Industrial IoT Security: Why and how?

Few enterprises are prepared to deal with the new cyber risks in the IoT world. Without a secured IT infrastructure that supports connectivity across the value chain, attempts to create the smart factory of the future will fail.

The manufacturing sector is undergoing a transformation so exciting and promising it is often referred to as the Fourth Industrial Revolution or Industry 4.0. Broadly defined, for a manufacturing system to be described as a smart factory, it needs to have its industrial control mechanisms connected to cloud intelligence, managed by cyber physical control systems. The automotive sector has always been at the forefront of innovation, and it still leads in Industry 4.0, but the move to smart factories also applies to all other manufacturing sectors. That includes industries that employ discrete or continuous production to manufacture, produce, or process items or materials, such as in power generation, oil refining, or chemical production.

The manufacturing sector knows that embracing Industry 4.0 is the only way to survive, and that the use and analysis of real-time data provides the competitive edge to work more efficiently. According to a study by PwC, 85% of the companies questioned will have implemented Industry 4.0 in most key areas by 2020. As industrial control systems become more responsive, open to external devices, and interconnected to the Internet, these systems are exposed to cyber risks which have been shown to lead to defective products, equipment damage, stalled production, safety risks – or even business-ending events.

The need and demand for industrial security

A frightening example of such an incident is the hacking of Ukraine’s power grid, in December 2015, which left large sections of the population without power. A truly smart factory needs a secured IT infrastructure that supports connectivity right through the value chain. Manufacturers need to have plant-wide connectivity in order to link devices and share operational data with IT systems within their site, and with their suppliers, enabling automated analysis and optimization. This connectivity is of great benefit for businesses, partners, customers, and suppliers because it enables production to be adjusted to match demand, and for maintenance needs to be predicted and scheduled to maximize profits. It can also support many other novel inventions and business models. However, the integrity of sensitive equipment and confidentiality of secret designs and formulations must be protected.

_{Steve Hann, Senior Principal Technical Marketing at Infineon Technologies AG}

Security is of critical importance in an isolated production plant but even more so in an interconnected industrial value chain. The 2016 IBM X-Force Cyber Security Intelligence Index ranks manufacturing as the second most attacked industry of 2015, after health care. The most targeted manufacturing sub-industry was automotive (30%), followed closely by chemical manufacturing.

According to a 2017 study by Deloitte, Industry 4.0 and Cyber Risk: Security in an age of connected production, the manufacturing sector is “woefully unprepared” to meet cyber threats. For manufacturing leaders, therefore, defending against these attacks should be high on the agenda. There are signs that businesses are focusing more attention on cybersecurity. A recent IDG study predicts that, by 2020, global organizations will be spending $101.6bn annually on security hardware, software, and services, compared to $73.7bn in 2016.

The nervous system of industry 4.0

If servers at plant level act as the brain of an Industry 4.0 “nervous system,” programmable logic controllers (PLCs) equate to the nerves that control the muscles – the motors and valves. The technology used for the different levels within the architecture differs: At the lowest level of field and control there is a lot of embedded hardware, such as sensing elements, electronic circuits, PLCs, and microprocessors. At the supervisory level, devices tend to include industrial PCs and network devices, gateways, and routers with a strong data storage and processing capability. Data streams are funneled from the whole process up to the supervisory control level. As information flows upwards, the measurements collected by sensors at the field level are aggregated and passed to the supervisory level. Throughout this data flow between the levels, the data and the devices must be protected.

The design of an industrial control system often lacks basic security controls, such as authentication and encryption, which means that attackers can read and modify this data at will once the network is breached. They can even gain access to industrial controllers like the PLCs, alter their configuration, and corrupt the process from the control level.

Security technologies: Manufacturers need powerful, reliable security technologies to secure communication between devices and machines within heavily networked infrastructures

As the PLCs within industrial control systems define the process flow and safety settings, an attack at this level can cause immense disruption and damage but can stay undetected. The scope of the damage is multiplied if the production site is no longer a stand-alone facility but an interconnected, smart-factory environment.

How to protect a smart factory

How can a smart factory be protected? A defense in depth approach is best. Relying on software alone to protect your industrial control system would be like trying to protect yourself from a heavy downpour with only rain boots. By far the smartest way to completely secure a process is by using strong hardware solutions and software applications together – a raincoat and rain boots strategy.

Security products are designed and tested not just on a functional level but also to resist many kinds of security attacks. Infineon supplies hardware solutions to safeguard automated industrial systems by protecting data streams and device integrity across all levels of the industrial architecture. Together with the company’s network of international partners, Infineon’s security controller portfolio has been designed to grow and maintain secure uninterrupted operations. Hardware security products protect industrial control systems by ensuring integrity is maintained and enabling authentication processes. Already, meeting today’s industry standards usually requires the introduction of hardware security within industrial systems to comprehensively protect the most security-sensitive processes and applications.

In Industry 4.0 everything is nothing without security

Intelligently implementing hardware security to protect the entire manufacturing environment enables any organization to successfully protect its whole production process. When fully integrated into an overall security strategy, reliable hardware based protection helps industry by neutralizing the effects of cyber attacks, using proven and tested technology to protect the manufacturing process across all control levels.

READ MORE ARTICLES