Putting the focus on IIoT security
There are ways for companies to get an Industrial Internet of Things (IIoT) project initiated while overcoming security challenges, but that requires a culture change and a different mindset, says Eric Byres.
The Industrial Internet of Things (IIoT) has been a major topic over the past year. You can’t go to a trade show or read an industry magazine without getting overwhelmed with new IIoT products or services that promise to completely revolutionise your business.
But what exactly is the IIoT? Can it really help your company? And will it expose your plant floor to new security risks?
If you can’t answer those questions, you are not alone. Most business executives don’t understand the IIoT either. Many don’t understand what it can (or can’t) do for their company. And even fewer have a plan detailing how they could deploy IIoT effectively. According to a 2015 Accenture survey, only 36% of 1,400 business leaders admitted their senior managers have fully grasped the implications of IIoT. Added to that, only 7% had developed a comprehensive strategy for IIoT with matching investments.
There are enough real-world IIoT deployments happening that allow the careful engineer to separate hype from reality. Companies that have successfully rolled out IIoT projects have discovered it really does have the potential to unlock tremendous value in their manufacturing chain.
Like all new technologies, IIoT is not without its challenges. According to a survey of IIoT experts conducted by Convetit, a company that organises on-line advisory boards and think tanks for Fortune 500 companies, the top four challenges of IIoT are:
• The interoperability of different silos and systems
• The resistance to organisational change
• Problems implementing IIoT into existing processes, and
• Increased security risks.
Manage any of these poorly and an IIoT project can hinder rather than help a company.
For every IIoT success story, there also have been some very difficult and failed IIoT projects. Good or bad, the same issues and solutions show up again and again. There are ways, however, to get an IIoT project focused while overcoming the security challenges facing IIoT implementations.
The Internet of Things (IoT), a term first coined in 1999, defines our era of connected devices. It has most recently been characterised by the explosive rate of the interconnectivity between intelligent objects that are “network-connected” in order to enable information sharing. It isn’t a revolutionary concept in and of itself – most people have been interacting for years with some of the most useful, disruptive, and life-altering connected devices, such as the smartphone. Other popular examples of IoT
It isn’t a revolutionary concept in and of itself – most people have been interacting for years with some of the most useful, disruptive, and life-altering connected devices, such as the smartphone. Other popular examples of IoT consumer related goods include home light/ temperature controls and wearable biometric devices.
In the industrial world we have been connecting smart devices for decades – network connected remote terminal units (RTUs), programmable logic controllers (PLCs), and human machine interfaces (HMIs) – are nothing new. What has changed is the depth of integration, its complexity, and the range of devices available. Until recently, most plant data stayed on the plant floor. Any connectivity was largely between controllers, input/outputs (I/Os), and operator stations.
What has changed with the IIoT is massive amounts of industrial data now can flow either up into the corporation and the cloud or down into increasingly smart field devices. Information previously locked into proprietary databases on a plant floor server now can end up accessed by corporate applications around the world.
Perhaps most important, information doesn’t have to only flow up from the plant floor to management. It can simultaneously flow in multiple directions from multiple sources to different “data consumers.” At one major U.S. automotive parts manufacturer, measurements from field sensors in hydraulic presses now are being combined with feedback from customers to get a better understanding of the indicators of premature product failure.
This interconnectivity requires new ways of looking at how the entire company can effectively integrate and use all the data available in our industrial process. And it requires new ways of understanding how our industrial processes can use the data available from other business units and the end customer to create a safer and more reliable product.
“IIoT is the new label for something which has actually been developing for decades: The growing interconnectivity of ‘cyber’ devices which control physical systems,” said Steven C. Venema, chief security architect at Polyverse Group.
Fear of change
The unprecedented scale of information exchange means IIoT is often a transformative process for businesses. Unfortunately, transformations of the workplace often result in deep-seated concerns in staff at all levels. These include macro reasons such as the natural fear of change to delaying factors ranging from the excessive review of possible risk elements to the confusion concerning the actual technologies and protocols to be used.
Consider the daily status meeting, a feature of manufacturing management for over a century. When an IIoT project is deployed, companies find their daily meetings miss huge opportunities to change operations in real time as new information comes in. A meeting format that is more responsive to real time information is often needed. Yet some staff will be reluctant to give up a meeting they have attended for decades.
For an IIoT project to achieve its full benefit, it needs to address these concerns up front. Questions like, “How will this information get routed to the decision-makers? What systems will they use to evaluate it? If something dramatic changes, who gets told? And how do we make sure the right people can access the information?” all need answers before the IIoT project is launched. Businesses must strategise with a clear outlook regarding why, what and how their specific organisation will implement IIoT technologies.
Not the Field of Dreams
“If you build it, they will come” is not a model for successful IIoT rollouts – but it’s a frequent stumbling block for many companies. When creating an IIoT infrastructure, companies gain the most value by creating it with the end in the mind. So they should prepare for it with the skillsets needed to securely implement IIoT in existing processes and to effectively interpret the resulting data. IIoT infiltrates the entire company; it’s a mentality as much as it is a tool. A company culture must be such that it embraces – rather than resists – such a huge organisational overhaul.
As the foundation of such a strategy, it’s often wise to find a platform for alliances. Enlisting the help of organisations that provide the platform for experts to convene on a variety of subjects is a good idea. These external experts can engage online with your company’s team, either for short timeframes of intense discussion or more routinely over a longer timeframe.
Tom O’Malley, founder and chief executive of Convetit, has seen companies struggle to align their visions with their IIoT strategies. “Lots of folks are trying to figure out why,” said O’Malley. “What is your business hoping to gain? Why should senior management decide to implement IIoT? Why is IIoT the optimal strategy?”
It’s essential to interact with IIoT experts whose successes are relevant to your industry. These experts demonstrate by example, explaining their own pitfalls and triumphs to help you make the right decisions and steer you toward the types of projects which produce real value.
Above all else, remember IIoT is all about driving business value. It’s not just how you’re collecting data through interconnectivity; it’s why you want to do this in the first place.
Eric J. Byres is a leading expert in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) security.
Source: Control Engineering Europe - All Articles