As early as 2001, after 9/11, there was a major focus on developing cyber security to prevent attacks on infrastructure such as water plants, power plants, dams and critical manufacturing facilities. At Optimation we began to look at networks, connections to the internet and vulnerabilities. Since that time, the world is becoming increasingly connected. There is huge power in this connectivity. The power that comes from the Industrial Internet of Things, Industry 4.0, (IIoT) is based on connectivity. At the same time as more connectivity provides more power, the manufacturing industry along with all users of connected systems are facing increased risk from cyber-attacks. The only perfect protection from cyber-attacks is total isolation. But isolation is not an option, so more sophisticated alternatives are necessary. Each increased level of connectivity provides increased risk along with increased operational power.
Even though we have known about the threat for nearly two decades, it appears that it hasn’t been taken as seriously as it should have been. A recent survey made by Tripwire, an IT security company, found that ninety-six percent of IT security professionals expect increasing attacks and more than half do not feel prepared to protect against the attacks when they come. In spite of this, the overwhelming majority expect use of IIoT to increase, and along with it, the risk and the vulnerability. Since many of the attacks will come against critical infrastructure, the stakes are high. Past hacks have often been based on data compromise only. But this could change. In industrial applications such as power, water and gas, delivery and supplies can be corrupted or cut off. Safety systems could be vulnerable and at risk. Lives could be lost.
For decades, data systems have been an important part of industrial operations. More connectivity provided more power and greater ease of use. With continuously improving wireless technologies, networks now have more access to more data than ever. This data helps improve operations, implement analytics, IA, logistics and improves operational decisions. But connectivity opens opportunity for breaches. At some point, security will need to be a limiting factor on how much IIoT is deployed. The traditional trade-off is easy to use vs. security. It is not possible to have all of one and all of the other. Of course, with increased security technology a great deal of operational ease can be achieved. But knowledgeable and talented hackers will also gain more skills and find ways to breach the new, more sophisticated, systems.
Most companies have firewalls to protect their networks. The firewall can provide great protection from threats when the firewall is a single gateway to the outside world. IIoT networks, especially those associated with infrastructure systems. can be spread over large geographic areas and can include thousands, or tens of thousands of data points, as well as many access points. Many of them are built on obsolete, proprietary operating systems which are not continually updated to protect against new threats in the same way Microsoft updates Windows as new threats evolve. These are much larger opportunities for compromise.
Manufacturing, industrial systems and infrastructure facilities provide large security challenges. The risk is not static; there is always opportunity for breach. The owners and operators should look for tools and techniques to provide security as well as ways to limit losses should the system be compromised.