https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

Why Industrial Automation Security Should Be a Renewed Focus

Industrial automation security is vital as manufacturers and critical infrastructure organizations weigh a technological reboot.  
  • Written by Brian Buntz
  • 27th April 2020

As industrial organizations grapple with COVID-19 fallout, automation has become an even hotter topic. Experts fear, however, that the acceleration of automation could drive unforeseen consequences for organizations that don’t focus on security.

“When it comes to automation and industrial control systems (ICS), there is no doubt haste makes more than waste,” said Dan Miklovic, an analyst at the Analyst Syndicate. “It leads to potentially catastrophic or deadly outcomes.”

Mission-critical systems in industrial facilities have traditionally relied on the close oversight of human workers because the senses were “usually the most effective way to ensure optimum uptime,” Chris Catterton, director of solution engineering at ONE Tech. That is changing. Automated systems often exceed human capacity to spot machine problems. An automated system can detect when a torque value on a bolt is, for instance, a few pounds light, or hear a high-frequency bearing squeal undetectable to the human ear, Catterton said.

But being lax in terms of industrial automation security can be dangerous. Hobbyist electronics, for instance, may make automating industrial machinery simple, but such products can also provide cyberattackers with a familiar target, Miklovic said. “Plug-and-play automation solutions that are not built with security in the forefront can also open the door for a vast amount of vulnerabilities,” Catterton said.

Take Care With AI Deployments, Too 

There’s also a risk that organizations will hastily deploy artificial intelligence (AI) as part of their automation initiative. With data science experts in short supply and many experienced industrial operators sidelined as a result of COVID-19 quarantines, there is a heightened danger of errors creeping into AI algorithms. There’s a risk that “the person trying to train the system lacks critical safety information,” Miklovic said.

Even in ideal conditions, developing software or AI algorithms inevitably introduces some error. One rule of thumb holds that there are one to 10 mistakes per 1,000 lines of software, as the book “The Fifth Domain” has observed. Even software for mission-critical space systems could have one to five errors per 1,000 lines of code.

With software often having millions or billions of lines of code, the need to prevent and correct bugs becomes critical. History provides examples that underscore the risk of cutting corners in industrial automation security. The Ariane 5 rocket disaster of 1996 is one such example. After software developers from the European Space Agency failed to adequately update code they borrowed from a predecessor rocket, the rocket exploded. Because the speed of the craft during the launch exceeded the bounds its software specified, the rocket self-destructed. “The cost of this software error was about $300 million,” said Johannes Bauer, Ph.D., principal security advisor at UL.

Another example of costly software shortcuts is the grounding of the Boeing 737 Max in 2019. After outsourcing software development tasks to $9-an-hour engineers, the plane killed 346 people in two accidents. An automated system relying on information from a sole sensor played a role in the crashes, according to the New York Times. The cost of grounding the 737 after the two accidents is $18 billion, according to Boeing estimates.

Discriminate When Allowing Remote Access 

In addition to the risks of cutting corners with software-driven automation or AI workloads, the expansion of remote access in industrial environments is another danger. “Think about using Zoom [the videoconferencing application] to have shop floor personnel communicate with a shared expert resource to diagnose a problem,” Miklovic said. In such a case, a cybercriminal could steal trade secrets or product manufacturing information, he noted. The rush to enable remote operations can also prompt organizations to make control systems accessible via the public internet without appropriate security controls. The threat of doing so is “a concern for safety instrumented systems,” said Mark Carrigan, chief operating officer of PAS Global. “Such systems are the last line of defense for processes operating beyond their boundary conditions, and a known attack target for malicious actors.”

Remote operations also heighten the risk of phishing attempts using social engineering. Such an attack could “identify employees who are likely to have privileged access so their credentials can be exploited to gain access to control system environments through increasingly accessible remote gateways,” Carrigan said.

Evaluating Threats by Sector

The rush to deploy automation and remote access won’t be uniform across the industrial sector. “The most critical of critical infrastructure systems” tend to have established protocols in place, and are less likely to redefine core processes, said French Caldwell, co-founder of the Analyst Syndicate. Critical infrastructure such as nuclear power plants, oil refineries and chemical plants are less likely to be impacted by social-distancing working restrictions given exemptions for such institutions.

Critical infrastructure organizations also tend to have regulatory requirements for cybersecurity. Energy utilities, for instance, must follow cybersecurity standards outlined by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation.

At the opposite end of the spectrum is industrial infrastructure such as heating, ventilation and air conditioning (HVAC), lighting and plant systems. Such systems have been “operated and monitored remotely for decades now,” Caldwell said.

Organizations in the middle of these two poles are more likely to increase automation and remote working infrastructure, according to Caldwell. “It’s in the very large middle group of systems where, no doubt, there is a pandemic-led increase already in remote ICS access,” he said.

The Final Word

Ultimately, each organization has to evaluate the risks and rewards of digitization and automation. The risk of moving too slowly can be a threat to an industrial company’s longevity just as much as rushing a deployment. “There are many different views on what to automate, how much to automate and when to automate,” said Nitin Kumar, chief executive officer of Appnomic. “Physical assets are increasingly going digital. Not having automation woven around these with an adequate digital process will create a very inefficient digital operating model.”

One thing is universal: Organizations must collaborate to solve these problems. Especially during the pandemic, engineers and IT leaders “need to team up to ensure that reliability and security are aligned to both the criticality of the systems and the security risks,” Caldwell said. After the pandemic subsides, organizations will have more time to review how they can expand automation and remote access of ICS systems to accommodate “both unexpected contingencies and to improve effectiveness and efficiency of day-to-day operations,” Caldwell said.

From a business standpoint, organizations should consider strategies to deploy automation to enhance resilience in the face of uncertainty. “There is a lack of clarity on the duration of the shutdown and the risks posed to the workforce even if the economy migrates to a semi-open posture,” Kumar said. But more certain is the likelihood shareholders will “continue to be demanding as the recovery mounts,” he added.

Technologies such as automation, AI and remote access can enable industrial organizations to do more with less. Those who aim to deploy them should do so cautiously. Despite the adage of security by design, many organizations find them in a sort of continual remediation mode. “Security should be a functional requirement from the outset,” said Sean Peasley, a partner at Deloitte.

Tags: IIoT/Manufacturing Features Internet of Things World 2020 Conference Coverage

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Partnership to Globally Expand Robotics Solutions
  • Researchers Use Robotic Prey to Track Predator Behavior
  • IoT Deals and Partnerships Roundup: Sony, Emnify, Nexxiot and more
  • IoT Product Roundup: Canonical, InfluxData, Wiliot and More

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

AI Summit 2022: easyJet’s Ben Dias on AI in Aerospace

The company’s director of data science and analytics talks about the industry’s use of AI.

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022
IoTWorldToday, IoTWorldSeries

Firefly-Inspired Robots Enable Motion Tracking, Communication dlvr.it/STJn0H https://t.co/ksRSzYcR4z

4th July 2022
IoTWorldToday, IoTWorldSeries

Partnership to Globally Expand Robotics Solutions dlvr.it/STJlyx https://t.co/YWAtpUfcNd

4th July 2022
IoTWorldToday, IoTWorldSeries

Researchers Use Robotic Prey to Track Predator Behavior dlvr.it/STJjyB https://t.co/6rJICwgK2i

4th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail dlvr.it/STJYcq https://t.co/NcNinAiPUE

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X