The Internet of Things (IoT) is a recent concept, involving the connection of devices that incorporate electronics, software or sensors, with the aim of collecting and exchanging data.
Over the past few years, IoT has spread like wildfire, with Cisco predicting that there will be over 50 billion connected devices next year. These range from controllable lighting and heating in the home through to machine-to-machine communications in the factory. However, the rapid explosion in devices in the Industrial Internet of Things (IIoT) poses higher security risks for manufacturers, especially in relation to data protection.
This issue must be urgently addressed if manufacturers want to benefit from much greater capabilities and functionality. Indeed, manufacturers worldwide are already striving to strengthen their competitiveness by using IIoT to enhance their capabilities. They’re also using digital technologies to make their sites more intelligent.
However, the risks are much higher in manufacturing than in many other sectors, with serious threats such as disrupted production due to ransomware and other malware attacks. Meanwhile, manufacturers need to meet demands for higher quality and safety. The latest technology will help them to comply with stringent regulations on food and pharmaceutical products and the traceability of components in the electronic parts industry.
Key security issues
Security risks relating to IIoT in manufacturing include:
- The people who access equipment and data
- The devices connected to machinery and production lines
- The data that are collected and exchanged
Each of these poses challenges in terms of effective authentication procedures.
Manufacturers are urgently addressing areas such as authentication and encryption. For instance, hackers often attempt to impersonate authorised users so that they can access data or disrupt processes. On the Internet, passwords are used for authentication and websites are protected by the SSL (Secure Sockets Layer) protocol. However, usernames and passwords aren’t always the best methods of personal authentication for potential IoT users. Some encryption methods are ineffective against potential hackers.
Authentication, access control and a lack of basic cyber security measures are all key issues relating to IIoT devices. Weak security has implications for the systems to which they are connected and the whole infrastructure.
Traditional authentication methods and weak passwords can’t cope with the number of devices and machine-to-machine communications within an IIoT operation in a complex manufacturing environment. The devices must be able to authenticate each other so that data can be safely exchanged. The IIoT platform also needs to provide strong authentication processes as well as device authorisation and access control.
Another important requirement is an inventory of devices, especially those vulnerable to attack. This can help managers to isolate any involved in a breach. The next step is to secure communications between the devices, any apps and the cloud. This might typically include sophisticated encryption techniques.
Stringent data protection includes safeguarding its transmission, storage, processing and disposal. Cyber security and anti-hacking measures are vital if manufacturers are to take advantage of IIoT. A manufacturing site could have thousands of interconnected devices. The huge amount of data that’s collected and exchanged is almost impossible to monitor: for instance, IBM believes that 2.5 quintillion bytes of data could be being generated each day. Any security must comply with strict data protection regulations, including the General Data Protection Regulation (GDPR).
Data security starts with personal and device security and might involve further encryption techniques and items such as data signatures. Network communications must be carefully monitored for potential vulnerabilities or data breaches. This includes the need to identify affected devices; services that might have been accessed; and data that might have been compromised. Manufacturers need an effective strategy for rapidly resolving any issues that arise.
Omron and IIoT security
Omron and Cisco have joined forces to help manufacturers to enjoy the benefits of IIoT whilst being protected from its vulnerabilities. Cisco’s networking and security technology will be integrated into our machine and programmable logic controllers (PLCs), which deliver reliability under extreme conditions at manufacturing plants. This will help manufacturers to achieve safe and secure production in intelligent sites that use IIoT.
Together, we’ll develop a secure environment in which machine controllers and PLCs provide security authentication for the three risk areas:
- User authentication: Our controllers and PLCs will authenticate user access and grant secure remote access (VPN) only to authorised users.
- Device authentication: The controllers and PLCs will detect device connections, block access from unauthorised devices, and issue real-time alerts.
- Data authentication: Our devices will encrypt communication data and ensure that the data are transmitted appropriately. They’ll detect and record any unauthorised access and security threats by monitoring and visualising data in the network.
The rapid increase in IIoT devices is creating a higher security risk, especially for the data that’s being collected and exchanged. This must be addressed so that IIoT can continue to develop safely and securely in the future. Ensuring the security of IIoT solutions in production lines will help progressive manufacturers to streamline their processes whilst enabling them to make further advances in manufacturing.