Pay attention: Industrie 4.0 and ICS cyber security
Industrie 4.0 is propelling organizations and their production and service delivery capabilities far beyond steam power and factory electrification, and industrial control systems (ICSs) can provide a vital layer of protection to keep networks safe.
Greater attention to industrial control system (ICS) cyber security is required with greater connectivity and information flow in manufacturing and in process plants. The Internet of Things (IoT), perhaps the most popular buzzword to hit the tech mainstream since "tweeting," refers to the billions of smart connected devices that range from simple sensors to complex machines that affect business on a local, regional, and global scale, and personal behavior. So many devices are connecting, that International Data Corp. (IDC) predicts the worldwide IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020.
While most people currently associate the IoT with connected consumer devices such as fitness trackers, smart thermostats, and feature-rich light bulbs, much of the same communications capabilities in these products are being used in more specialized devices that run critical infrastructure systems such as those in the energy, water, transportation, and chemical sectors that serve the needs of citizens and countries alike. In fact, 35% of manufacturers already use devices categorized as smart sensors in their process and manufacturing operations, and an estimated 5.4 million IoT devices will be used on oil and gas extraction sites around the world by 2020. Likewise, energy companies will be installing 1 billion smart meters on homes, businesses, and factories by 2020.
Enter Industrie 4.0, the name given to what's being called the fourth industrial revolution. Industrie 4.0 is propelling organizations and their production and service delivery capabilities far beyond steam power and the electrification of the factory. Industrie 4.0 goes beyond the digital modernization that brought networking, computing power, and automation into the production environment and onto the plant floor.
According to PricewaterhouseCoopers (PWC), the Industrie 4.0 movement is characterized by the increasing digitization and interconnection of products, value chains, and business models. It is the industrial sector's version of IoT-aptly named the Industrial Internet of Things (IIoT). This modern technology that is blanketing industry enables even greater amounts of automation and remote management of system assets. It also is providing visibility into operations designed to help system owners and operators improve productivity and facilitate healthier returns on investment for the products and services their systems provide.
The switchover in industry to smarter devices with greater local computing power and network communications helps organizations enjoy measurable benefits including improvements to process safety, reliability, and visibility into the production process. Such benefits rely on innovation, and they are altogether missed when old systems installed years (if not decades) ago remain locked in time, not changing in a way to take advantage of more modern, progressive technologies. These systems are at greater risk for malicious attacks. So what is the solution when such vulnerabilities are matched with real-world threats?
Connectivity risks, rewards
Most manufacturing and process systems, such as an oil pipeline, power plant, water treatment facility, transportation network, and even building automation systems (BAS), are undergoing the same transformation where old, simple assets are replaced with smarter, more connected devices. With these new devices come new network infrastructures designed to create even greater connectivity and data interactions between the devices and previously disparate systems.
Usually, it's not until an incident occurs, such as a loss of communication, failed device, product misconfiguration, or a security breach, that an industrial network is brought into focus. Events like these quickly lead to safety impacts, expensive downtime, lost production, and potentially far-reaching financial impacts. While such consequences are no secret to asset owners and operators, investments made to counteract them are often limited and often overlook a key opportunity to further reduce latent risks. One glaring omission often seen in many of the most progressive industrial control systems is the absence of a clear view and understanding of what critical network communications actually look like inside these mission-critical systems.
Many popular control system configuration and monitoring tools only provide a window to program and configure parameters and logic control, to monitor status, or provide operators with status of the process control system itself. The network and its infrastructure are largely ignored by much of this software; yet, incidentally, the network often has a great effect on overall system performance and stability. If disrupted or overwhelmed, the network's availability, or lack thereof, can immediately impact the safety and productivity of the system.
That said, the opportunity to get out in front of many of safety and security risks is already available by way of proactive planning and the use of continuous network monitoring that features capabilities to detect and alert engineers of abnormal events so responsible action can be taken.
ICS future is here
ICSs have evolved to become connected with business information systems and often include remote management capabilities. They are no longer isolated independent systems, which were previously thought of as islands of automation. Owners and operators now access many of today's systems from afar and can reach into individual devices that control and monitor critical operations.
This level of connectivity and accessibility goes to show that the IIoT is not a future state for industry. If anything, the IIoT is in many ways already here, and if all of the new device and system connectivity aren't properly built and maintained, most every cyber-physical systems will be vulnerable to threats that could have grave consequences.
In response, those responsible for automation and control systems are increasingly seeking ways to reduce risks. Some are evaluating and force-fitting information technology (IT) practices and technologies into the operational technology (OT) space in hopes that doing so will improve visibility and situational awareness. Yet, many IT tools are square pegs in round holes since they don't have context or understanding about the unique nature of industrial networks and systems. Office-grade products also do not understand the particular protocols, commands, and data flows that operate the engineered systems that produce tangible products and services.
The IIoT revolution
The IIoT and Industrie 4.0 platforms are comprised of cyber-physical systems with connected devices that collectively make up the smart factory—a facility or operation with the technical advantages of self-prediction and self-awareness in the processes used to make and move products and services.
A key aspect of Industrie 4.0 is that it's not just about pure industrial products and specialized technologies. It includes outside influences, such as business and consumer-grade technologies, that are becoming comingled and tightly interlaced with other industrial-grade devices inside a production environment.
In today's systems, it's to be expected that ICS will also carry IT-oriented traffic, such as web services, remote access, virtualization services, and encryption technologies along side of the control services needed to run a process. In fact, a cadre of well-established technologies originally created for business-to-business activities, commercial communications, consumer services, and entertainment are now readily found inside most contemporary industrial systems; however, without a view of the network, these technologies are often unknown to engineers, technicians, operators, and even to control system manufacturers.
Learn more about monitoring the ICS network and the potential risks that come with more connectivity.