Our webinar session with experts in Industrial Automation, Secure-by-Design Network Architectures, IoT Edge Computing, CyberVision, TrustSec, and Industrial Cybersecurity concluded on Thursday afternoon with great learnings about IT and OT Convergence. Here a brief of our presentation.
The Journey towards an IIoT Strategy
As most of you probably know, the journey to being Industrial IoT ready isn’t yet plug and play.
Organizations have a significant opportunity to get more productivity and less downtime through insightful data, from new or existing plant equipment. Typically though, existing setups don’t allow for the monitoring of availability for assets in the factory or supply chain.
Companies need to be analyzing data to monitor efficiency and help predict things like component failure, which is increasingly essential to avoid costly interruptions to production runs.
Often, Operational Technology (OT) production networks are not only closed to the outside world, but also to other internal OT & IT systems, so they can’t talk to each other when they need to collate the information.
If they do work together, it’s often done in a very vulnerable way. Either the security risk hasn’t been understood, the design is not secure, or individual deployment projects are not structured around wider threats and are confident about a lack of external connectivity.
Whereas in the real world connectivity is everywhere and needed to collect and transmit data. Those companies that have linked up systems insecurely can find themselves paying heavy prices. Cyber attacks and ransomware demands on production facilities are increasingly becoming more common, especially in times of digital acceleration such as what we are currently experiencing due to the COVID-19 pandemic. Therefore, organizations have got to adapt to take this area of security more seriously.
Three areas in which we help organisations to align towards an IIoT strategy are leadership, upskilling and adoption.
Polestar helps industrial organisations and other enterprises to create a Strategic Commissioning Plan, in which we design the program to follow and set the vision towards a secure-by-design, connected, smart factory. This plan set the roadmap to the execution of an IIoT strategy.
Additionally, we work on getting Operational Technology Policies set to boost the creation of IT+OT integrated virtual teams. In this process, we help organisations ask themselves which digital skills they need to thrive on their IIoT and operational strategy.
Finally, Polestar helps define which are the right technologies to build the Digital Foundations the company needs and to create a Loss Prevention Report that help to assess risks and create preventive measures.
Stages of an IIoT Strategy
A comprehensive IIoT strategy must contain 3 main pillars: Acquisition, Transportation, and Analysis. But there are many levels of maturity on the way to that nirvana of connected factories, or Industry 4.0. We have classified these levels or stages as follows:
Basic Stage: Computerisation & Connectivity.
Secure Stage: Integration of OT & IT layers and all departments, namely engineering, production & manufacturing.
Connected Stage: Adding sensors for visibility, leading to a digital model of the factory to show what is happening at any given time - not just in manufacturing cells) - allowing upkeep of the digital model at all time.
Gatherer Stage: Transparency and big data analysis. A primary requirement for predictive maintenance capability.
Smart Stage: Simulation of different future scenarios and identify most likely ones. Allowing accurate decision making and implementation of appropriate measures in good time.
You can better understand these stages following this link. Also, you can undergo a quick assessment to define in which of these stages your company currently is.
Industry 4.0 means different things to different people. To Polestar it is digital transformation for manufacturing companies, or more precisely:
+ Industrial IoT
+ Digital Twins
+ Cyber-Physical Systems
Implementing these through the right framework will translate into adaptability leading to automated actions and automated decision making, eventually without human assistance in order to securely optimise processes in the shortest possible time.
Many companies are just trying to dip a toe in the water with POC's or data analytics, which means leaping the steps of a grounded strategy, which is not good for control and security!
The Evolution of IIoT Systems
The majority of manufacturers are running factories with technology that is up to and sometimes over 30 years old. This makes of getting visibility on their assets a major problem, even if they have the knowledge within the business to make the right decisions about which devices can communicate with each other. Most of the times the approach that is taken is usually to ringfence assets by installing multiple firewalls at zone and cell level.
Another challenge is the exposure of data points from control systems to enterprise systems in order to drive efficiencies. IT departments do not have the time, resources or knowledge to protect the actual systems. Additionally, managing collaboration tools, Office 365, standardisation around cloud-first projects for corporate applications, and cyber-security in the enterprise contribute to the problem for IT teams to stay current and up to date.
The implementation of standards like IEC62443 for OT teams can be effective towards solving these pain points, especially when protecting Industrial Control Systems for Critical National Infrastructure. But for manufacturers, this can be too costly due to the management overhead as they have a very large number of disparate assets in some very large factories.
Most of the time, perimeter protection is therefore installed using firewalls and the OT and Automation teams are left quite literally to their own devices. This does not solve the problem as MOST hacks come through enterprise services and not as IT teams would probably expect: through Industrial Control Systems. This is due to the high number of services that require to be open in an enterprise in order for information workers to do what they need to do.
So what can be done to minimise risk without having to rebuild a Production network from scratch? Perhaps there is a different way of looking at that and dealing with the problem?
Business needs are driving the adoption of cloud technologies much faster, giving the automation and OT teams too many projects. The cloud provides the opportunity to bring IT/OT and Automation teams together.
Cloud platform security can arguably be said to be more secure than any number of perimeter and access firewalls - if implemented correctly.
Transitioning to a hybrid cloud platform will provide transparency and security by design, as you only need to build it once. By routing industrial data through more securely controlled cloud systems, you are reducing the attack surface and the number of data points that are being exposed across the entire enterprise.
However, using some of these new technologies does not come without potential high risk. By not having the means to monitor what is going on at the industrial level and by not having the means to implement the right policies and controls, any manufacturer can end up in a security breach situation, as there are multiple routes into the Production systems from the enterprise and from supply chain vendors.
