June 2019

64 n COMMS, NETWORKING AND SECURITY June 2019 www.drivesncontrols.com The challenges of IT security in the smart factory E ffective IT security is a major factor in realising the benefits of smart factories, but it cannot be considered a simple extension of office IT security. To achieve what Industry 4.0 has to offer, without exposing business operations to risk, it is essential to deal with IT security measures at an early planning stage. There are a many possible vulnerabilities in the smart factory. They include a lack of knowledge about how to apply IT security protection to systems (machinery) that have traditionally not needed it. These systems can operate very differently from office-based IT and may also still be running legacy communications networks that are incompatible with modern cyber-security software. Also, practices such as using USB drives for machine maintenance, monitoring or programming, can infect one machine, which is then passed on through the smart network. Remote maintenance by equipment suppliers or sub-contractors requires a connection to their network, which may be infected or may have less stringent IT security. Similarly, existing factory machines that lack digital identification and authentication functions, cannot ensure that operating instructions received via the network are from an authorised person (or source). There is also the risk that an attacker may manipulate the smart tags on components or final products. However, security risks can be mitigated, and they must be identified, analysed and prioritised when planning smart factories. Preventive measures include raising and maintaining employee awareness through training – a relatively simple task which prevents the most common problems. Implementing an information security management system will also deliver the continuous monitoring and improvement of IT security. The IT team should also conduct regular penetration tests to identify any security weaknesses within the IT system that could be exploited by hackers. To ensure this is being done appropriately, IT security audits should be performed by an accredited certification body – something that customers and business partners in the supply chain will increasingly demand before they are happy to connect a smart factory to their own systems. Challenging concept End-to-end encryption and electronic signing of sensitive communications, whether originating from a person, a control system or a sensor, is also an important principle. However, the real-time control environments associated with Industry 4.0 make this a challenging concept to achieve. The robust authentication of people, machines and processes is also critical. For example, every machine operator and maintenance engineer should identify themselves electronically before performing an activity. The separation of subsystems in smart factory architectures would also ensure that potential attacks can be constrained to a single production line or specific production processes, without spreading across the entire factory. Business continuity planning is also a key consideration, to ensure that the entire organisation is prepared to deal with IT security incidents. Data and information exchange it a key aspect of the smart factory business model. It results in vast volumes of data being generated and processed. This raises questions about data ownership – who“owns” the data generated, exchanged and analysed, and how should this data be protected? It also unleashes questions of privacy – how can protecting the personal data of employees and customers be assured in a smart factory? Smart factories must therefore protect and control the use of data by suitable organisational, technical and contractual measures. This should include use agreements that determine the scope of data usage and its purpose, alongside continuous monitoring of data generation and use. Other technical measures can also be taken to reduce uncertainty about the origin, manipulation and usage of data, such as signature of data and authentication of machines and operators. And data protection compliance should be considered from the early planning stages of smart factory implementations. These challenges bring IT security to the forefront as a major factor for achieving the benefits of Industry 4.0. It must be a top management priority, requiring close cooperation between all departments. It should also be a key consideration at all stages of planning a smart factory, rather than something that is introduced at a later stage, carrying the same level of importance as other crucial business considerations. n Smart factories raise a variety of issues regarding IT security. Paul Taylor, head of industrial products at the product testing and certification organisation, TÜV SÜD Product Service, considers some of these, and examines how they can be tackled.

RkJQdWJsaXNoZXIy MjQ0NzM=