacity as before the event.

User Education: It deals with the processes, monitoring, alerts, and plans to how an
organization responds when any malicious activity is causing the loss of operations or data. Its
policies dictate resuming the lost operations after any disaster happens to the same operating
capacity as before the event.
INDUSTRIAL CHALLENGES

There are security challenges associated with all these application areas. Some of them are very
obvious, for example, misuse of personal information, financial abuse. On the other hand,
others are more specific depending on the structure of the industry. With more and more
enterprise connected devices being incorporated into the banking sector, the finance industry
is faced with an increasing number of ever-evolving cyber security challenges (Craig 2016).
Issues of highest concern in financial services industry include protecting privacy and data
security, managing third-party risks and stifling compliance regulations.

Although the cyber-attacks have become widespread in the manufacturing industry, recent
reports show that energy companies are more prone to these threats, which have become more
advanced over the years. At least 75% of companies in the oil, gas and power sectors had one
or more successful attacks in 2016. In total, more than 15% of the cyber-attacks are direct
attacks on the energy sector. Challenges of utmost concern in energy industry include
protecting privacy and data security, lack of skills and awareness, the integrity of components
used in the energy system and increasing interdependence among market players.

The use of IoT in healthcare applications is growing at a fast pace. Many applications such as
heart rate monitor, blood pressure monitor and endoscopic capsule are currently in use (Al
Ameen et al. 2012). Information security and privacy are becoming increasingly important in
the healthcare sector. The storing of digital patient records, increased regulation such as Health
Insurance Portability and Accountability Act (HIPAA), provider consolidation, and the
increasing requirement for information between patients, providers, and payers point to the
need for better information security (Appari and Johnson 2010).

In the transportation industry, rapid developments in technology and widening the connectivity
of systems, networks, and devices across transport and logistics bring more opportunities in
terms of cost, speed, and efficiency. As more devices and control processes are connected on
internet environment, more vulnerabilities will emerge. Developing measures against these
threats is at the top of the vital issues for the transport sector. Among the major problems in
the transportation industry are data security and privacy and emerging and advanced cyber
threats.

TYPES OF CYBER SECURITY THREATS

Ransomware: In a ransomware attack, the target downloads ransomware, either from a website
or from within an email attachment. The malware is written to exploit vulnerabilities that have
not been addressed by either the system’s manufacturer or the IT team. The ransomware then
encrypts the target's workstation. At times, ransomware can be used to attack multiple parties
by denying access to either several computers or a central server essential to business
operations.
Password Attack: Passwords are the access verification tool of choice for most people, so
figuring out a target’s password is an attractive proposition for a hacker. This can be done using
a few different methods. Often, people keep copies of their passwords on pieces of paper or
sticky notes around or on their desks. An attacker can either find the password themselves or
pay someone on the inside to get it for them.

Denial-of-service: A denial-of-service attack floods systems, servers, or networks with traffic

to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate
requests. Attackers can also use multiple compromised devices to launch this attack. This is
known as a distributed-denial-of-service (DDoS) attack.
Malware: Malware is a term used to describe malicious software, including spyware,
ransomware, viruses, and worms. Malware breaches a network through a vulnerability,
typically when a user clicks a dangerous link or email attachment that then installs risky
software

Phishing: Phishing is the practice of sending fraudulent communications that appear to come
from a reputable source, usually through email. The goal is to steal sensitive data like credit
card and login information or to install malware on the victim’s machine. Phishing is an
increasingly common cyberthreat.

Eavesdropping: Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks,

occur when attackers insert themselves into a two-party transaction. Once the attackers
interrupt the traffic, they can filter and steal data.

Structured Query Language: A Structured Query Language (SQL) injection occurs when an
attacker inserts malicious code into a server that uses SQL and forces the server to reveal
information it normally would not. An attacker could carry out a SQL injection simply by
submitting malicious code into a vulnerable website search box.
Whale-phishing Attacks: A whale-phishing attack is so-named because it goes after the “big
fish” or whales of an organization, which typically include those in the C-suite or others in
charge of the organization. These individuals are likely to possess information that can be
valuable to attackers, such as proprietary information about the business or its operations.
URL Interpretation: With URL interpretation, attackers alter and fabricate certain URL
addresses and use them to gain access to the target’s personal and professional data. This kind
of attack is also referred to as URL poisoning.
Trojan Horses: A Trojan horse attack uses a malicious program that is hidden inside a
seemingly legitimate one. When the user executes the presumably innocent program, the
malware inside the Trojan can be used to open a backdoor into the system through which
hackers can penetrate the computer or network.
MAJOR CYBER SECURITY ATTACK CASES REPORTED

