Derive value from IIoT data

Collecting data from the Industrial Internet of Things (IIoT) isn't enough; companies need to know what to do with it. They also need safeguards to ensure that the data they're processing isn't breached.

By Eric J. Byres February 21, 2017

One of the biggest challenges is knowing how to derive value from the onslaught of data gained from adopting the Industrial Internet of Things (IIoT).

While data overload isn’t the goal, it can easily become the byproduct of IIoT, and that can quickly stifle the process’ worth. Too much data is of little use, and can even boomerang negatively by becoming a distraction. Successfully interpreting data and translating it into useful information is a process that takes skill and analytics, but—most importantly—a clearly defined, goal-oriented strategy. The goal with IIoT is not only about collecting data, but knowing exactly what will be done with it. 

Bill Brown of Stanley Black & Decker shared at the 2016 IoT Tech Expo about how a focused IIoT effort improved one of his company’s service programs.

Stanley Black & Decker makes those automated sliding glass doors that you pass through as you go into your local Walmart. Prior to the IIoT deployment, predictive maintenance of the doors proved to be a challenge of "knowing when to roll a truck out, knowing when something needed to be adjusted," Brown said. So Stanley Black & Decker launched an IIoT project to collect information from the doors. "We don’t have to wait for [the doors] to break and for somebody to call us. Now we can just look and see when something is a little out of alignment or one of the motors is getting a little hotter than the others." The result is Stanley Black & Decker has been able to reduce its costs and improve their customer’s satisfaction with the reliability of their product.

Real benefits, real risks

The Stanley Black & Decker case also highlights how IIoT can have complex security implications. Doors are the firewalls of the physical security world—they can control who or what enters or leaves a building. And like firewalls, monitoring their activity and correlating it with other systems (like CCTV video surveillance or inventory tracking) can significantly improve security and reduce losses.

So an IIoT project like the Stanley doors project that was initially designed to improve maintenance responsiveness can be integrated into other business systems in ways unforeseen by the original project team. The ability to easily integrate IIoT information into multiple systems is critical to realize the full potential of IIoT.

The first concern people have is IIoT’s interconnected nature may expose a company’s assets to new and sophisticated external attacks. This is absolutely true—the uncontrolled sharing of IIoT information brings risks. What if poor cyber security lets criminals access the door operations data? Could they use their access to plan crimes (such as knowing when a door is removed for service) or for covering up their crimes (by tampering with the logs)?

Poor security can also inhibit the trustworthiness of the data, resulting in a garbage-in/garbage-out scenario. It doesn’t take a rocket scientist; simple tampering with insecure logs from the plant floor can give a misleading view of what is happening. And poor data management can have far more serious repercussions, including the leak of critical corporate secrets or assets.

Robust security liberates your network and greatly enhances the opportunities derived thereof. Technology is about the tools you choose and implement; security is what enables the process: Think of it as the "how" of the puzzle. As such, it must never be implemented as an afterthought. By bringing security experts to the table, you have the opportunity to expose your thoughts and architectural plans to an exclusive group of experts—but ensure they have been screened and vetted, with signed and legal guarantees of confidentiality. Through the analysis, critique, and guidance of these experts, you attain the confidence that you’ve covered your bases and solved your issues before launching the respective projects.

Build robust security 

The best IIoT systems are those designed with security and robustness in mind. They include elements such as automated failback features, an increased tolerance for short-term failures, and security monitoring within the system operations plan.

Brown of Stanley Black & Decker explained his company’s IIoT deployments couldn’t be cloud centric—they needed to be able to work on premise. "If the Internet connection goes down, your system still needs to function."

Experts such as Steven C. Venema, chief security architect of Polyverse Corp., recommend reviewing the ISA/IEC 62443 standards (formerly known as ISA99) as a preliminary roadmap toward partitioned architectures for the ICS/SCADA domain. "Partition your equipment and systems designs," Venema said, "to allow security components to be updated on a faster cycle than other operational components."

As "the complete security life-cycle program for industrial automation and control systems," ISA/IEC 62443 consists of 11 standards and technical reports, introducing the concepts of zones (groupings of logical or physical assets that share common security requirements based on criticality, consequence, and other such factors; equipment in a zone should share a strong security level capability) and conduits (paths for information flow between zones). ISA/IEC 62443 standards provide requirements based on a company’s assessment of cyberattack risks and vulnerabilities.

In your IIoT security checklist, strategize accordingly so you can ensure and implement the following proactive and protective measures:

  • Design security in from the start. Never leave it as an afterthought.
  • Enlist expert help. Fuse a team of senior management and security specialists who can communicate and work together to design protective strategic measures that work seamlessly with the plant’s (and whatever products or services therein) functionality and features.
  • Compartmentalize IIoT solutions into security zones to prevent the spread of malware throughout the plant. In tandem, integrate security best practices during each phase of the developmental process on the plant floor.
  • Monitor your IIoT system continuously to understand vulnerabilities and manage emerging threats. It essential to detect issues as early as possible.

IIoT shouldn’t be a raw or experimental practice. It must be designed reliably and with evolving security systems that are punctually followed and updated. Otherwise it’s no different than installing a burglar alarm system in your house… and never bothering to turn it on.

As Vimal Kapur, president of Honeywell Process Solutions, said, "IIoT is an evolution… it is moving legacy systems into the new age of technology to take advantage of everything [that] new technology and connectivity have to bring."

Gaining access to information

At its core, IIoT is a strategy toward quicker solutions, grounded on perspective; it is a new way of examining an old problem. We’ve always had the data—test results, analytics, asset management information, and maintenance information—but it’s often been inaccessible, overlooked, or obscured in the operating procedures.

If we can get our security strategy right, we have an opportunity to rethink the way the industry integrates the data buried in the manufacturing process.

The leading businesses of the digital future will be the ones embracing the challenges and opportunities of IIoT, harnessing this competitive advantage to enjoy faster growth and sustainable success.

The adoption of IIoT provides immediate benefits, such as improved reliability and reduced downtime. Simultaneously, it also enables long-term benefits by establishing a platform for continuous development, offering a greater return on investment due to an influx of information quantity and quality.

By creating a forward-thinking company culture, by maintaining corporate focus, and by designing IIoT systems with appropriate security measures, your business can overcome the obstacles and strategically implement IIoT best practices to gain an immense competitive advantage in the digital future.

Eric J. Byres is a leading expert in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) security. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, Control Engineeringcvavra@cfemedia.com

ONLINE extra

Read part one of this two-part series linked below.

See additional stories from ISSSource about the IIoT linked below.

Learn more about successful IIoT deployments with the technical report "The Industrial Internet of Things: Secrets for Unlocking Business Value in the Digital Future."

Original content can be found at www.isssource.com.