Companies need to change focus, mindset on IIoT security

There are ways for companies to get an Industrial Internet of Things (IIoT) project focused while overcoming the security challenges, but it requires a culture change and a different mindset.

01/25/2017


The trendy industrial technology for the past year is the Industrial Internet of Things (IIoT). You can't go to a trade show or read an industry magazine without getting overwhelmed with new IIoT products or services that promise to completely revolutionize your business.

But what exactly is the IIoT? Can it really help your company? And will it expose your plant floor to new security risks?

If you can't answer those questions, you are not alone.

It turns out most business executives don't understand what IIoT is either. Many don't understand what it can (or can't) do for their company. And even fewer have a plan detailing how they might deploy IIoT effectively. According to a 2015 Accenture survey, 36% of 1,400 business leaders admitted their senior managers have fully grasped the implications of IIoT. Added to that, 7% developed a comprehensive strategy for IIoT with matching investments.

There are enough real-world IIoT deployments happening that allows the careful engineer can separate hype from reality. Companies that have successfully rolled out IIoT projects have discovered it really does have the potential to unlock tremendous value in their manufacturing chain.

Like all new technologies, IIoT is not without its challenges. According to a survey of IIoT experts conducted by Convetit, a company that organizes on-line advisory boards and think-tanks for Fortune 500 companies, the top four challenges of IIoT are:

  • The interoperability of different silos and systems
  • The resistance to organizational change
  • Problems implementing IIoT into existing processes, and
  • Increased security risks.

Manage any of these poorly and an IIoT project can hinder rather than help a company.

For every IIoT success story, there have also been some very insecure IIoT projects. Good or bad, the same issues and solutions show up again and again. There are ways, however, to get an IIoT project focused while overcoming the security challenges facing IIoT implementations.

According to a survey of Industrial Internet of Things (IIoT) experts conducted by Convetit, the top four challenges of IIoT are the interoperability of different silos and systems, the resistance to organizational change, problems implementing IIoT intoRethinking IIoT

The Internet of Things (IoT) is a term first coined in 1999, and it defines our era of connected devices. It has most recently been characterized by the explosive rate of the interconnectivity between intelligent objects that are "network-connected" in order to enable information sharing.

It isn't a revolutionary concept in and of itself—most have been interacting for years with some of the most useful, disruptive, and life-altering connected devices such as the smartphone. Other popular examples of IoT consumer-related goods include home light/temperature controls and wearable biometric devices.

In the industrial world we have been connecting smart devices for decades—network connected remote terminal units (RTUs), programmable logic controllers (PLCs), and human-machine interfaces (HMIs)—are nothing new. What has changed is the depth of integration, its complexity, and the range of devices available. Until recently, most plant data stayed on the plant floor. Any "connectivity" was largely between controllers, input/outputs (I/Os), and operator stations.

What has changed with the IIoT is massive amounts of industrial data can now flow either up into the corporation and "the cloud" or down into increasingly "smart" field devices. Information previously locked into proprietary databases on a plant floor server can now end up accessed by corporate applications around the world.

Perhaps most important, information doesn't have to only flow up from the plant floor to management. It can simultaneously flow in multiple directions from multiple sources to different "data consumers." At one major U.S. automotive parts manufacturer, measurements from field sensors in hydraulic presses are now being combined with feedback from customers to get better understanding of the indicators of premature product failure.

This interconnectivity requires new ways of looking at how the entire company can effectively integrate and use all the data available in our industrial process. And it requires new ways of understanding how our industrial processes can use the data available from other business units and the end customer to create a safer and more reliable product.

"IIoT is the new label for something which has actually been developing for decades: The growing interconnectivity of 'cyber' devices which control physical systems," said Steven C. Venema, chief security architect, Polyverse Group.

Fear of change

The unprecedented scale of information exchange means IIoT is often a transformative process for businesses. Unfortunately, transformations of the workplace often result in deep-seated concerns in staff at all levels. These include macro reasons such as the natural fear of change to delaying factors ranging from the excessive review of possible risk elements to the confusion concerning the actual technologies and protocols to be used.

Consider the daily status meeting, a feature of manufacturing management for over a century. When an IIoT project is deployed, companies find their daily meetings miss huge opportunities to change operations in real time as new information comes in. A meeting format that is more responsive to real time information is often needed. Yet some staff will be reluctant to give up a meeting they have attended for decades.

For an IIoT project to achieve its full benefit, it needs to address these concerns up front. Questions like, "How will this information get routed to the decision-makers? What systems will they use to evaluate it? If something dramatic changes, who gets told? How do we make sure the right people can access the information?" all need answers before the IIoT project is launched. Businesses must strategize with a clear outlook regarding why, what and how their specific organization will implement IIoT technologies.

Not the Field of Dreams

"If you build it, they will come" is not a model for successful IIoT rollouts—but it's a frequent stumbling block for many companies. When creating an IIoT infrastructure, companies gain the most value by creating it with the end in the mind. Prepare with the skillsets needed to securely implement IIoT in existing processes and to effectively interpret the resulting data. IIoT infiltrates the entire company; it's a mentality as much as it is a tool. A company culture must be such that it embraces—rather than resists—such a huge organizational overhaul.

As the foundation of such a strategy, it's often wise to find a platform for alliances. You can enlist the help of organizations which provide the platform for experts to convene on a variety of subjects; these external experts can engage online with your company's team, either for short timeframes of intense discussion or more routinely over a longer timeframe.

Tom O'Malley, founder and chief executive of Convetit, has seen companies struggle to align their visions with their IIoT strategies. "Lots of folks are trying to figure out why," O'Malley said. "What is your business hoping to gain? Why should senior management decide to implement IIoT? Why is IIoT the optimal strategy?"

It's essential to interact with IIoT experts whose successes are relevant to your industry; these experts demonstrate by example, explaining their own pitfalls and triumphs to ensure you make the right decisions and to encourage you toward the types of projects which produce real value.

Above all else, remember IIoT is all about driving business value. It's not just how you're collecting data through interconnectivity; it's why you want to do this in the first place.

Eric J. Byres is a leading expert in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) security. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, Control Engineeringcvavra@cfemedia.com

ONLINE extra

See additional stories from ISSSource about the IIoT linked below.

Learn more about successful IIoT deployments with the technical report "The Industrial Internet of Things: Secrets for Unlocking Business Value in the Digital Future."



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me