LNS Research provides executives a platform for accessing unbiased research and benchmark data to improve business performance
The LNS Research Blog provides an informal environment for analysts to share thoughts and insights directly with our community on a range of technology and business topics
In the first LNS Research blog article on this topic, we discussed the huge potential for billions of interconnected devices, along with summarizing some of the key investments, movers and shakers, and activities that are occurring surrounding the Internet of Things (IoT) for the manufacturing industries. We also explored the first of three big hurdles that we see as slowing down adoption – the need for more interoperability standards between IoT and existing manufacturing and IT industry standards.
In this post, we will discuss the second big hurdle that we consistently hear about from manufacturers and suppliers alike: Properly addressing new security issues associated with the IoT.
The manufacturing industries are hardly on our "first rodeo" in regards to how to properly address many of the security issues surrounding the use of Ethernet networks and IP-based protocols in manufacturing networks and applications. I’ve personally worked on Ethernet based automation systems starting in the 1980’s and since then, multiple industrial network protocols have evolved to run over standard Internet Protocol (IP) and UDP communications stacks – Modbus TCP/IP, PROFINET, EtherNet/IP CIP, FOUNDATION HSE, etc. Communications between controllers/PLCs and workstation/server applications have evolved from slow serial ports to using high speed Ethernet networks that commonly run the aforementioned protocols and OPC/OPC UA.
Manufacturing Operations Management (MOM) applications like MES (Manufacturing Execution Systems), EMI (Enterprise Manufacturing Intelligence), APM (Asset Performance Management) and others are all typically networked via standard Ethernet networks to automation systems and enterprise business systems for information integration purposes.
All of this pervasive Ethernet/IP networking has resulted in many best practices that have been established for different security aspects such as network and virtual LAN segmentation, firewalls and selective port openings, user and application authentication, intrusion detection, anti-virus, malware, security patching, and application software roles and privileges.
All of the major automation and information suppliers such as ABB, Emerson, GE, Honeywell, Rockwell Automation, Schneider Electric, Siemens, and Yokogawa have established security services practices to assist clients with these types of best practices. Since Microsoft is a key technology provider to this industry, it continues to contribute its security expertise to the cause.
Reference architectures are available from equipment and software vendors with good examples on the Industrial IP Advantage website (Cisco, Rockwell Automation, Panduit). Also, an independent industrial security reference website that is consistently providing the latest information is the Industrial Safety and Security Source (ISS Source).
So what are some of the new security challenges that get presented with billions of new smart devices being interconnected in the world of the IoT? To start with, smart industrial devices run much smaller footprints of computing power and operating systems. They may be installed once and the software in them may never be updated or patched. This presents new technical challenges, as the devices will need to be highly secure by design and impervious to virus or denial of service attacks.
If IoT devices are to meet their full intelligence potential, then they will have the ability to be self-communicating between each other as well as with other computing devices, controllers, and software applications. It sounds good that anything can communicate to anything or anyone on an "as-needed" basis, but the reality is that this needs to be properly managed for practical and security reasons.
IoT devices may or may not participate in larger/centralized security domains (e.g. Active Directory) in order to operate; therefore, the concept of multiple distributed security domains will likely emerge for groupings of IoT devices, and be another new security management consideration.
IoT networks may or may not converge with automation networks, so there is the opportunity for network segmentation and separate communications with larger and smarter "edge" computing devices, but ultimately these edge IoT data concentrators will need to be securely networked with the rest of the automation and information system architectures.
And IoT devices will need to intercommunicate with existing controllers, automation and manufacturing information networks, and applications. Therefore, existing security policies and approaches will need to be adapted to embrace these new IoT security challenges.
There is clearly more work to be done. However, these new IoT security challenges are not unsurmountable and they are not being ignored by the market makers. A great example is Cisco’s Security Grand Challenge, which is openly soliciting technical solutions to a number of these IoT security challenges with the enticement of prizes, matching investments, and intellectual property protection. Here are some quotes from the Cisco Security Grand Challenge website:
The technical submission deadline for this challenge is July 1, 2014 and Cisco intends to make the results public this fall. We are encouraged by this activity, and we will continue to learn and share other IoT security advancements.
So, what else is going on in the world of manufacturing IoT security? Let us know what else of significance is going on in this regard as well as how you see the impacts of these unfolding in the future.
In the next related blog article, we’ll tackle the third big hurdle that we see that is slowing manufacturing IoT adoption and success – the increased costs to add intelligent devices and equipment and the ROI of manufacturing IoT applications. Our goal is to see all of these challenges addressed as quickly as practically possible, so the manufacturing industries can continue to accelerate their business success by leveraging these exciting new technologies.
© 2014 matthewlittlefield.com