Security in the World of the Industrial Internet of Things

The Industrial Internet of Things (IIoT) is becoming an indispensable part of the manufacturing industry, leading to real-time monitoring and an increase in overall equipment effectiveness (OEE) and productivity. Since the machines are being connected to the intranet and sometimes to the Internet for remote monitoring, this brings a set of challenges and security concerns for these now-connected devices.

 What causes security to be so different between OT and IT?

Operational Technology (OT) manufacturing equipment is meant to run 24/7. So, if a bug is found that requires a machine to be shut down for an update, that stop causes a loss in productivity. So, manufacturers can’t rely on updating operational equipment as frequently as their Information Technology (IT) counterparts.

Additionally, the approach of security for OT machines has largely been “security through obscurity.” If, for example, a machine is not connected to the network, then the only way to access the hardware is to access it physically.

Another reason is that OT equipment can have a working lifetime that spans decades, compared to the typical 2-5-year service life of IT equipment. And when you add new technology, the old OT equipment becomes almost impossible to update to the latest security patches without the effort and expense of upgrading the hardware. Since OT equipment is in operation for such a long time, it makes sense that OT security focuses on keeping equipment working continuously as designed, where IT is more focused on keeping data available and protected.

These different purposes makes it hard to implement the IT standard on OT infrastructure. But that being said, according to Gartner’s 80/20 rule-of-thumb, 80 percent of security issues faced in the OT environment are the same faced by IT, while 20 percent are domain specific on critical assets, people, or environment. With so many security issues in common, and so many practical differences, what is the best approach?

The solution

The difference in operation philosophy and goals between IT and OT systems makes it necessary to consider IIoT security when implementing the systems carefully. Typical blanket IT security systems can’t be applied to OT systems, like PLCs or other control architecture, because these systems do not have built-in security features like firewalls.

We need the benefits of IIoT, but how do we overcome the security concerns?

The best solution practiced by the manufacturing industry is to separate these systems: The control side is left to the existing network infrastructure, and IT-focused work like monitoring is carried out on a newly added infrastructure.

The benefit of this method is that the control side is again secured by the method it was designed for – “security by obscurity” – and the new monitoring infrastructure can take advantage of the faster developments and updates of the IT lifecycle. This way, the operations and information technology operations don’t interfere with each other.

Maximize the Benefits of Open-Source Code in Manufacturing Software

The rise of many players in manufacturing automation, along with factories’ growing adoption of Industrial Internet of Things (IIoT) and automation solutions, present a suitable environment for open-source software. This software is a value-adding solution for manufacturers, regardless of their operation technology and management requirements, due to the customization, resiliency, scalability, accessibility, cost-effectiveness, and quality it allows.

Customization

Software developers who use open-source code provide software with a core code that establishes specific features and allows users to access it and make changes as necessary. The process is much like being able to complete an author’s writing prompt or change the end of a story. Unlike a closed system that locks users in, open-source allows them to adapt and modify the code to meet a particular need or application.

This add-on coding system provides endless customization. It enables communities (i.e., users) to add or remove features beneficial in an integration phase, such as features for user testing or to find the best solution for a machine.

Customization is also valuable regarding data visualizations; users can develop dashboards and visuals that best describe their operations. Suppose a sensor provides real-time condition monitoring data over a particular machine. In that case, it’s possible to customize the code supporting the software that gathers and processes the data for specific parameters or to calculate specific values.

Resiliency

Additionally, open-source code is resilient to change because it can be modified quickly. The ability to quickly add or remove features and adapt to cyber environments or specific applications also makes it volatile. Like exposure to pathogens can help strengthen an immune response to said pathogens, so can an open-source code be made stronger by its exposure to different environments and applications to be ready to face cybersecurity threats. Implementing an open code isn’t any less risky (cybersecurity-wise) than closed codes due to the testing and enhancements made by so many coders or programmers. However, it is up to the implementer to use the same rules that apply to other closed source software. The implementer must be aware of the code’s source and avoid code from non-reputable sources who could have modified it with negative intentions. Overall, the code is resilient, adaptable, and agile to adapt given a new environment.

Scalability

The add-on and customization aspects of open-source also allow the code to be highly scalable. This scalable implementation happens in two dimensions: adoption timeline and application-based. Both are important to guarantee user acceptance and that it meets the operation and application requirements. Regarding the adoption timeline, scalability allows modification of the software and code to meet users’ expectations. Open-sourced code enables the implementation of features for user testing and feedback. The ultimate solution will include multiple iterations to meet the users’ needs and fulfill operation expectations.

On the other hand, this code is scalable based on the application(s), such as working on different machines, multiples of the same machine with different purposes, or adding/dropping features for specific uses. Say, for example, there are three of the same machine (A, B, and C), but they are in different environments. Machine A is in an environment that is 28°F , B is at room temperature, and C is exposed to constant wash-down. In this case, the condition monitoring software defines the acceptable parameters for each scenario, avoiding false alarms from erroneous triggers. In this example, the base code is adapted to include specific features based on the application.

Accessibility

In general, cost-effective and high-quality open-source code is available online. There are additional resources such as free coding tutorials that don’t require any licenses as well. Moreover, when programmers update an open code, they must make the new version available again, ensuring that the code is accessible and up to date.

Cost-effectiveness and quality

Regarding cost-effectiveness, using community open-source code significantly reduces the cost of developing, integrating, and testing software built in-house. It also reduces the implementation time and makes for better production operations. Essentially, it is high-quality, reliable code created by trusted sources for multiple coders and users.

“The application drives the technology” mantra is at the heart of open-source software development—a model where source code is available for community members to use, modify, and share. IIoT enablers and providers in the manufacturing industry own a particular solution that is then available for manufacturers to adapt to their specific operational requirements. With the increasing adoption of data-collecting technologies, it is in manufacturers’ best interest to seek software providers who grant them the flexibility to adjust software solutions to meet their specific needs. Automation is a catalyst for data-driven operation and maintenance.