IIoT offers benefits, but be prepared to manage the risks
By Taylor EdwardsGeneral Technology Manufacturing cybersecurity IIoT insurance manufacturing security risk
It will open networks to vulnerabilities that must be addressed.
Manufacturers around the world are becoming more aware of the potential the Industrial Internet of Things (IIoT) has to offer. Greater visibility, more efficient data utilization and tighter integration of underlying systems will boost production efficiency while increasing workforce flexibility and product quality.
IIoT is comprised of intelligent physical devices and processes embedded with electronics, software, sensors, actuators and connectivity that connect and exchange data with each other and people over the internet. This involves big data analytics, cloud computing, robotics, and the integration of IT information and operational technologies. Employing IIoT devices promises to change the way manufacturers think about resource allocation, production processes, materials handling and the workforce.
Canadian manufacturers, most of them small, have some catching up to do. The PLANT Manufacturers’ Outlook 2019 survey shows just 7% of respondents are applying IIoT technologies; 32% are not familiar with it; and 31% say it’s not applicable, although they might want to reconsider.
IDC, a global provider of market analysis and advisor services focused on information technology (among other markets) forecasts manufacturers spending the most on IIoT in 2019 ($197 billion). This investment is largely focused on the development of solutions that support manufacturing operations and asset management. Manufacturers that implement IIoT can expect to facilitate the creation of new functions, open new revenue streams and transform business models, driving measurably better outcomes for customers. And Accenture, a global consulting firm, estimates that by 2030, optimized production processes could add trillions of dollars to the global economy.
But along with the benefits are risks to network security. In 2014, a German steel mill was the target of a cyber attack when hackers spear-phished their way into employees’ computers. The attackers took control of an edge device (in this case, the production management software). By hacking into the plant’s control system, they were able to prevent a blast furnace from initiating its security settings for a normal shutdown procedure. This caused the furnace to overheat and melt down, causing extensive damage to the mill. What role did IIoT play? It sent sensitive operational data from an edge device to the cloud, putting the data, the edge device and the mill’s computer network at an increased level of exposure.
Manufacturers that harness the power of IIoT must pay careful attention to cybersecurity. You’ll never prevent all attacks but an in-depth security approach that operates layered defences, rapidly mitigates harm, and fosters resiliency and recovery will serve to manage the risks.
A risk management plan should include the following:
• Separate your network. Operate manufacturing automation devices (IIoT linked devices) from one network and office, front-end client-facing terminals from another. This provides a barrier against intruders gaining access to the manufacturing operations from the more exposed office network.
• Password management. The Verizon 2016 Data Breach Investigations Report found 63% of data breaches occurred as a result of lost, stolen or weak passwords. As potential points of entry to a company’s network, it’s important to maintain strong passwords to any IIoT devices connected to the network, including employee-owned devices. Implementing a robust password management policy and following it is key to a frontline defence. According to the Keeper Security and Ponemon Institute Report, 65% of small businesses with password policies do not enforce them.
• Behind a firewall. The Federal Communications Commission (FCC) recommends all small businesses set up a firewall to provide a barrier between internal data and hackers attempting to gain access. In addition to the standard external firewall, many companies are installing internal firewalls to provide an additional layer of protection. Employers should also consider providing remote employees with firewall software and support for their home networks to ensure consistency and compliance.
• Plan of action. In the event of an attack, having a cyber incident response plan in place is crucial. This plan contains written guides comprised of instructions, procedures and protocols for a response to various kinds of data security incidents.
Use of IIoT devices in manufacturing is inevitable, so begin the implementation process with the presumption that you’re going to experience a cyber intrusion.
It’s not a question of if but when.
Taylor Edwards is a risk advisor, commercial insurance, at Prolink, a Toronto-based national risk management and insurance company. Visit www.prolink.insure. E-mail: TaylorE@prolink.insure.
This article appeared in the March 2019 print issue of PLANT Magazine.