IoT in Manufacturing Hurdle #2: New Security Challenges

Posted by Mark Davidson on Wed, Jul 09, 2014 @ 10:00 AM

network manufacturing connectionIn the first LNS Research blog article on this topic, we discussed the huge potential for billions of interconnected devices, along with summarizing some of the key investments, movers and shakers, and activities that are occurring surrounding the Internet of Things (IoT) for the manufacturing industries. We also explored the first of three big hurdles that we see as slowing down adoption – the need for more interoperability standards between IoT and existing manufacturing and IT industry standards.

In this post, we will discuss the second big hurdle that we consistently hear about from manufacturers and suppliers alike: Properly addressing new security issues associated with the IoT.

We’re Smarter About Internet Technologies and Security – Right?

The manufacturing industries are hardly on our "first rodeo" in regards to how to properly address many of the security issues surrounding the use of Ethernet networks and IP-based protocols in manufacturing networks and applications. I’ve personally worked on Ethernet based automation systems starting in the 1980’s and since then, multiple industrial network protocols have evolved to run over standard Internet Protocol (IP) and UDP communications stacks – Modbus TCP/IP, PROFINET, EtherNet/IP CIP, FOUNDATION HSE, etc. Communications between controllers/PLCs and workstation/server applications have evolved from slow serial ports to using high speed Ethernet networks that commonly run the aforementioned protocols and OPC/OPC UA.

Manufacturing Operations Management (MOM) applications like MES (Manufacturing Execution Systems), EMI (Enterprise Manufacturing Intelligence), APM (Asset Performance Management) and others are all typically networked via standard Ethernet networks to automation systems and enterprise business systems for information integration purposes.

All of this pervasive Ethernet/IP networking has resulted in many best practices that have been established for different security aspects such as network and virtual LAN segmentation, firewalls and selective port openings, user and application authentication, intrusion detection, anti-virus, malware, security patching, and application software roles and privileges.

All of the major automation and information suppliers such as ABB, Emerson, GE, Honeywell, Rockwell Automation, Schneider Electric, Siemens, and Yokogawa have established security services practices to assist clients with these types of best practices. Since Microsoft is a key technology provider to this industry, it continues to contribute its security expertise to the cause.

Reference architectures are available from equipment and software vendors with good examples on the Industrial IP Advantage website (Cisco, Rockwell Automation, Panduit). Also, an independent industrial security reference website that is consistently providing the latest information is the Industrial Safety and Security Source (ISS Source).

IoT Presents New Security Challenges

So what are some of the new security challenges that get presented with billions of new smart devices being interconnected in the world of the IoT? To start with, smart industrial devices run much smaller footprints of computing power and operating systems. They may be installed once and the software in them may never be updated or patched. This presents new technical challenges, as the devices will need to be highly secure by design and impervious to virus or denial of service attacks.

If IoT devices are to meet their full intelligence potential, then they will have the ability to be self-communicating between each other as well as with other computing devices, controllers, and software applications. It sounds good that anything can communicate to anything or anyone on an "as-needed" basis, but the reality is that this needs to be properly managed for practical and security reasons.

IoT devices may or may not participate in larger/centralized security domains (e.g. Active Directory) in order to operate; therefore, the concept of multiple distributed security domains will likely emerge for groupings of IoT devices, and be another new security management consideration.

IoT networks may or may not converge with automation networks, so there is the opportunity for network segmentation and separate communications with larger and smarter "edge" computing devices, but ultimately these edge IoT data concentrators will need to be securely networked with the rest of the automation and information system architectures.

And IoT devices will need to intercommunicate with existing controllers, automation and manufacturing information networks, and applications. Therefore, existing security policies and approaches will need to be adapted to embrace these new IoT security challenges.

How Are These New Challenges Being Addressed?

There is clearly more work to be done. However, these new IoT security challenges are not unsurmountable and they are not being ignored by the market makers. A great example is Cisco’s Security Grand Challenge, which is openly soliciting technical solutions to a number of these IoT security challenges with the enticement of prizes, matching investments, and intellectual property protection. Here are some quotes from the Cisco Security Grand Challenge website:

  • “The Cisco Security Grand Challenge is a global, industry-wide initiative to bring the security community together to address securing the Internet of Things (IoT).”
  • “With IoT as a significant part of a larger Internet of Everything (IoE) that brings together connected devices with people, process and data, it’s even more imperative that we ensure the things we connect are secure.”
  • “Specific focus areas for the Cisco Security Grand Challenge include malware defense, security credential management, and privacy protection.”

The technical submission deadline for this challenge is July 1, 2014 and Cisco intends to make the results public this fall. We are encouraged by this activity, and we will continue to learn and share other IoT security advancements.

What Do You Think About Manufacturing IoT Security?

So, what else is going on in the world of manufacturing IoT security? Let us know what else of significance is going on in this regard as well as how you see the impacts of these unfolding in the future.

In the next related blog article, we’ll tackle the third big hurdle that we see that is slowing manufacturing IoT adoption and success – the increased costs to add intelligent devices and equipment and the ROI of manufacturing IoT applications. Our goal is to see all of these challenges addressed as quickly as practically possible, so the manufacturing industries can continue to accelerate their business success by leveraging these exciting new technologies.

manufacturing ops guide

Tags: MOM, Internet of Things, MES