How secure is the smart factory?
Technews Industry Guide: Industrial Internet of Things & Industry 4.0, IT in Manufacturing
Industry 4.0, IIoT and the connected factory are beyond the point of just being buzzwords. In reality, they offer huge opportunities for manufacturers. But as a smart factory goes online, how secure are communications in and out of the site? How can companies enable remote access and protect themselves against cyber threats at the same time?
Remote access to machines has become vital for OEMs and system integrators to meet response-time and up-time obligations. Engineering resources and budgets are limited, therefore efficiency is key. Resolving issues without the need for onsite visits saves time and money, but as businesses embrace connectivity, the threat of a cyber attack increases. Protecting data when connected to a network can be a complicated challenge.
Cyber security is top priority for the Danish solution, Secomea. Designed specifically for remote programming, monitoring and data-logging, it provides secure remote access without the need for advanced firewall configuration.
Moving on from VPN
Traditional VPN technology is widely used and suits the job of connecting networks remotely or providing remote access to a central site. However, it has some serious limitations for remote device monitoring and management.
VPN solutions can be complex. Connecting different engineers to different sites around the world by traditional VPN solutions would be an onerous task. Setting up a VPN is resource heavy, time consuming and requires the involvement of IT personnel. Subnet conflict issues, firewall setups and single level authentication can also trigger security concerns.
Secomea has developed an Internet-based technology that specifically addresses the security and usability requirements of linking service engineers with industrial equipment.
Each machine has a SiteManager, a small piece of hardware that the engineer connects to and uses to control the machine. The SiteManager can connect to industrial equipment via LAN, serial or USB ports. There are also multiple Internet access options including LAN, 3G and 4G or Wi-Fi. The LinkManager Windows based client provides (VPN-like) access to serial and USB devices, no configuration is required. A web version, the LinkManager Mobile, can be operated from multiple platforms with a browser allowing users to remotely access equipment via a phone or tablet.
The solution also includes a GateManager, a M2M server that is either hosted by Secomea, or by the customer themselves. All communication between the factory and the engineer through GateManager is via an encrypted connection. Through the web-based GateManager Portal, users can administer accounts, manage SiteManagers, and also manage devices. It is straightforward to determine who has access, what equipment and which sites can be accessed, and also when and for how long that access remains active. The engineer can securely log on to the system via a X.509 certificate and associated password. GateManager also logs all events.
Secomea has two- and three-factor security authentication, event audit trails, role-based account management and standard measures for eliminating the risk of vulnerabilities from configuration or human errors.
Secomea says it has achieved Industry 4.0 certification by enabling these connections in a secure way. Unlike an open VPN network, restricting access to certain devices for a specified time is easily achieved using a simple folder, and drag and drop system.
The development of smart factories offers significant benefits for the automation industry. If companies are to take full advantage, they must make timely decisions about how to utilise new technology that is designed to keep those connections secure.
Secomea has not only made its system secure, it has also utilised third-party test laboratories to assess its system and ensure they comply fully with the requirements of Industry 4.0. Unfortunately we live in an age where criminals, fraudsters and hackers have upped their cyber game. No one can afford vulnerabilities in their system.
New technologies afford many benefits, but they need to be kept secure and stay ahead of the threats.
For more information contact Bob Petrie, Throughput Technologies, +27 (0)11 705 2497, firstname.lastname@example.org, www.throughput.co.za