Ars yesterday wrote a great feature on the concept of “Industry 4.0,” a catchy name that describes the ongoing change in how products are created from raw materials and distributed along the supply chain to consumers.
What the revision “4.0” adds compared to Industries 1.0 through 3.0 is a complex set of links between information and service technologies. (IT stores, transmits, and manipulates data, while “OT” detects and causes changes in physical processes, such as machines for manufacturing or climate control.)
It is a modular and flexible approach to manufacturing that creates digital links between “smart factories” powered by the Internet of Things, big data, and machine learning. And that’s almost enough CEO Fancy words to make bingo. At least in this case, buzzwords are not only important but meaningless concepts. Similar to how the rise of devops welded programming with operations, making the process smarter by really eating all those buzzwords. in causing fundamental changes in how we do things.
Instead of moving information and goods down the supply chain line and depend traditional iterative processes for catching mistakes and fixing things, “Industry 4.0” broadly means the network implementation of smart, autonomous technologies that enable organizations to predict and take rapid actions (physical or otherwise) on supply and questions. All of these actions are recognized in real time and aided by artificial intelligence (or at least “artificial intelligence” in fan jargon—think less Skynet and more like IBM’s Watson). It is a digital offering networkit’s not an old school supply chain.
There is a catch to all this coolness, however, when it comes to keeping “4.0” secure: the more touch points between different intelligence platforms in a supply network, the more traps for bad actors to enter the system. the. These actors can steal and manipulate the data and physical processes they drive (or, to speak of the public favorite wonderful worker, “The more they think about watering, the easier it is to stop the delay”). The larger the digital supply network, the greater the potential damage.
Explosion of sensors
According to John Spooner, senior IoT analyst at 451 Research in Boston, the basic security principles underlying “Industry 4.0” are designed roughly the same as the security principles around any set of connected devices. However, the geometric increase of complexity from a supply chain to a digital supply network requires multi-responsive and complex solutions that can track the addition of new components and monitor their behavior faster than human operators can.
When information technology and operational technology are woven into a complex network, he explained Ars, “What happens in one hand does not know what the other does.” By way of example, Spooner cited the 2017 cut a casino fish tank that has sensors connected to a PC; The interloper hacked the sensors of the fish tank (OT) and gained access to the casino data (IT). A breach in the operational side of things leads to an immediate bridge into the IT side.
“When we go out and talk to customers in IT and OT, their highest concern is security, and it is thought about all companies,” said Spooner. He continued: “I think everyone is afraid that the IIoT (Industrial Internet of Things) creates such a ginormous network of devices, the threat is increasing geometrically.”
“It’s a digital offering networkit’s not an old school supply chain.”
Every connected sensor on every connected device represents not only the data it gathers to help your productivity: it also represents a potential entry point for black hats into the privacy of your business. Accurately covering and monitoring a threat surface beyond what humans can comfortably handle calls for artificial intelligence to provide support to the security team.
“The program must be under constant review,” Spooner said. “Maximum, there are thousands of devices on the digital supply networks of the world’s highest manufacturing industry, and each tool they have online is an endpoint with multiple sensors.”
The first line of defense for smart factories, therefore, is using AI to monitor the behavior of devices from the moment those devices join the network. “The security solution knows why the device exists and what it should do,” Spooner said. “If you deviate from that behavior, you are isolated. And the devices and their behavior are under constant review.”
For a global manufacturing company the size of General Motors, that’s thousands of connected devices.
On top of behavioral monitoring, the best enterprise IoT security systems use network access controls. These restricted classes of sensors to be able to access specific parts of a network that need to measure and report the things they are supposed to measure and report. The best solutions include yet another level of authentication, Spooner explained: compliance devices with gateways and endpoints that identify and track a specific sensor as it is on the network.
How ABB manages things
Satish Gannu is an information security officer at ABB, a Zurich-based multinational company focused on robotics, power, heavy electronics, and automation technology. Gannu has been on the front lines of security for smart factories and has practical experience in dealing with the security relationship between IT and OT. His role as CISO extends over IT and OT security.
“Historically, OT networks have been neglected,” Gannu said. “IT and OT checks and balances are not in place. The IT world is on the front line on security, and it can build OT teams.”
“If you want to understand threats, it’s always about ingress and egress.”
In a recent blog post on the subject, Gannu wrote, “As someone who has experience on both sides of the IT/OT equation, I have seen how companies can use hard-earned, combative lessons – long for IT to jump to the advanced state of IIoT security-built and deployed to meet the different OT requirements If one thinks of OT systems as another form of data center — a secure and secure foundation of the building -IT service — some promising ideas that can be adapted from decades of IT experience to provide new levels of IIoT Security while respecting the specific needs of OT. “
“The way I look,” Gannu said, “if you want to understand threats, it’s always about ingress and egress, whether it’s physical security or cybersecurity.” While its presence is not the former, it encompasses all aspects of the latter.
And when it comes to cybersecurity ingress and egress at ABB, everything has to pass through a DMZ that protects both IT and OT. For cloud access, ABB uses hard-edge computing. “From an edge perspective, we’ve built cybersecurity from the ground up,” Gannu said. “The ear does not receive any incoming information at all – it is not exposed to the DMZ in any way.”
Horse and barn door
For Gannu, like Spooner, the key change in “Industry 4.0” cybersecurity lies in creating an infrastructure that subjects IT and OT to the same rigorous standards. This is a difficult path to walk, though, because the best way to do it is to make sure that integrated security is designed into your systems from the beginning—and it’s often impossible to achieve when you’re smart— installing existing production lines.
It is tempting to either skimp on implementation or simply ignore some aspects of security. That’s because security can have significant costs (both operational and capital) and doesn’t yield immediately obvious benefits.
Yet crimes and intrusions are happening—and the pace at which they’re happening is starting to accelerate. Companies face a choice: if they want to reap the benefits of intelligent manufacturing and AI supply chains, they need to either have the ability to secure supply chains that are appropriate, or they need to accept the fact that they will almost certainly, at some point. , suffered through the distraction of a security incident. (And after a breach, they’re going to be forced to take some security measures, so removing that enforcement really doesn’t save anything or help anyone.) It becomes a question of when they want to fix the mouth- barn road: now, when there is one price, or after the horse runs, when there is a much higher price.