Without appropriate counter-measures, cyber-attacks can exploit the increased system connectivity provided by Industry 4.0 (I4.0) to cause catastrophic events, by, e.g., injecting or tampering with messages. The solution supported by standards, such as, OPC-UA, is to sign or encrypt messages. However, given the limited resources of devices, instead of encrypting all messages in the network, it is better to encrypt only the messages that if tampered with or injected, could lead to undesired configurations. This paper describes the use of formal verification to analyse the security of I4.0 applications. We formalize in Rewriting Logic, I4.0 applications and systems, i.e., networked sets of devices, and a symbolic intruder model. Our formalization can be executed by the tool Maude to automate such security analysis, e.g., determine which messages are sufficient to sign in order avoid injection and tampering attacks.