GAMS preview: Data security challenges
In preparation for the 2016 GAMS Conference on Sept. 14 in Chicago, CFE Media asked our panelists to discuss some of the key issues facing manufacturing. This is one in a daily series of articles.
The 2016 Global Automation and Manufacturing Summit (GAMS), presented by CFE Media, will bring together experts from all areas of the Industrial Internet of Things (IIoT) to look at not just the current state of IIoT but also at the potential benefits of deployment for the manufacturing industry.
The third GAMS conference takes place Wednesday, Sept. 14, beginning at noon. It is held in conjunction with the Industrial Automation North America (IANA) pavilion at the 2016 International Manufacturing Technology Show at McCormick Place in Chicago. The event is co-presented by Hannover Fairs USA.
In preparation for the 2016 GAMS Conference, CFE Media asked our panelists to discuss some of the key issues facing manufacturing. This is one in a daily series of articles leading up to this year’s conference:
CFE Media: One big issue with Big Data is security. How can we keep data more secure from both deliberate external threats as well as internal threats?
Banda: Here again, the use of standards in PC-based control platforms, along with the history of security expertise from the IT world, serves as guides. There are multiple tools available to IIoT and Industrie 4.0 applications in order to establish data security without requiring the manufacturer to have IT security experts on staff. OPC-UA, for example, provides data encryption and built-in security mechanisms to the vertical communication layer from the plant floor to the cloud. This is a vendor-neutral platform supported by many large automation and controls companies, including Beckhoff Automation. At Beckhoff, we have gone even further by adopting major IoT standards AMQP and MQTT directly into our automation software platform for use in industrial applications. We also utilize standard cloud services such as Microsoft Azure and Amazon Web Services (AWS). In the case of Azure, data security and privacy can be maintained via Azure Active Directory and Azure Application Insights.
LeBeau: The key consideration is in the level of the data. Accessing a database where you can see a sensor reported a temperature of 70 F 60 times a minute for a year is not valuable. Understanding where that sensor is and what equipment it is associated with may have more value.
Although I think there are new network security issues presented with the number of endpoints involved in IIoT, the security challenges are mostly the same ones we have already within the technology industry.
Spada: I believe the security issue is well understood by many practitioners in the industry. The latest thinking of the leading security technologist is that it is effectively impossible or possibly financially impractical to create an absolutely secure facility that is protected from all possible vulnerabilities. Today the strategy is to implement security so that it detects a vulnerability as quickly as possible and limits the exposure to the plant. This being said, best practice is to undergo a security assessment with outside experts to ensure that infrastructure is not exposed to vulnerabilities.
Gruber: There is no single product, technology, or methodology that can fully secure a control system network. It is the very combination of solutions and partners that extend beyond products and technologies. Those combinations of solutions stretch alongside companywide security systems and best practice designs, policies, and procedures taking into account the unique requirements of each customer and industry.
The first consideration for production environments is to recognize the financial impact and priorities in terms of key objectives. Typically, downtime for production facilities is counted in hundreds of thousands to millions of dollars per hour. It is driven by lost production, unused capital assets, personnel costs, energy costs, cost to repair, and other penalties or issues due to production failures. It can include loss of intellectual property and corruption of critical data. If the event is made public, the cost to a company’s value and reputation drastically increase the impact. A clear trend for enterprises with industrial networks is performing reviews of their security systems in place, such as:
- What are the policies and standards that are currently deployed?
- How well are they implemented?
- What issues/problems do we have?
- What requirements apply to our industry?
- Where do we need to be from a security perspective?
- How will we change/improve the situation?