The optimal route to smart manufacturing?

13 October 2020

Emilie Lerche Fenger and Marco Zampolli explain the importance of a cybersecurity strategy in digital plants.

As adoption of Industry 4.0 continues to grow and the requirement for remote maintenance and third-party access management systems increases, so does the need for cybersecurity solutions which address both operational technology (OT) and IT requirements – to minimise the risk of unplanned downtime.

Remote maintenance solutions for the industrial automation sector have over the past decade shown their worth through savings in travel costs and more responsive, optimised support from the machine providers’ service engineers.

In recent years, the increased productivity and competitiveness resulting from the use of these remote services have become more evident, and remote maintenance has become a key driver for many Industry 4.0 initiatives.

Remote maintenance implies use of the Internet, and the term Internet of Things (IoT) has become an important topic when planning and implementing industrial control system (ICS) strategies. Today it is not unique to OT departments, but also involves IT departments due to the cybersecurity implications. In fact, the OT department now typically has much broader responsibility around security, where in the past the dominating topic was safety. Within the area of security, the focus has shifted from primarily handling authentication, to the delivery of robust systems for authorisation management. 

Harnessing IIoT
Harnessing the true capability of Industrial IoT relies on the collaboration of experts in each domain. When it comes to secure remote access, a key phrase to consider is ‘With great power comes great responsibility’. End-users expect state-of-the-art technology to be paired with reliability: not only from the hardware perspective but also in the area of factory transformation. Remote connection is one of many areas where collaboration with innovative partners is delivering significant value for customers.

So, what should a company considering a remote access solution or third-party access management system look for to ensure the required degree of cybersecurity? Firstly, the remote connections of both clients and IoT devices should be based on a solid, secure authentication design that must be able to prevent what is known as ‘Man-in-the-middle’ attacks.

Secondly, any solution considered should be both security and Industry 4.0 certified and should be regularly audited by external security experts.

The solution should also have both ‘two-factor authentication’ and a user access management system where the owner can centrally control and authorise who has access to what equipment when and for how long, while concurrently logging all activity for access auditing.

It is wise to be wary of traditional VPN tunnel solutions, based on OpenVPN or IPSec. These VPN technologies are designed for providing full network access between two remote networks. However, this does not meet the IT security requirements of the modern factory. Solutions such as the Secomea Relay VPN are now available, which address the security and usability requirements of linking service engineers with industrial equipment. This type of solution also has the ability to provide access to only specific IP addresses and services, without having to configure firewall rules, and can be used with either a Cloud-based or private M2M server.

Cybersecurity is a vital consideration in the modern factory, and all individuals must be aware of it and ensure it is properly implemented. Any laxity in this area can create a point of failure in the whole structure – something that no factory can afford. Implementing a solution which is simple to use for   non-IT specialists is massive step towards minimising cybersecurity risks resulting from human error, and so securing uninterrupted production and maintaining competitive advantage.

Emilie Lerche Fenger is from Secomea and Marco Zampolli is from Advantech Europe B.V.

Contact Details and Archive...

Print this page | E-mail this page