Flame: Flame, also known as Skywiper and Flamer, is a modular computer malware discovered
in 2012 as a virus that attacks Microsoft Windows operating system computers in the Middle
East. When used by spies for espionage, it infected other systems via a local area network
(LAN) or USB stick with over thousands of machines attached to others, educational
institutions, and government agencies. Skype conversations, keyboard activity, screenshots,
and network traffic were recorded. On May 28, 2012, the virus was discovered by Iranian
National Computer Emergency Response Team (CERT), CrySys Lab and the MAHER Center
of Kaspersky Lab.

July 2009 Cyber Attacks: A group of cyber-attacks took on major governments’ financial
websites and news agencies, both United States and South Korea, with releasing of botnet. This
included captured computers that lead servers to be overloaded due to the flooding of traffic
called DDoS attacks. More than 300,000 computers are hijacked from different sources.

Maroochy Shire sewage spill in Australia (March 2000, Australia): The attacker changed the
electronic data using the stolen wireless radio, the SCADA controller, and the control software,
and all operations failed. It leaded to release up to one million litres of sewage into the river
and coastal waters of Maroochydore in Queensland, Australia (RISI 2015).

Public tram system hacked remotely (January 2008, Poland): The signaling system on Lodz’s
tram network was manipulated by a remote control system which was designed by a 14-year
old boy utilizing a TV remote control. It caused the derailment of four trams and more than a
dozen of passengers were injured.

New York Dam Attack: In March 2016, computer-based control of a dam in New York was
hacked by attackers using cellular modems.

Ukrainian Power Outage: In December 2015, a power company located in western Ukraine
suffered a power outage that impacted a large area that included the regional capital of Ivano-
Frankivsk. Three separate energy companies, known as “Oblenergos”, were attacked and
blocked the power of 225,000 customers. The attack was carried out by hackers using
BlackEnergy malware that exploited the macros in Microsoft Excel document. The bug was
planted into company’s network using spam emails
CYBER SECURITY MEASURES FOR ORGANIZATIONS

Do not allow to connect directly to a machine on the control network, on a business network
or on the Internet. Organizations may not realize this connection exist, a cyber attacker can find
a gap to access and exploit industrial control systems to give rise to physical damages

A firewall is a software program or hardware device that filters incoming and outgoing traffic
between different parts of a network or between a network and the Internet. Do not allow a
threat to easily reach your system by reducing the number of routes in your networks and
applying security protocols to the routes.

Remote access to a network using some conservative methods like Virtual Private Network
(VPN) provides big advantages to the end users. This remote access can be strengthened by
reducing the number of Internet Protocol (IP) addresses that can access it by using network
devices and/or firewalls to identified IP addresses.

Role-based access control allows or denies access to network resources based on business
functions. This limits the ability to access files or system parts that individual users (or
attackers) should not be able to access.

Applying strong passwords is the easiest way to strengthen your security. Hackers can use
software tools that are easily accessible to try millions of character combinations to gain
unauthorized access—it is called brute force attack. Many Internet-enable devices include
hard-coded default credentials. Such identity information is often freely available on the
Internet and is widely known by people. Most malware targeting IoT devices is only performed
by attackers using default credentials. According to Microsoft, you should definitely avoid
using personal data, backwards-known words, and character or number sequences that are close
together on the keyboard.

It is important to ensure awareness of vulnerability and application of required patches and

updates. To protect an organization from opportunistic attacks, a system must be implemented
to monitor and enforce system settings and updates. Organizations should consider updating
system and software settings automatically to avoid missing critical updates.

Your employees are responsible for helping to ensure the safety of your business. It is very
important to give your employees information about safe online habits and proactive defense
and give them regular cyber security awareness and training.

Due to the portable nature, there is a greater risk of laptop computers. It is important that you
take extra steps to protect sensitive data. It is important that you take additional steps to protect
sensitive data. Encrypting your laptop is the easiest way to take precautions. Encryption
software changes the way information appears on the hard drive, so it cannot be read without
the correct password