InTech

MAR-APR 2019

Issue link: http://intechdigitalxp.isa.org/i/1099885

Contents of this Issue

Navigation

Page 10 of 59

COVER STORY INTECH MARCH/APRIL 2019 11 C ybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors, including supply chain, logistics, enterprise comput - ing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Many emerging Internet of Things (IoT) and communications technolo - gies offer greater connectivity, but they make the cyber landscape more complex. This article explores aspects of these issues with cyberse - curity experts Andy Kling, senior director of cybersecurity and architecture at Schneider Electric, and Marty Edwards, director of strate - gic initiatives at ISA and managing director of the Automation Federation (AF). I asked these recognized industry experts for their thoughts and opinions on a number of items: Edge-to-enterprise communications IoT communications technology not only fol - lows traditional information technology (IT) routes, but also connects to process, machines, material handling, and factory floor devices to close the IT/OT divide. How do you characterize new challenges created by direct edge-to-enterprise com- munications, and do you have any advice for users? Kling: Without a doubt, the digital transfor- mation will increase the number of connected IIoT [Industrial Internet of Things] devices. En - terprise business is constantly seeking new, bet- ter ways to get closer to operations. This is gen- erally a very good thing, because as the speed of business accelerates, you need to be able to control your business variables and risks in real time. The natural result of all this new connec - tivity is a wider attack surface. To take advantage of the value the IIoT promises, organizations must expand connectivity amongst people, as - sets, and systems, which allows them to extract and make data work for them. To protect these new connections, you first need to understand the risks associated with moving to an IIoT envi - ronment: Will all the new information and data from the edge provide business benefits that ex - ceed the risks it takes to retrieve and apply it? It is a simple question, and if you cannot answer, it is likely because you do not yet know and under - stand the full risk landscape. So get expert ad- vice. Once you determine the value is there, then focus on data integrity. One compromised input device can poison the data repository. Cyberse - curity can no longer be an afterthought. There is too much at stake, financially and operationally. Edwards: There are a number of issues to con - sider here, I think. Firstly, just due to the sheer volume of new devices coming on the market, which might mean having to work with new manufacturers and vendors, we should expect to have a bunch of new vulnerabilities that will need to be addressed and mitigated. End users will have to contend with that and understand the implications and risks these new vulnerabil- ities will have on their operations. It then depends on how you bring in the data. If your application vendor is backhauling all of the device data into the cloud through a service provider network like 5G and all you are getting is the data through the same vendor, then "de vice security" really becomes a vendor problem. At FAST FORWARD l Cybersecurity threats to manufacturing and process plants are coming from a widening range of attack vectors. l The digital transformation of manufacturing to increase efficiency and productivity will increase the number of connected IIoT devices and the cybersecurity attack surface. l The digital transformation requires integrating control and automation, which can create many new vulnerabilities that have to be addressed and mitigated.

Articles in this issue

Archives of this issue

view archives of InTech - MAR-APR 2019