The rollout of connected objects in industry entails cybersecurity risks. Operational technology specialists need security support.
Traditionally, two separate communication spheres have coexisted in industry: IT (information technology), i.e. central infrastructure (administration, HR, etc.), and OT (operational technology), i.e. communication systems tying together factory production areas. The two are now beginning to converge. With the rollout of connected objects – primarily sensors – on the shop floor, the IT security risk has become serious.
Why? “These objects can communicate with each other. Previously, the sensor transmitted information to a central unit, which forwarded it on to another sensor. Now the two sensors communicate directly,” says Actemium Business Development Director Thierry Delpech, who co-chairs a cybersecurity working group covering the VINCI Energies brand that specialises in solutions for industry. Such direct communication is known as M2M, machine to machine: there is no human involvement now when machines communicate via wireless networks such as Wi-Fi, Bluetooth, and RFID or low power wide area networks such as Sigfox, LoRa, and Quowisio.
How can the veracity and integrity of data exchanged between two sensors be ensured? When these smart objects use a 2G, 3G, or 4G cellular network to exchange information, they apply encryption keys and conformity certificates. But when two objects communicate directly with each other, these methods of verifying information are absent. This, says the Actemium expert, is the source of the danger.
As Thierry Delpech sees it, “OT needs cybersecurity support.” Technical solutions exist. Specialised Actemium teams start by mapping industrial networks and identifying all connected equipment. They then install parallel sensors to feed back information about connected equipment (serial number, IP address, etc.) and detect vulnerabilities. Lastly, corrective and preventive action is taken via analysis and self-learning systems applied to the information frames transmitted via the networks.
“In industry, as long as a system works it isn’t changed, in contrast to what happens in the IT sector, where updates are standard operating procedure,” says Thierry Delpech. “I know of industrial sites that are still using Windows XP, which Microsoft no longer supports.”
Of course, the new generation of sensors will be able to perform self-diagnosis and predictive maintenance can repair any defects detected. But meanwhile, a new danger is now lurking as production management platforms are moved from office PCs to the cloud – a new challenge that can be met by service providers like Actemium and Axians, which are able to handle security in both OT and IT, respectively.