Are you securing your automation equipment?
Adopt an identity-first approach to securing the Industrial Internet of Things (IIoT)
October 3, 2019 by Bob Slevin
Industry 4.0, the trend toward the use of automation and data exchange in industries like manufacturing, is transforming how organizations in almost every industrial sector operate.
Automation supported by Industrial Internet of Things (IIoT) data is driving us to design and create the next generation of manufacturing facilities. Working with new data from connected equipment, facilities using IIoT platforms will be able to recognize trends faster, better predict what is working (and what isn’t) and enable plant-to-plant communication to share insights.
Today, there is a push toward unification of IIoT platforms – tools used to parse, combine and display the data sent by connected equipment – but initial deployments of IoT technology in manufacturing have left many plants with multiple platforms and disparate security measures. The resulting solutions create unacceptably poor levels of security and performance. Managing these complex IIoT ecosystems securely requires an identity-centric, zero-trust approach (more on this later), ensuring critical IIoT devices and their data streams are protected from tampering and misuse.
Your identity is important, even if you’re a robot
Data quality is one of the most important (if not the most important) aspects of a successful IIoT deployment. Data quality and security begins with trusted devices. In other words, data quality begins with device validity.
Enterprise organizations faced a similar problem with the “bring your own device” (BYOD) phenomenon, where IT departments had to ensure they were only allowing trusted devices to access secure information on company networks. Similarly, for manufacturers, every device streaming information to a database must be validated and secured. An unknown or untrusted device streaming data into a database is not only difficult to contextualize, but it can also compromise the rest of the information in the database.
To ensure data validity, each machine on the network must be identifiable and have a clearly defined role. This is similar to visibility on a corporate network, where users are identifiable and have clearance to access specific information or devices. This level of access allows manufacturers to closely monitor what a machine is doing and ensure the data it is producing is sent to the right teams.
The perfect IIoT scenario
A perfect scenario in IIoT would see data streaming in to a unified platform, integrating information from all sensors and machines for users to work with together. Without a zero-trust approach (meaning all devices sending data to the platform are secured and identifiable), this perfect scenario is nearly impossible to achieve, but when accomplished, a unified platform brings order to the chaos of IIoT sensor data streams and helps manufacturers really understand what is happening at the device level.
Identity-driven platforms are essential in IIoT applications because of the very nature of sensors. They are not malicious by design. They simply collect information and send it wherever they are told. When they are turned on, they will not stop collecting and sending information until they are told to stop. Information is transmitted from the sensor to an IoT platform using a method defined by the organization and this can include the public internet if not adjusted. An identity-driven, zero-trust approach to IIoT requires organizations to use a secure network (not the public internet) to transmit IIoT data, ensuring end-to-end device validity.
Digital twins will require device validity
As the manufacturing industry moves toward technologies such as digital twins – digital versions of physical machines – and closer to fully autonomous industrial environments, device validity and data quality will be foundational requirements for secure, trustworthy manufacturing facilities.
Today, with data breaches making front-page news, we often worry about unauthorized access to information as a “worst-case” scenario, but in IIoT, the worst-case scenario can mean creating unsafe environments in manufacturing facilities. Unlike a data breach, unsafe environments usually mean data is not being sent to the correct teams. In an automation-driven facility, readings like machine temperature could be sent to a remote manager who must take action if unsafe readings are detected. If the data is going to the wrong person or team, corrective action may not be taken in time, or if data is being directed to unqualified users, the wrong action may be taken. Unifying IIoT data in a single, identity-focused platform can help ensure the right users are receiving the data they need to take the right actions.
Identity-first, zero-trust platforms create quality data
Manufacturers are using the information created by countless IIoT sensors every day to make decisions and as more connected machines are integrated, they must depend on an identity-driven platform to ensure the validity of their data. This kind of visibility, where each individual device is identifiable, is important not only from a security aspect but also for future integrations to improve performance and boost competitiveness.
Bob Slevin is director of product marketing for IoT at OpenText.