by Claus Herbolzheimer and Richard Hell
As companies leverage more and more intelligent sensors and cyber-physical systems to aggregate data for algorithms that will control and maneuver machines, they increase the level of cyber risk. Physical machines and tools—or robots—that were once confined by the four walls of a manufacturing plant, are now vulnerable to outside forces.
Imagine if a malevolent outsider were to find a way to change the value of one or more sensor devices, triggering a chain reaction. In a chemical plant, it could change temperature or pressure settings and spark a cascade of negative events, possibly an explosion. In an automotive plant, it could force robots to go wild, or, even worse, surreptitiously embed malware during the automated flashing process into autonomous vehicles.
Imagine producing and installing hundreds of thousands of vulnerable devices in cars. What does it mean, from an architectural or infrastructure perspective, to make a sensor or any other IP device, secure? What is the next level of data security?
Nuclear power plants and utility grids have layer upon layer of cyber measures in place, including “air pockets” with neither direct nor indirect internet connections, and defense mechanisms that shut or slow down activity if any abnormality is detected. But corporate manufacturing plants typically don’t think in those terms, even though they may now have hundreds of thousands of potentially insecure, non-Internet IP addresses that are susceptible to hackers.
The more open the ecosystem, of course, the greater the danger. Manufacturers of autonomous vehicles, for example, are unleashing products—designed to interact with other vehicles and a variety of connected roadside devices—into an open environment more susceptible to hacking than a more closed ecosystem like the manufacturing plant itself, at least in theory. But that is only true if classic cyber security principles developed for the IT world are transferred into the industrial automation and cyber-physical systems world of production and control systems. If, say, a manufacturing plant’s system is breached and negative events begin to cascade, you need a control mechanism that will either disconnect the system—or put you in a “safe” mode so you can continue to operate at a reduced level until the problem is isolated and corrected. Just like a nuclear power plant.
Going forward, engineers need to change the way they develop products, and physically embed security in product design. Imagine producing and installing hundreds of thousands of vulnerable devices in cars. What does it mean, from an architectural or infrastructure perspective, to make a sensor or any other IP device, secure? What is the next level of data security?
Companies need to manage the transition from a physically controlled environment to a digital environment. They need to develop policies to protect and monitor their systems, and to react and minimize damage when they are breached. They need to apply decentralized resilience to standards and rules so that intelligent systems stop connecting with each other and lock into “safe” mode when abnormalities are detected.
Given the proliferation of non-internet IP addresses in the manufacturing world, private-sector companies should transfer the classic principles of multiple, redundant safety mechanisms and cybernetic control systems of high-resiliency industries to the field of cyber security in manufacturing.
