How machine builders can prepare for the IIoT

Ensure privacy, authenticity and data integrity to securely harness the power of data.

By Dr. Anthony Skjellum, Carlos Lemus and Janice Cañedo, Auburn University, Cyber Research Center

1 of 3 < 1 | 2 | 3 View on one page

Industrial control systems have expanded from simple analog 4-20 mA communication schemes that allow one-to-one connections to advanced digital protocols such as Fieldbus. These technological advancements have resulted in faster communication times and reduction of non-recurring engineering costs, according to “Introduction to Fieldbus,” a 2006 white paper written by Moore Industries.

Today, the Internet of Things (IoT) presents an abundance of new opportunities to make these systems even faster and more reliable. As Industrial IoT (IIoT) devices become more accessible and innovative, it is important to further understand how the technology impacts and benefits current industrial systems.

The IoT is a phenomenon in which reduced hardware and software costs enable the embedding of Internet-connected computers on everyday objects—“things.” These computers provide insights into the physical world such as room occupancy, water flow through a pipe, or power outages in a city, similar in many ways to industrial control systems.

What makes the IoT truly outstanding, however, is that this data can be communicated to any data processing center in the world. The power of cloud computing is thus made available to local control systems, which means more complex data aggregation, pattern detection and diagnoses can be performed.

Technology benefits

One example of the power of the IoT is found in Siemens’ Electronic Works factory in Amberg, Germany. The factory uses Siemens’ own Digital Enterprise Software Suite (DESS) to produce programmable logic controllers (PLCs) at an impressive rate of one per second with 99% reliability and 100% defect traceability, according to “The Dawn of the Smart Factory,” a 2013 article in IndustryWeek. Despite the impressive statistics, however, that has not always been the case—and definitely not before the emergence of the IoT.

When first established in 1989, the factory recorded a defect rate of 500 defects per million; today it records a minuscule 12 defects per million while producing seven times as many products, according to “Defects: A Vanishing Species?” on Siemens website. This is despite having a relatively unchanged amount of workspace or number of employees. The real change lies in how software is used. Modern software frameworks such as the DESS combine smart-device communication, Internet connection to external production systems and traditional automation techniques to deliver such monumental results.

The data generated by machinery should be acquired from redundant sources and backed up regularly to help ensure integrity.

This increase in industrial productivity is because IoT is often referred to as Industry 4.0 or the Industrial Internet, according to “Design Principles for Industrie 4.0 Scenarios: A Literature Review,” a 2015 working paper written by Mario Hermann, Tobias Pentek and Boris Otto of Technische Universitat Dortmund in Germany. It is expected to bear similar historical weight as the invention of mechanical machinery or the use of electronics to control industrial processes.

The upgrade to these cutting-edge operational standards, however, will not only be measured in currency, but also in overcoming roadblocks since machine builders will now have to go beyond guaranteeing performance and reliability in their products; they will also need to provide assurance of privacy, authenticity and integrity.

Technology impact on privacy

In isolated control systems, privacy is measured in terms of the access granted to the control servers, according to “Data security guidance,” a 2015 paper on Ireland’s Data Protection Commissioner website. Generally, a high user level such as operator or engineer is required to gain access to the process data and control mechanisms.

Since the focus of machine builders is currently on the quality and reliability of their products, the level of protection provided by server applications is often overlooked. Nevertheless, this will gradually change as the intelligence of industrial systems—and thus their security—becomes more decentralized. Field devices and composite machines will begin to have increasingly more authority on the data that they produce. As such, machine builders must now have their products protect this data to ensure its privacy.

Technology impact on authenticity

To achieve data protection at the device level, there must be some way of authenticating the user who is requesting the data. There are two ways of doing this. First, each device should know at the time of installation or update which users can be trusted. The device should then only provide the data to those specific users in an encrypted fashion. The initial trust by reference provides the device with partial trust for users in the system. Encryption adds an additional layer of protection as the data moves about the network.

Also read: Cybersecurity: Who can hack it?

Second, there must be a commissioning process to integrate the device into its industrial ecosystem and to establish its trustworthiness—that is, to ensure that it is not an illegitimate device which may contain malicious software. This provides the control network with trust on the field device. These trust requirements provide the foundation for secure authentication for smart industrial systems.

1 of 3 < 1 | 2 | 3 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments