MAR-APR 2019

Issue link:

Contents of this Issue


Page 13 of 59

14 INTECH MARCH/APRIL 2019 WWW.ISA.ORG COVER STORY manufacturing execution function to improve all aspects of production and commerce across company boundar - ies for greater efficiency. Does edge computing pose any unique new cybersecurity chal - lenges, and do you have any advice for users? Kling: With more powerful proces- sors, embedded sensing technologies, increased abilities to communicate, lower power consumption, smaller footprints, and mobile applications, we can start to take an application that used to run on a server and run it where it makes the most sense. At the end of the day, what we are talking about is pushing control further toward the pe- riphery of the plant, right down to the equipment asset level. With more con- nectivity and computing power, these smarter, connected assets, like pumps, for example, will be able to control, monitor, and secure themselves in real time. And if we take the next step, it is easy to imagine extending this level of real-time control upward to the enter- prise. It will revolutionize how com- panies improve the profitability and performance of their operations and assets. But regardless of what it looks like, be it cloud, fog, or edge, a robust cybersecurity strategy will have to be in place, because, as we said, all this new connectivity broadens the attack sur- face. Every new connection has to be secured. This will be the challenge. Edwards: The scale we are going to see with these deployments creates a massive asset-management problem. I mean, if today we can't even identify what devices are currently on our ICS networks, what will it be like when we have two orders of magnitude more devices? Seems like an opportunity for a robust "management of change" type system. Virtualization In the traditional architecture of digi- tal services, applications are tightly bound to the platform on the operating system (OS). Virtual machines began a revolution to loosen the tight binding between OS and platform. Containers are taking that one step further. Now services are becoming loosely bound to their guest OSs. This unbinding allows for an increase in computing fluidity. It becomes far easier to leverage cloud, fog, and edge computing platforms as the application can move easily be- tween environments. Does virtualization pose any unique new cybersecurity challenges, and do you have any advice for users? Kling: Virtualization means we can now use applications we no longer have to install and customize to fit their platforms. Applications, services, and microservices are preinstalled on a virtual machine. Essentially, they are their own platforms. Isolated from their neighbors, they inherently bring security improvements. Maintaining the VM [virtual machine] repositories securely and using them in a secure fashion by ensuring integrity is a some- what new challenge. But with these new challenges comes an incredible amount of value. Once we see network convergence, network virtualization, and application and service virtualization, paired with traditional IoT and sensors, we will wit- ness automation solutions that carry a lighter physical footprint. You can take advantage of these virtual resources on premise or off premise. It is entirely conceivable to imagine a rack of vir- tualized computers replacing control, I/O processing, and other applications. Think of a rack of compute power tied to an array of edge-based sensors and actuators. But once again, you must ex- ecute your applications where it makes the most sense, i.e., where it drives the most value within your risk threshold. A new vision is coming, one that lever- ages value from virtualization. With it comes the challenges unique to the technology being used. For example, know and understand how network convergence places higher importance on confidentiality and integrity. Be ready for communication prioritiza- tion schemes to rise in importance to help ensure critical traffic is treated ap propriately to maintain availability. Edwards: Virtualization presents similar issues as the cloud, fog, and other advancements we have dis- cussed. Something I really like about virtualization is the ability to separate the software from specific hardware dependencies. As an old DCS guy com- ing from "the software only works on this specific hardware version," that is a huge benefit, and gives end users enormous flexibility and redundancy. But yes: You need to be aware of new vulnerabilities that come with virtu- alization. My advice here would be don't mix security levels on the same VM hardware. You need a unique set of hardware for each security level. Analytics, machine learning, and artificial intelligence The application of technology to im- prove and optimize production op era- tions has been an ongoing industrial automation journey over the years. Cloud, fog, and edge computing and software developed for a wide range of IT, Internet, scientific, and business applications have become easier to use and more cost effective for industrial automation applications. This does, however, connect production process- es directly to a broader number of net- works and computers. Does the broad application of analytics, machine learning (ML), and artificial intelligence (AI) pose any unique new cybersecurity chal- lenges, and do you have any advice for users? Kling: Absolutely. In traditional DCS or discrete applications, the con- trol al gorithms have a precise under- standing. Control engineers have been trained in these algorithms. Machine learning and artificial intelligence bring a new level of discerning patterns from data and offer new ways to improve the safety, efficiency, reliability, and even profitability of the operation and the business. But before a single operator decision is made, time must be taken to understand these new algorithms and to ensure the integrity of the data be- ing fed into them, so they can explain their results. Only then can confidence be found. From a security standpoint, as men-

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAR-APR 2019