Challenges of Securing IIoT and Ensuring Plant Safety
As noted in the first article in this series, the Industrial Internet of Things (IIoT) has created some complexities for manufacturers, and some strategies to help tackle them. As more and more manufacturers look to implement IIoT technologies, a key consideration must be security. When organizations begin to incorporate IIoT into their plants, the sheer amount of universally connected devices, access points to the network and data volume created opens a slew of cyber security threats that didn’t exist before.
Data breaches can have a significant effect on businesses by completely interrupting productivity and continuity, and manufacturers should be concerned about their exposure to theft, process disruptions, personnel injuries and liability, among other risks. Breaches not only impact the continuity of the business but also people, assets and the environment.
Often cited among the concerns about the security integrity of IIoT — and potential reasons for its adoption not being wider-spread — are connected devices and any unauthorized access to proprietary information. It’s no surprise that manufacturers are wary to adopt. Security might be challenging when managing connected devices and creating an exponential amount of data, but it’s not impossible. Manufacturers need to understand the importance of security for their machines and the overall safety of their plants. That begins with considering how people and personnel impact security.
How People Impact Security
Technology is meaningless without people leading the effort. Today, many employees are bringing their own devices to work, but many employers don’t have the policies and procedures in place to allow them to securely use those personal devices to interface with technology on the facility floor. Manufacturers should look to other industries to understand how BYOD policies have become commonplace, particularly when leveraging business applications, and how to adapt these policies on the field level.
The other side of this equation is helping employees understand the impact their behavior and their technology use have on the plant operation. A simple act of accidentally introducing a personal device with malware or other unsafe materials can wreak havoc on an operation.
As we continue moving toward a more automated manufacturing and industrial environment, strong leadership and executive support are critical to lead the IIoT initiative and ensure security is top of mind for manufacturers and plant operators.
Breaking Down Safety and Security Silos
When a major cyber threat impacts a facility, it causes not only a business interruption, but also possible harm to workers in the plant. Cyber security and safety should be a concern that’s addressed hand in hand.
Despite the differences between cyber security and safety, the proven process safety methodology can be used for industrial cyber security in view of define, assess and implement. While cyber security and safety might seem like distinct areas, they are actually more similar than different. In fact, there’s much discussion surfacing around the convergence between cyber security and process safety. This is demonstrated by the efforts we’re seeing from ISA 84 and ISA99 committees that are starting to initiate steps in order to collaborate more closely. The threat landscape is constantly evolving, and as technology, processes, standards and people are driving the convergence of cyber security and process safety, organizations can no longer treat the two as disparate disciplines. Given Stuxnet, manufacturers now understand that their control and automation systems are vulnerable to attacks, putting both their systems and personnel at risk.
With the integration and collaboration between cyber security and process safety, organizations will be better positioned to respond to both the cyber and physical security threats that can impact their facilities.
Key Considerations for Securing Your Plant
In the IIoT era, there are a number of key considerations manufacturers should look to implement as part of their security and safety protocols:
- Maintain Standards: Manufacturers need to follow IEC 62443, a cyber security standard in the design of their plant operations to ensure they’re following the latest security protocols available.
- Choosing the right security solutions: Ensure the products they leverage are cyber security certified — or Achilles certified — which certifies industrial automation components related to cyber security.
- Consider leveraging a closed-loop system: Organizations can take advantage of the benefits of IIoT within their own closed-loop system, helping to prevent outside threats from impacting the organization. Within this closed loop environment, companies still need to incorporate multiple levels of security, which are absolutely critical in helping to minimize the risk of attacks and make it more challenging to breach the most critical areas and elements of the plant.
To optimize the security of their machine and plants, it is imperative for manufacturers to continually assess and update their security programs to ensure data is stored, managed and transported according to the highest security standards. This will require collaboration and communication amongst all Industry players. Creating a robust cyber security and safety plan can help protect sensitive, business critical data, and ensure the safety of the plant and its people.