As They Seek to Profit from Data, Manufacturers Must Deal with Heightened Security Risk
Competition in the digital era is requiring industrial companies to integrate valuable production data with corporate IT networks. But the task does not come easy.
Manufacturers seeking to stay competitive in their respective industries are increasingly turning to the internet of things and other smart factory technologies in order to boost productivity and cut production costs.
They are using IoT to help them integrate their operational technology, or OT, networks–which monitor and control a range of equipment, devices and processes–with the company’s core IT computer networks.
With thousands, even tens of thousands of IoT sensors sending information to the corporate data center or to the cloud, companies believe they can extract valuable insights to improve business operations by analyzing the data. And by connecting their OT networks to the more open, standardized IT network, companies also can more easily share data with managers, engineers and other staffers who need it.
Companies Face Challenge of Bridging Two Worlds.
But while convergence of IT and OT networks forms a critical piece of the smart factory and has become a major trend among industrial companies undertaking digital transformation, it has proved challenging to implement.
Without IoT, OT already collects a lot of data. But OT networks usually run on older, proprietary technology as compared with IT networks. It monitors and controls a range of plant equipment and devices, gathering such data as machine pressure, temperature and production line performance. But the OT network often doesn’t use standard communication protocols.
Furthermore, OT and IT engineers and technicians come from different worlds, operate on different technology renewal cycles and sometimes don’t even work for the same company. Equipment suppliers or contractors often manage the OT devices remotely, but work for their own companies.
Cybersecurity Risks Grow as OT Converges with IT
But perhaps the most pressing concern around IT-OT integration is how to deal with increased cyber-security risks that connecting OT networks to more open, standardized IT networks pose.
The closed, proprietary nature of OT networks in the past also helped keep security risks low from malware and hackers stealing the data. While OT networks were designed with little security, their main protection against data breaches and other attacks was that the networks were physically separate, or “air gapped,” from other OT equipment or networks and from the corporate IT network itself.
This low-risk profile could not last in the digital age, however, and for the past several years, even before the current drive toward convergence of OT and IT networks, vital OT data has been vulnerable to attack. Hackers and other malicious actors have used various means to compromise company OT networks. That includes inserting viruses or other malware via USB devices plugged into the equipment to load data for transfer or to update software. Malware also has been introduced to OT equipment and devices directly by rogue employees, contractors or vendors in factories where physical ID systems are lax.
Security Fixes Must Not Incur Downtime
Connecting the production OT and corporate IT networks greatly increases a company’s cyber-security risks. At the same time, differences in the technologies and functions of the two types of networks has made responding to the security threats more challenging, in many ways, than safeguarding an IT network alone.
Given the proprietary technology used on a lot of OT networks, employing standard security fixes, used for IT networks, often won’t work.
And because the technologies used by IT and OT networks usually are different, it also makes it more difficult for a company to assess the size of the attack surface, or the total exposure to cyber attacks the company faces. Being able to map the attack surface is vital in order for a company to devise security measures to protect its networks.
Even installing security patches or anti-virus software to OT network or device operating systems is often impossible because it requires downtime for the equipment. That could stop a production line in its tracks or shut down mission-critical equipment, which companies would likely not allow.
These are just a few of the challenges that plant managers face as they seek to prepare for growing cybersecurity risks. What steps should they take to stay on top of these potential problems?
How Can Manufacturers Build Secure Networks?
A unified or “grand design,” as ICT technology supplier Fujitsu puts it, to securely connecting the IT and OT networks is necessary. The infrastructure should be designed to support an open architecture, not be bound to a particular technology, the vendor said.
Fujitsu Thailand first focuses on assessing each client’s business needs and security weaknesses before moving to develop this grand design and creating solutions. “Each customer has its own way of approaching the grand design, and Fujitsu will help them to find it through collaboration and partnership.”
Fujitsu designed the integration of the IT and OT networks for FINET（Fujitsu I-Network Systems Limited, a Japanese network equipment manufacturer. The company is using IoT to introduce smart factory technologies at its Yamanashi plant in Japan.
According to Fujitsu, based on its grand design, “boundary firewalls” will enable FINET to securely separate and connect its OT and IT networks. And a SDN (software defined network) controller will let FINET visualize the status of the network to quickly identify when an abnormality occurs.
Experts say that companies can accurately assess the attack surface they would face upon integrating their IT and OT networks by using a four-step process of discovery, modeling, analytics and visualization of the network assets, vulnerabilities and threats. They could then build adequate security safeguards to defend the system.
Other experts recommend identifying and authenticating all OT devices and equipment, both in the plant and in the field, that will be part of the OT network to be converged with the corporate IT network. The company should allow only approved devices to communicate with other devices. And, if possible, the system should encrypt all communication between IT and OT devices to ensure privacy and integrity of the data.
Of course, plugging all of the security holes that could arise when a company connects its OT network to its IT network is easier said than done. But what seems increasingly clear is that companies that fail to tackle these security challenges and make full use of their production data will find themselves falling further and further behind their competitors.