Data Security Practices for Predictive Maintenance, Digital Factory
Grant Gerke | May 17, 2018
With so many companies implementing industrial internet of things (IIoT) projects and developing enterprise strategies, data security in the cloud sometimes gets overlooked. And, for the most part, plant managers and executives are feeling “secure” with increasing numbers of plant floor equipment moving online and the current state of protective measures.
At the recent GrayMatter customer day in Chicago recently, Scott Christensen, cyber lead at GrayMatter, provided an overview of current security measures for manufacturers and utilities, like water/wastewater plants, and pointed to possible vulnerabilities. One vulnerability, according to Christensen, is the air gap myth. This is the practice of making sure corporate and industrial information technology (IT) networks are separate, so “traditional” corporate viruses, like WannaCry, don’t harm equipment health on the plant floor.
At the recent Industry 4.0 ThinkTank in Chicago, Christensen said,“WannaCry was not necessarily intended to go after production environments. But many of the production environments were impacted because there was no security in play down low in the production network. So it was very easy to take control of the environment.”
Many manufacturers are still experiencing trouble with suppliers, system integrators or maintenance service companies coming into plants with USB drives or with firmware updates. Christensen cited Stuxnet and how it spread due to a firmware update while also pointing to older, plant operating systems and security practices as real areas of concern.
According to Christensen and a recent survey of customers,”14 percent of operating systems are Windows 2000 or older, while XP lands in 2nd with 62 percent and 24 percent have software up-to-date.
“Three out of five sites have plain text passwords, which can be easily hacked,” said Christensen at the customer event.
Christensen also emphasized a defense-in-depth solution and segmentations/DMZ at the control and operations level. Christensen also cited no single point of weakness evaluations, standard (IEC62433) and leveraging existing technologies.
Tell your boss and become a hero! This post from Opto 22’s Dan White discusses how to leverage existing technologies, see above, in connecting equipment back to the original equipment manufacturer (OEM) and use the OEM as a service supplier. The monitoring service could include vibration and temperature, and could open up a new way for end users to employ flexible manufacturing.