By Alberto Martínez, Chief Digital Officer (CDO) und Head of Competence Center Software Service, Bystronic Group
8 a.m. on just another Tuesday morning. A member of a sheet metal processing job shop’s sales team turns on his computer. As he drinks his first cup of coffee, he checks his emails, opens what looks like a quotation request from a customer, and clicks on the attachment. The ransomware immediately kicks in, and in just a few minutes all the files on the company’s server have been encrypted and can no longer be accessed. In the very best of cases, this results in several hours of downtime.
Many companies are extremely hesitant when it comes to introducing the industrial internet of things (IIoT) or cloud systems because they believe this will open the door to cybercriminals. However, they do not realize that they are already facing this danger on a daily basis. A simple email with an attachment or a link can result in the encryption of all the information on a server. You are at risk even if you have not implemented an entire ecosystem connecting customers and suppliers. Thus, it is essential to be aware of the threats and be ready to quickly respond in the event of an attack.
Cybersecurity is currently on everyone’s lips. There have recently been many widely-publicized cases of large companies falling victim to cyberattacks that compromised their operations in one way or another. In some of these cases, it was revealed that the companies’ security policies had not kept up with the past decade’s rapid changes relating to the use of digital technologies and tools, and that they apparently acted in the belief that a cyberattack could only ever affect others. The sheet metal processing sector is no exception to this reality.
In most cases, concern over the security of systems becomes more pressing when a company decides to increase its level of digitalization, for example by transferring tools to the cloud. This is when many companies start thinking: What are the dangers of connecting our systems and machines? What about networking with external systems? And what are the risks of using cloud-based systems?
In the following, we outline answers to these questions:
What risks are involved in networking systems?
The transition from manual or automated manufacturing to a digital factory involves the creation of hybrid areas, where systems (on-site or in the cloud) interact. Together with the IIoT infrastructure, these allow real-time information on what is happening to be accessed from wherever required, thereby paving the way to much more agile decision-making.
This reality is already within reach for many small and medium-size enterprises. Only a few years ago, this level of digitalization was accessible only to a handful of companies, but because of the democratization of systems, and above all because of the widespread use of pay-as-you-go and cloud systems, many SMEs are now facing the challenge of securing their systems.
The first basic and essential step is the implementation of cybersecurity policies that include training for users and that are based on an in-depth understanding of the partners with which the company is working, especially in the cloud, to ensure they meet the required standards.
The establishment of these policies must be combined with systems that provide security all the way from the design stage right through to their implementation and maintenance.
What is security by design?
The security of systems has ceased to be a matter that is addressed only at the outset, as used to be the case when systems were installed on-site and were not networked. However, once we start connecting systems with each other, either within our own environment or with third parties, security must be treated as a priority issue that has to be taken into account during the development of a system and every subsequent modification.
This results in the security by design concept, which consists of basing the development process on failsafe security measures. This is the only way we can ensure that development is backed by cutting-edge technologies and best practices in software architecture and design. Design of this nature caters for secure communications outside of the system itself, including the appropriate identification and registration of all the components and users. It should provide the possibility of defining access permissions for different roles and be capable of monitoring each component by logging events. Due to the increase in the number of system components, each component needs to be updated individually, while also maintaining the stability and reliability of the system as a whole.
In a smart factory, how should the security of the various levels of management be addressed?
The design of a digital factory is based on three levels:
– Systems that manage machines
– Systems that manage the production plant
– Systems that manage business
Each one of these levels can contain more than one system involving several suppliers. Besides management and control systems, there are also analytical systems that measure the machines’ performance and status either in real time or based on logs. One of the most common demands relating to digitalization projects is to gain an overview of the manufacturing status and to be able to remotely access this information. With regard to business management, the systems usually need to be connected to CRM software or to customer portals for the management of orders.
The exposure of these systems to open environments and the interoperability between them are key to successful digitalization. The solution to these challenges does not mean isolating systems, but rather creating different environments. Moving from one to another then requires passing through a single point, where we can establish control and verify the authenticity of the system issuing or receiving the message or request as well as the actual message itself. In other words, our security system is as robust as the weakest link in the chain.
And what about cloud systems in a digital factory ecosystem?
All levels that incorporate management software in a digital factory can utilize systems in the cloud. The machines are the first item we need to protect in order to prevent cyberattacks against a digital factory. The key to securely connecting machines to systems is the deployment of reliable machines based on state-of-the-art technology, and the incorporation of software ensures a simple connection with systems on the next level.
With regard to shop floor management, it must be possible to create a network within which all machines are connected to each other. This network should be connected with the next level via a highly dependable firewall. This requires following certain guidelines and monitoring the ports, communications, and thus the information that the systems share.
At the level of business management, it is important to implement different networks for the different groups working with the individual systems. These are connected to our servers via a single hub that is monitored and secure. Our in-depth understanding of the nature of our customers’ communications allows us to avoid non-authenticated and insecure sources or origins.
Systems in the cloud should secure the communications hub and computer ports, whereby communication is always initiated from our systems and not vice versa (from the cloud).
In conclusion, potential problems do not result from the networking of systems or from the cloud. Quite the opposite is true, and they both have an enormous potential for the development of a truly digital factory. Issues also exist in conventional manufacturing environments where attacks are already taking place on a daily basis. A robust interconnection system with a reliable provider who is committed to the security of your systems is crucial to ensuring the security of your digitalization process and is thus one of the keys to achieving a truly digital factory.
For more information on the please see www.bystronic.co.za or contact Bystronic on 010 410 0200.
