Industrial Internet Now
Subscribe
Contribute
Loading...
×

Securing IIoT systems still a contractual no man’s land

The industrial internet is a continuously evolving and layered infrastructure built on connected machinery – a large proportion of which has not previously been linked to the internet. The fact that these machines can now be accessed online brings new challenges for IoT service providers as well as their clients. Furthermore, questions remain regarding responsibilities, says Pasi Vilja, Chief Information Security Officer at Konecranes.

Last year, a massive distributed denial-of-service (DDoS) attack swept through the globe and nearly disrupted the entire internet. Experts called it the largest attack of its kind in history. Afterwards, close investigation revealed that the assault had been orchestrated completely through IoT devices. A huge number of web cameras were left unprotected, and this offered an easy opportunity for hackers to mount a large-scale attack via the internet.

“This is a great example of the vulnerabilities born out of millions of unprotected devices suddenly being connected to the internet. As the number of internet connected devices continues to grow, new vulnerabilities also arise, bringing forth questions about internet safety which we haven’t faced before,” Vilja says.

The need for shared solutions to these questions is growing increasingly dire as more and more machines – many of which were designed before the advent of the IoT era – are connected into the internet, and operated in ways which couldn’t have been considered at the time they were made.

Implementing security measures in the era of IoT

According to Vilja, security in the context of the industrial internet can be implemented mainly through the same types of practices already used in securing computer networks. Keeping up a proper firewall, requiring identification, and constantly surveying and reacting to problems that arise quickly are important, as is updating software.

“The same principles work in both an ordinary IT context and an IoT environment. On the software level, there isn’t that much of a difference in how the systems can be kept safe in either setting. Still, the industrial context adds a layer of complexity to the equation,” Vilja says.

One of the greatest differences in terms of web security in an industrial context is the machinery’s long lifecycle, which brings forth new questions on service providers’ responsibility to offer their clients updates for extended periods.
“Some machinery in industrial use still run on Windows XP or even NT. For the former, support ended in 2014 – ­ and for the latter, in 2004. How are we going to ensure that systems will be kept secure when some of the machines have lifecycles of 50 years? These are still questions to be discussed,” Vilja says.

Another issue comes up with the variety of machines being connected to the web. Industrial companies might have a combination of old, non-connected machinery which is now being connected to the web, point-to-point connected machines, and newer internet connected machines. When they open all these machines gradually to the internet, questions arise on how to make sure that no gaps are left between the different ways to connect.

Discussions about responsibilities still underway

Who has the ultimate responsibility regarding the IoT solutions in use and keeping them up to date? Is it the service providers? And if so, then how long and how actively do they have to ensure that the security is current? According to Vilja, these questions are still open for discussion, and no concrete best practices have surfaced yet.

“This is very much a discussion still to be had. Service providers must take responsibility to ensure that the services they offer are maintained to protect against new security threats. But only the clients know their full set-up and probably don’t want automatic updates from multiple providers. And how knowledgeable are the clients about the relevant security features or risks? This is still a contractual no man’s land,” Vilja says.

Another concern is that in highly specialized systems that have been tweaked or integrated by clients, the updates could cause interruptions – or even shutdowns –  in their operations. On the other hand, refraining or neglecting to update their systems could also end up leaving their entire systems vulnerable.

According to Vilja, in order to form proper guidelines, open discussion and continuous surveillance are essential. Eventually, the best practices will be formed, and they are likely to follow precedents from the computer market.

Ultimately, the same rules apply to web cameras and smart refrigerators as for industrial sensors – basic security measures go a long way, and they must actually be implemented in order to ensure operational safety.

Pasi Vilja is the Chief Information Security Officer at Konecranes.

Interview w/ Pasi Vilja

Join the conversation!

Your email address will not be published.

Looking for the human-machine touch

Digital technology is fast changing the way vehicles are built, but the pace of change varies according to different manufacturers and production processes. Above all, the importance of human workers has been central to the decision process for new technology – and looks set to remain so in the future.

According to Automotive Logistics, experts who spoke at automotiveIT Forum – Production and Logistics, which took place during the recent Hannover Messe, stressed that digitalization starts on the shop floor. Implementing logistics automation and support technology needs to be done with workers in mind – including their safety and comfort, but also their skills. For instance, Dr. Sabine Pfeiffer, professor of sociology at the University of Hohenheim, noted that the industry tends to focus on university graduates or consultancies, “but if you work with the experience and skills on the shop floor, you will get great results.”

Read more on how to begin disruption at the shop floor level: http://automotivelogistics.media/intelligence/looking-human-machine-touch

Image credit: Zapp2Photo / Shutterstock.com

Via Automotive Logistics

Join the conversation!

Your email address will not be published.

The art of Simply-Complex and IIoT

The essence of the IIoT involves lots of “things” that will need to work harmoniously to be effective. But if the architecture is not designed right at the start, the opportunities afforded by this technology may collapse under the weight of all these many things.

According to Michael Davis, Senior Program Manager, Field Devices, at Schneider Electric, creating “simple” is actually not so simple. In a post on the Industrial Internet Consortium blog, he says that the concept of Simply-Complex is to challenge the architecture of the system and to start with a foundation that is comprised of simple building blocks that can be reconfigured, resequenced, and recycled into more complex structures. The winners in the future of the IIoT will be those who adopt the most elegant solutions.

Read more about simplicity as the foundation of the design: http://blog.iiconsortium.org/2017/04/the-art-of-simply-complex-and-iiot.html

Michael Davis and Matthew Carrar’s White Paper on The Art of Simply-Complex and IIoT can be found here: http://www.schneider-electric.com/en/download/document/9982095_02-20-17A_EN/

Image credit:  Olga Morkotun / Shutterstock.com

Via Industrial Internet Consortium

Join the conversation!

Your email address will not be published.

The Operations Technology (OT) vs. Information Technology (IT) debate turns to better security

While OT managers may see the benefits of IoT-enabled asset monitoring, IT leadership can see IoT connectivity as a security threat. IoT-connected machinery offers uptime rewards at minimal risk but when done wrong, that connectivity into OT systems can pose big threats.

Material Handling Product News has interviewed several security experts on the ways to avoid security vulnerabilities when moving from closed-off OT systems to wireless networks and IoT connectivity.

“Integrating these systems can provide a lot of efficiency and help with goals like uptime, but at the same time, as things become more connected, they become more vulnerable.” says Keith Blodorn, director of program management at ProSoft Technology, which specializes in industrial communications and remote access solutions.

Read more about how companies are solving IoT connectivity data security issues: http://www.mhpn.com/article/the_operations_technology_ot_vs._information_technology_it_debate_turns_to

Image credit: Sergey Nivens / Shutterstock.com

Via Material Handling Product News

Join the conversation!

Your email address will not be published.

Pushing IIoT predictive maintenance forward: two challenges to overcome

Enabled by wireless technology and connected devices, communication between machines and human technicians is fueling a shift from preventative to predictive maintenance. To push IIoT predictive maintenance technologies up the slope of enlightenment and spark mainstream adoption and success, two major challenges must be overcome: the challenge to obtain high quality data from industrial machines, and that to fuse sensor data with maintenance activities.

An article in Reliabilityweb offers solutions ranging from deep learning algorithms to tapping into the intuitive human capacity of sound-based diagnosis.

Read more about ways to overcome IIoT maintenance challenges and combine deep learning and human input: http://reliabilityweb.com/articles/entry/pushing-iiot-predictive-maintenance-forward-two-challenges-to-overcome

Image credit: Zapp2Photo / Shutterstock.com

Via Reliabilityweb

Join the conversation!

Your email address will not be published.