FEATURE SMART FACTORIES
SECURING THE SMART FACTORY OF THE FUTURE
continuous monitoring and improvement of IT-security, and which should be managed by a specialist, using international standards. • IT-security audits should be
performed by an accredited certification body, something that customers and business partners within the supply chain will increasingly ask for such before they are happy to connect a smart factory to their own system. • Regular penetration tests identify any
security weaknesses within the IT system, which could be exploited by hackers. End-to-end encryption and electronic
by Paul Taylor, head of industrial products at TUV SUD I
ndustry 4.0 is a major paradigm shift for industry, with the convergence of
enterprise IT and operational technology seeing systems and devices exchanging and interpreting shared data. Advanced sensors are already finding their way into modern manufacturing lines, facilitating informed decision-making, but this is just the beginning. Industrial manufacturing will therefore face massive disruption as developments move towards fully connected, self- organising intelligent factories. One of these disruptions is IT-security,
as any breach could cause serious damage to factory operations, sensitive data, machines or even people and the environment. IT-security must therefore be a top management priority, and while the smart components that control the production process face the IT-security risks that are common to all IT-systems, smart factory security cannot be considered a simple extension of office IT security. In order to realise the benefits of what
Industry 4.0 has to offer industry, without exposing business operations to risk, it is essential to deal with IT security measures at the early planning stage. There are a wide variety of possible vulnerabilities in the smart factory of the future, including: • Lack of knowledge in the
manufacturing industry about how to apply IT security protection to systems
14 SEPTEMBER 2018 | FACTORY EQUIPMENT
(machinery) that have traditionally not required it, operate very differently from office-based IT and may also still be running legacy systems, with which more modern cyber security software is incompatible. • Merging traditional ways of working
with the needs of the smart factory as external systems, such as USB drives used for machine maintenance, monitoring or programing can infect one machine, which is then passed on through the smart network. • Remote maintenance by equipment
suppliers or subcontractors requires a connection to their network, which may be infected or have less stringent IT security. • Existing machines on the factory
floor that lack digital identification and authentication functionality, cannot be sure that operating instructions received by the network are from an authorised person. IT security risks can be mitigated, and
as with any risk they must be identified, analysed and prioritised as part of the smart factory planning. Preventive measures include: • Raising and maintaining employee
awareness through IT-security training. This is a relatively simple issue to tackle and prevents the most common problems, which are often unintentionally created by employees. • Implement an information security management system, which delivers the
TUV SUD www.tuv-sud.
co.uk T: +44 (0)1489 558100
Below: Paul Taylor, head of industrial products at TUV SUD product service
In order to realise the benefits of what Industry 4.0 has to offer industry, without exposing business operations to risk, it is essential to deal with IT security measures at the early planning stage
signing of sensitive communications, whether originating from a person, a control system or a sensor, is also an important principle. However, the real- time control environments associated with Industry 4.0 will make this a challenging concept to achieve. Only end-to-end encryption can ensure that: • Unauthorised persons or machines
cannot access data on the system. • That data cannot be corrupted or
manipulated by hackers. • The receiver can be sure the information
originates from a trustworthy source. The robust authentication of all people,
machines and processes is also critical. For example, every machine operator and maintenance engineer should electronically identify themselves before performing an activity. The separation of subsystems in the overall smart factory architecture would also assure that potential attacks can be constrained to one single production line or specific production processes, without spreading across the entire factory. While Industry 4.0 is a growing reality,
much of it still remains a concept as the shift to this new method of working requires significant financial investment in new plant, as well as the assurance that new challenges have been addressed. For many, Industry 4.0 therefore remains a concept and goal, rather than a reality, raising more questions than can currently be answered. The connected world of Industry 4.0’s smart factories adds a new and significant dimension of complexity in terms of machinery safety challenges, and IT security should be a key consideration in all stages of planning a smart factory, rather than something that is considered at a later stage.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74
