Have you also been to the last trade fairs and congresses on IIoT and Industry 4.0?
It’s so simple: collect, evaluate, analyze data, and everything gets better. Right?
Predictive maintenance for efficient servicing and maintenance of systems.
Historical data to increase production quality or quantity or to improve traceability (e.g. in the field of waste water, energy, pharmaceuticals).
Logistics in the production halls with formerly central monitoring of individual machines and plants, which send their production status to a central data management system.
There is great potential. But often data is first collected, the IIoT gateway to the new analytics is put into operation in the cloud and then we look at how analytics can improve something.
If you decide to use some or all of these potentials, please consider the following: The availability and integrity of the additional data connections and their data – and in some cases the confidentiality of these – must be a clear requirement and premise. Usually it only takes a few inquiries to identify and assess the corresponding risks.
Two examples of the problem:
- Power generation, Historian extension, several additional data sources, central database, access via standard web browser.
Since the in-house IT naturally has a security protocol with requirements for data encryption, data connections and firewall rules, an Internet access is ordered from the provider and connected to the production network. Quick and easy. - Gear manufacturers, many individual systems for machining gears, new systems with versatile drills and milling machines are constantly being added.
The employee who used to drive through the hall with a forklift and collect the semi-finished tools and finished gears is being replaced by a central logistics solution in the cloud and driving robots. What was previously separated out individually is now networked and directly accessible on the Internet.
It only takes hours to detect these connections from the Internet, scan the network and systems that can be reached in this way and start the first intrusion attempts.
Three points to the solution:
- There must be a person responsible for OT-IT security in production
- The Ethernet-based network must be segmented
- Monitoring the behaviour of systems and equipment and detecting anomalies round off the security infrastructure
With this approach, you can “structure and see what is going on in the network” and act accordingly if necessary.
All trademarks are property of the respective manufacturers or companies.
Blog article in cooperation with our partner Achtwerk GmbH: acht-werk.de