Addressing IoT Security Issues in Manufacturing Sites
Inherent Security Authentication
According to Cisco, the number of connected devices is expected to exceed 50 billion imminently. These range from everyday items such as controllable lighting and heating in the home through to machine-to-machine (M2M) communications in the factory. The potential security issue – especially in relation to the data that is being collected and exchanged – needs to be urgently addressed so that the IoT, as well as the IIoT, can continue to develop safely and securely in the future. CMS Wire recently reported that, if this can be achieved, “It is likely that adoption will continue at an exponential rate, greater consolidation will drive developers to edge computing and connected applications will unlock multi-purpose robots, leading to far greater capability and functionality.”
In reality, this is already beginning to happen in some areas. Manufacturers around the world are striving to strengthen their global competitiveness and corporate value by enhancing their manufacturing capabilities through the use of IIoT. The industry is also rising to the challenge of making manufacturing sites more intelligent through the active use of digital technologies. However, the risks are also much higher in the manufacturing industry than in many other sectors. Manufacturing sites are facing more serious threats than ever before, as evidenced by recent cases of disrupted production due to ransomware and other malware attacks.
Meanwhile, both customers and the market are demanding higher levels of quality and safety through measures such as more stringent regulations on food and pharmaceutical products, as well as better traceability that will ensure the quality of individual components in the electronic parts industry. Manufacturers therefore face significant challenges in continuing to improve the technologies they use while addressing these issues.
Key Issues for Manufacturers
Three specific areas of security risks in relation to the use of IIoT in manufacturing include the people who access equipment and data at the manufacturing sites, the devices that are connected to machinery and production lines, and the data that are collected and exchanged. Each of these areas poses challenges in terms of effective authentication procedures. One of the first areas that is likely to come under attack involves hackers who attempt to impersonate an authorised user so that they can access data or carry out a disruptive task of some kind. Everyone is now familiar with the Internet, where authentication takes place through passwords and where websites are protected by the SSL (Secure Sockets Layer) protocol.
However, usernames and passwords are not always a very effective method of personal authentication for potential users of IoT. Some of the encryption methods that are used can also be fairly weak and ineffective against potential hackers. IoT security – particularly authentication and encryption – is, therefore, an area that leading manufacturers are urgently addressing.
Authentication, access control and a lack of basic cyber security measures are all key issues relating to the devices employed in an IIoT set-up. If the devices have weak security, that will also have implications for the systems to which they are connected and indeed the whole infrastructure.
Traditional authentication methods and weak passwords are inadequate and cannot cope with the sheer number of devices and the machine-to-machine communications that occur within an IIoT operation – which in turn will typically be part of a complex manufacturing environment. The devices need to be able to authenticate each other so that data can be safely exchanged within the system. The IIoT platform also needs to be able to provide strong authentication processes as well as device authorization and access control.
Another important step includes the development of an inventory of the devices, especially those that could be particularly vulnerable to attack. This can help managers to isolate any devices involved in a breach until the issue is resolved. After the security of the devices has been assured, the next step is to ensure the security of any communications between the devices, any apps and the cloud. This could typically include the use of sophisticated encryption techniques.
At the center of all of the concerns about the security of IIoT within manufacturing sites is the need to maintain stringent data security – including safeguarding its transmission, storage, processing and ultimate disposal. Any security must also comply with a range of strict data protection regulations, including the General Data Protection Regulation (GDPR). Quite apart from the hundreds or thousands of interconnected devices that might be present within a manufacturing site, the sheer quantity of data that is collected and exchanged is almost impossible to monitor: for instance, IBM believes that as much as 2.5 quintillion bytes of data could be being generated each day.
An experienced hacker can exploit a single weakness to gain access to a company’s whole network – and the data within it. So cyber security and anti-hacking measures become not only important but vital if manufacturers are to take advantage of the many benefits of IIoT without opening themselves up to potential disaster.
Data security starts with personal and device security and might also involve further encryption techniques and the use of items such as data signatures. Network communications also need to be carefully monitored for signs of any vulnerabilities or data breaches. This includes the need to identify any affected devices; any services that might have been accessed; and any data that might have been compromised. Finally, manufacturers will need an effective strategy in place for rapidly resolving any issues that might arise.
Addressing IIoT in Manufacturing
So, what steps are organizations taking to try and ensure that manufacturers can enjoy the benefits of IIoT whilst being protected from its vulnerabilities? Omron and Cisco Systems have announced that they will join forces to address this issue. Cisco’s networking and security technology will be integrated into Omron’s machine and programmable logic controllers (PLCs). The latter have been designed to deliver reliability under extreme conditions at manufacturing plants. This collaboration will help manufactures to achieve safe and secure production in intelligent sites that are enhanced by the use of IIoT.
Omron and Cisco will jointly develop a secure environment in which machine controllers and PLCs, as core automation components, provide security authentication for the three discreet elements mentioned earlier: people at manufacturing sites; devices connected to machinery and production lines; data exchanges. Before joining forces with Cisco, Omron had already developed the Machine Automation Controller NJ Series. This is its flagship machine controller, which comes as standard with the OPC UA server and complies with the security-enabled global communications standard. Its new PLCs enable secure data communication with software and devices that support OPC UA.
The rapid increase in the number of IIoT devices is creating a higher security risk, especially in relation to the data that is being collected and exchanged. This issue needs to be addressed so that IIoT can continue to develop safely and securely in the future. Ensuring the security of IIoT solutions in production lines will ultimately help progressive manufacturers to streamline their processes whilst also enabling them to make further new advances in manufacturing.
Omron Electronics GmbH
+49 2173 6800 0
+49 2173 6800 400