Keep Asset Data Secure

When IIoT solutions are developed and deployed, ensure that data captured and stored is only accessible by authorized personnel.

Partner with third-party vendors that prioritize security best practices and protocols.

By Brent Nelson and Kirk Haddad, Donaldson

Industrial facility-management teams are looking for ways to do more with less. A tight labor market, constant pressure to improve uptime and elevate production, and increasingly complex assets are driving the need for more real-time data and diagnostics. Many industrial leaders are deploying internal and external IIoT solutions and services to address these needs. 

The solutions are providing remote and real-time access to critical machine data and helping create efficiencies for plant maintenance and engineering teams. They are also fostering collaboration among an ecosystem of partners to help identify and address potential issues before breakdowns and unplanned maintenance occurs. 

When IIoT solutions are developed and deployed, it becomes essential to rule out any possible security vulnerabilities within internal control systems or operational networks. Equally important is ensuring the data captured and stored is only accessible to authorized personnel, since most industrial users lack data or network security expertise. Here are three ways to keep your data secure when deploying external IIoT solutions.

Isolate third-party solutions

The best way to keep your internal control systems and operation networks secure is to isolate third-party IIoT solutions from your networks. Any device or software that connects to your internal networks, either locally or through the cloud, represents a potential security vulnerability. These vulnerabilities are of high concern because they put not just the data from the IIoT solution at risk, but potentially all of your operational data and systems. 

One solution is to use a secure, isolated cellular interface to transfer data to the cloud. When using a cellular system, the data is sent directly from the gateway to a cloud interface without any local control system or corporate network  interaction. Thus, there’s no opportunity to create new system vulnerabilities. 

The cost of cellular plans has greatly decreased in the past few years, so most vendors bundle their cellular plan directly in the service. This makes cellular a secure and economical solution for transporting data in an IIoT solution.  

In addition, avoid IIoT solutions that connect to your internal Wi-Fi network. Opening a secure internal network to third-party clouds can create vulnerabilities. The same is true for IIoT solutions that connect directly to your control systems through a local wired or wireless interface. The additional data on your control system could corrupt your internal control systems and cause plant-wide issues. 

Segment data

Similar to isolating IIoT networks, segmenting data that goes to a third-party cloud is important. 

Every plant has proprietary process data that must be protected and kept confidential. For example, data that indicates production volumes should always be protected.  

Conversely, data that only reflects the status of a machine is not typically considered to be proprietary and, therefore, can be securely shared externally when it’s beneficial to maintaining equipment performance. Data points, such as temperature, vibration, and pressure, do not provide insight into your proprietary processes and create little risk to your organization. 

Prior to deploying an IIoT solution, your leadership team should review all of the data that may be generated and determine whether the data is considered proprietary. If proprietary data is required for the solution to create the necessary value, then additional steps might be required to secure that data. 

Evaluate vendor practices 

Security should be at the core of any IIoT service offered by an external supplier. The topic of security must be covered at the beginning stages and not bolted on after a solution is implemented.

Isolating the IIoT solution and segmenting the data will greatly reduce a facility’s security risk. Note that you still want to be sure that your supplier is using the highest security standards to uphold your facility’s data integrity and privacy. 

A third-party IIoT solution should use established patterns, reference architectures, and service-specific technologies that are well understood, documented, and supported. Discuss and agree upon these three points before selecting an IIoT solution provider:

• Encryption: A secure solution will encrypt data during transport (when it’s being sent from one location to another) and while at rest (when stored in a database or other storage systems).  

• Access control: How is user access to a platform controlled and how is adding and removing users, such as former employees, managed? A solution that uses federation to validate users can enhance security and enable facility managers to control solution access through their identity systems. 

• Data sharing: It’s important to know who has access to your data and how it will be handled when outside vendors are involved. 

IIoT solutions offer proven benefits to industrial facilities when security best practices are followed for asset monitoring and condition-based maintenance. By isolating data, segmenting proprietary data, and keeping third-party vendors in lockstep with security protocols, maintenance and production teams have much more to gain than lose. EP

Brent Nelson is the Director of Product Development for Industrial Services and Kirk Haddad is a Senior Enterprise Architect of Cloud Solutions for Donaldson, Bloomington, MN, a global manufacturer of filtration products and solutions. For information about the Donaldson iCue Managed Filtration Service, visit the company website at donaldson.com.