What we are seeing, particularly with the Covid 19 situation is a lot of customers running 24x7 production schedules with the emphasis firmly on keeping the ‘lights on’. This doesn’t give much headroom to implement new technologies such as secure remote access for support, maintenance and commissioning - quickly.
Our approach is to move the remote access risk to the cloud where it can be carefully managed, and at the factories, build robust and resilient OT networks.
Q&As
Can an SMB (SME) achieve Edge Computing?
Edge computing isn’t much more than data being processed at the edge of a network, to put it simply. This means that the data is processed before it crosses any wide area network (WAN), and therefore is NOT processed in a traditional data centre. For instance, IoT sensors (meaning sensors that measure machines or the productive environment) create data that is processed in edge computing.
It is important to realise that both SMBs and large companies should aim to look for managed service providers (MSP) that can guide them through the set-up of an IoT solution at the edge.
One major barrier for SMBs is skills availability. There are a wide variety of skills needed to delve into edge computing. The team in charge of an edge computing and/or an IIoT strategy needs very much of developer, operations, IT, and project management skills-sets combined with knowledge of the domain/vertical, which is hard to find all in just a few professionals that an SMB can afford.
Nevertheless, SMBs need to know that they shouldn't expect to be themselves experts on IoT or IIoT. Through an expert MSP with IoT-IIoT as a competency, any SMB can succeed at an Edge computing optimisation and an IIoT Strategy. It's their job to focus on their own business and how IoT will propel their business to more success.
MSPs can also support with external portions of your IoT fabric. For instance, Database-as-a-Service (DBaaS) providers can both manage data influx and provide heightened security and larger pipes. Infrastructure-as-a-Service (IaaS) vendors can deploy similar services when it is about networking resources and cloud servers.
If an SMB manages to combine edge computing and network automation it will be able to scale up their operation without adding additional human resources. Edge computing can definitely improve IoT processes of SMBs in the transportation, utilities and manufacturing industries. It can help with processing time-sensitive data more quickly. In other cases, it can simply help businesses maintain certain government compliance regulations.
Edge computing can also help save loads on bandwidth costs, which is of high relevance to SMBs. Distilling or pre-filtering data at the edge rather than uploading all of it to cloud storage repositories will reduce directly bandwidth costs. As the edge is becoming quite intelligent, there is a lot of pre-processing on that data to only extract what is meaningful and send the meaningful stuff up to the cloud.
In the manufacturing vertical we work with two different types of customers: the machine operators and the machine manufacturers. While the machine operators have the flexibility to process the data wherever they want, including small industrial data centres right inside the factory, the machine manufacturers often do not have these options.
Machine manufacturers often sell machines to other manufacturers as a single device that stand inside the factory floor. In this example, the manufacturers that purchase and use these machines do not have dedicated network connectivity to these since that would require additional server equipment to be installed near those machines.
Therefore, the machine operators must integrate any edge compute device right into the machine. That way they can leverage edge compute to pre-process and evaluate the data from all sensors directly on the machine.
This allows machine manufacturers to offer predictive maintenance services as well as remote monitoring & management services which ultimately increase the Overall Equipment Effectiveness (OEE).
Finally, is worth it to highlight that intelligent sensor networks will allow SMBs to maintain supply chain visibility. One of the main pain-points for Manufacturers is that they are looking for end-to-end visibility into their supply chain. SMBs must also go digital in this aspect by tracking and sharing data to become more competitive.
Why hasn't predictive maintenance become a reality yet?
One of the major challenges for companies to achieve predictive maintenance is the difficulty to get data, or the right data out of the machines they operate with. Indeed, most of the times the problem scales up to managers not knowing what are they even monitoring, and which algorithms are needed to optimise processes in the machine.
The right MSP can help large, medium and small businesses to analyse deep data, perform calculations, and define the right strategy to tell managers what matters and what doesn’t, at the same time that they help to securely connect the factory.
How common are Cyber-attacks in the Manufacturing Vertical?
Extremely common, even the most powerful companies in the globe are vulnerable to debilitating cyber-threats. Many existing manufacturing systems were created when security was not a big issue. Also, the emphasis of operational technology for manufacturing has usually been on performance and safety, not in security. This has caused major security gaps to exist in production systems.
How well secured your system is depends largely on how the OT networks are being managed. For instance, when connecting Apps it is common to find that vendors usually let a security gap into the networks.
According to MAPI, at least 40% of manufacturing enterprises suffered from a cyber-attack during the last year. Out of these, 38% loss more than $1M USD in damages. Deloitte Research found that most of these threats were coming from internal employees through phishing (phishing facilitates the process by deceiving employees into revealing credentials and confidential information), direct abuse of IT systems, errors and omissions and use of mobile devices.
However, types of cyber-attacks in manufacturing also include hackers obtaining access to systems and data.
Malware is another kind of attack, increasingly widespread in manufacturing. Today, thanks to IIoT, more industrial systems are connected to the internet. Malware infiltrates not secure systems (often legacy systems) and spreads into the whole organization. Additionally, Malware can spend up to 300 days inside of a system before being spotted.
Internal threats can be just as damaging. In manufacturing, there are countless incidents of insiders stealing a company’s confidential information for personal interests.
Results from these attacks can range from financial (including the disruption of production) and reputational damage, particularly in cases where sensitive customer data is compromised, to the loss of innovative ideas hence market advantage.
This is why IoT leaders such as Cisco rely heavily on MSPs to ensure that their customer's are protected. Is not only a matter of applying technology to solve the issues, is a matter of knowing how to apply it.