The industrial internet of things (IIoT) is grappling with an uncomfortable trade off; enhanced ease-of-use and productivity or security.
In many industrial scenarios, if connectivity can improve efficiency by just a small percentage, billions of dollars could be saved. However, where there is connectivity there is a cyber-security risk. In the IIoT, where all manner of devices could be connected, each one of those devices has the potential to become a threat to the entire corporate IT network if not secured properly.
The IIoT is being hailed as part of the next great industrial revolution; cyber-physical systems. Experts have predicted that the IIoT could produce as much as $14 trillion in economic gains over the coming decade. Even moderate estimates show that the IIoT will have an incredible impact on our economy. It is therefore no surprise then that businesses are racing to harness the great potential of the IIoT by developing their products, manufacturing processes and supply chains.
By bringing together connectivity with analytics, information technologies and operational technologies, owners and operators of industrial plants will be able to realise these great savings and value adds. A plant can be designed to react to changes during production in real time, for example, or anticipate and avoid events that might impact operations. Other applications may involve predictive maintenance. Almost all industrial systems can be calibrated to avoid downtime or the potentially disastrous consequences related to previously unanticipated failure of critical systems.
Supervisory Control and Data Acquisition (SCADA) systems have long played a leading role in industrial operations. Industries like oil and gas, mining, agriculture and utilities are among the obvious examples of SCADA system users. Their SCADA networks collect data and automate processes, the systems are always looking to automation systems for more effective ways to operate.
The IIoT takes this to a whole new level and does not make SCADA systems obsolete by any means. In fact, it opens the door to greater possibilities of enabling new applications and analytics with every single data point being captured in the system.
However, as it stands, there is a critical payoff; the ability to keep industrial systems and a corporations whole IT network safe from cyber-security threats. Ron Carr, President and Managing Member of Access Control Technologies (ACT), as well as a Business Development Partner for Tripwire with over 40 years of experience in pipeline SCADA communications, suggests this problem affects not only manufacturers and process control operators but also pipeline control operators.
“Any ‘thing’ or device that is controlled by network communication that ‘faces’ the Internet is vulnerable to being hacked”, Carr states. The IIoT devices are no exception according to Carr, “the brief period of time it takes to plug in a laptop (that has an internet connection) to a flow computer in order to download a software upgrade is all it takes to upload malicious malware such as BlackEnergy or Stuxnet”.
Cyber-security has consistently made headlines for many years, large-scale breaches were reported across some of the biggest US retailers back in 2013. Malevolent hackers are constantly trying to access consumer financial information, and cyberspace has become a battlefield as strategically important as any physical location.
IIoT needs better cyber-security protocols. The new issues facing the IIoT mirrors the earlier enterprise network security challenges that forced the change from protocols such as Netware to protocols such as TCP/IP. Now Enterprises must transform the formerly gated IIoT by moving from closed protocols such as MODBUS to open protocols such as TCP/IP.
Sounds easy enough but this no small feat, in order to enact this transformation and bridge the worlds of unfettered open internet and enterprise closed communities is as challenging as the benefits are great. While it’s readily acknowledged that the security and apps industries should be doing more to lock down systems, there remains confusion, a lack of technical expertise, and inadequate cross-sector business relationships to successfully bridge the untrusted and secure worlds.
According to a recent Manufacturing.net survey, many manufacturers are misinformed about what they can do to keep their systems safe. Furthermore, there are mixed opinions about who should be responsible for addressing IIoT security concerns. Within that survey, management, operations and IT were all identified as the parties responsible for overseeing and managing risks. Confusion over who should be responsible means the most efficient solution to protect data is collaboration across departments.
[contact-form-7 id="3204" title="memoori-newsletter"]
We have entered an exciting new age for the next generation of industrial systems. Improvement in microprocessors, in addition to software technologies, and connectivity has created huge opportunities for value creation. However, is value will never be realised, unless these systems are secure from the rising cyber-security threat. Security must be tackled at every layer, from sensors and actuators to the controllers and the operations as well as the business systems in which they work.
Traditional security solutions tend to only protect IT business applications, but these solutions will not succeed for the embedded devices closest to the physical systems. Security must be integrated into even the smallest devices in order to protect operational assets. We are only as strong as our weakest link.
The answers to IIoT security challenges are out there. For a firm to do everything they should be doing to secure their industrial systems and benefit from the invaluable benefits of the IIoT might be quite expensive. However, the cost of not keeping up with the competition by ignoring the IIoT, or the cost of not properly securing an IIoT system, will be even more expensive.