The Industrial Internet of Things (IIoT) has been one of the most talked about topics in the manufacturing world. Increasingly, as manufacturers are able to harness benefits from IIoT, others who have not made the move yet, are also seen making a shift towards this trend. Manufacturers have already started reaping benefits from IIoT and the rate of adoption will rapidly shoot up in the next five years. With the introduction of IIoT, the traditional walls between the information technology (IT) and the operational technology (OT) worlds are fast disappearing and as a result of this convergence of technologies, the gap between industrial safety and information security that currently exists in industrial processes is also becoming narrower.
Automation technologies that support factory operations have traditionally been a part of OT technologies; IT on the other hand, included programmable systems. But today, this scenario is changing and manufacturers around the world are realizing newer applications of technology in their environments. Connectivity gives these manufacturers the power to improve manufacturing operations, which in turn helps increase revenue. Extending these new IT technologies to the OT environment however, has increased several risks to manufacturers in the form of information security breaches. More commonly known as cybersecurity, there is still a huge gap in understanding the implications this technology in the manufacturing sector. However, this ongoing change in the manufacturing landscape is likely to expand complex security needs in the factories of the future.
Manufacturing is often a soft target for cyber attacks. Historically, the safety and security of several critical infrastructures such as energy, electricity, water and nuclear plants have been compromised. Gone are the days when manufacturers were just worried about the physical safety of factory assets. The focus has now shifted more towards safeguarding all the crucial data that is being generated by these assets (thanks to IIoT). Hacktivists are constantly looking at launching large-scale cyber-attacks with the motive of causing maximum damage. The recent attacks such as WannaCry and Petya are only a testimonial to this. On the part of manufacturers, they are willing to adopt IIoT applications only after these cybersecurity technologies have been sufficiently proven. A lot of this is because of the conservative mindset of the manufacturing industry.
Manufacturers do face several challenges in choosing and adopting the most ideal cybersecurity solutions, but it is majorly the benefits that overcome these hurdles. Listed below are few pointers that manufacturers must keep in mind while looking to adopt cybersecurity in their factories.
What should manufacturers be doing to ensure a safe and secure manufacturing environment?
1. Ensuring multi–level safety in the manufacturing plant
Often, one weak link is all that a hacker needs to break into a plant unit and access all the sensitive data that it generates. Manufacturers should therefore ensure suitable checks across all levels and phases of plant operation including workforce, process, technical and physical levels.
Just making sure that everything is safe at all the levels of the plant operations can help lay the basic foundation for security. Most cybersecurity incidents in the past have happened due to lack of attention from manufacturers. This can be avoided by ensuring safety at all levels.
2. Co-existing in a co-opted environment
With the growing importance of IIoT in manufacturing, an increasing number of IT and OT organizations are understanding the need and importance of co-optation. They are working towards building common knowledge-sharing platforms and several nation-led initiatives such as the Industrial Internet Consortium (IIC), Plattform Industrie 4.0, and the Smart Manufacturing Leadership Coalition (SMLC). The focus is more on promoting IIoT best practices by curbing issues and identifying areas where IIoT can make a difference. Several organizations are increasingly becoming a part of such collaborative efforts.
3. Preparing ahead
Hacktivists are always on the look-out for loopholes and vulnerable points to launch attacks. Manufacturers will need to constantly upgrade their cybersecurity skills to match these attacks. Preparing ahead by periodically simulating these cyber-attacks can help test the resilience of available security measures. Most often, organizations work on a security breach only after it has occurred—this is but a recipe for disaster. Taking corrective actions after a cyber-attack is only going to cost the manufacturer more time, effort, and cost than what is required towards preventing the attack. Manufacturing companies would therefore need to prepare themselves well in advance and employ a more proactive approach towards cybersecurity.
4. And no, air gapping is not the solution
The common belief that industrial assets are safe if air-gapped and disconnected is no longer true. Firstly, with growing advancements in manufacturing technology and connectivity, it has become practically impossible for manufacturers to completely stay disconnected or isolate a part of manufacturing plant. As an increasing number of companies are encouraging employees to bring their own devices to work, the chances of these cyber-attacks that come in through compromised personal devices is quite high. Also the industrial network is always under the risk of accidental or intentional damage from its employees. The only way to curb this internal attack vector is by implementing more rigorous and rigid monitoring and control mechanisms.
A majority of manufacturing organizations still have two different, vastly disconnected departments for IT and OT functions. Integration of the two departments has not happened in the real sense. There are still different sets of workforce, goals, policies, and projects. It is therefore imperative that companies encourage an integration of the two functions, going forward.