Security in industrial and manufacturing systems: how to face the challenge

Security in industrial and manufacturing systems: how to face the challenge

Security in industrial and manufacturing systems

The topic of IT security has certainly been one of the hottest and most debated in the corporate landscape in recent months. After years of neglect, the CDAs have finally understood the importance of a cyber risk prevention and management policy, thanks also to a situation in which cyber-criminals go crazy, blocking the operations of many companies every day through ransomware and attacks. of another type.

Awareness of cyber risk, however, is not yet as well developed in a sector that is racing towards digitalisation as that of industrial and manufacturing machinery. From factories to textile industries, passing through precision mechanical industries and energy distributors, all devices are at risk of compromise, especially by virtue of a new scenario that has been established for some time now and that involves every aspect of companies.

The new scenario sees a technological convergence to be carefully evaluated

With the emergence of the cloud and big data, many companies have started the process of business digitization, with important consequences both at of the processes and of the results achieved.

To remain competitive, in fact, a modern company needs a very strong digital integration, with every sector contributing to the power of the data lake and a very strong IT department able to analyze and transform this data into wealth and business tools.

But to contribute to the data lake, every piece of the company must be connected to the infrastructure uttura IT and this constitutes a major change from the past in the OT (Operation Technology) sector.

“Once upon a time,” - says Angelo Candian, Business Segment Manager - Digital Connectivity and Power at Siemens - “the machines lived in a network completely separate from the IT one and therefore difficult to attack remotely. Today, however, in the company all aspects must be connected to each other in order to feed the management software with the data coming from logistics, marketing, sales and obviously from the machines in force in the OT sector, whether they are production or of management. ”

“ This ”- continues Candian -“ serves to ensure greater competitiveness, a shorter time to market, improve the transparency of processes and optimize resources. To do this, the OT part must 'open up' to the IT one to allow dialogue and data passage, but the process is neither immediate nor trivial. In a production environment, everything must be done in such a way as to protect and guarantee production capacity, 24 hours a day, seven days a week. "

To move in the right way, therefore, you need to know every aspect of the production processes, network connections and security.

The differences between IT and OT fields

The first, big problem that industries and manufacturing have to face concerns precisely the personnel who must manage the integration process on a single infrastructure. “Very often” - confirms Candian - “there is a very marked dualism in companies: those who deal with the IT infrastructure know very little about how the OT infrastructure works and vice versa. For this, it is necessary to guide the personnel of the two worlds towards a common middle ground where they can begin to communicate. "

While in IT, protocols that prefer speed are used, in order to be able to move a lot of data in a short time , in the OT sector less performing protocols are preferred from a bandwidth point, but much more reliable as regards the latencies which must be absolutely predictable and constant.

After all, a machine can produce dozens of pieces per second and the synchronization with those that precede and follow it in the process must be absolute. It is necessary to be able to move a few kb of data in a few milliseconds, with a variation in latency that must remain in the order of microseconds. Needs that are completely different from those that are encountered daily in the IT sector and cannot be addressed with typical network protocols.

But the differences do not stop there and also extend to the type of work area. Most of the IT machines, in fact, are located in an office or in an environment designed mainly for white-collar work. OT machines, on the other hand, are very often in difficult environments, where they encounter high or very low temperatures, in dusty, humid or cramped areas, which make it difficult to respect the physical operating parameters. Not surprisingly, many OT machines are PLCs or rugged devices.

Finally, in the OT sector there is an aspect almost completely absent from the IT one: the physical safety of the operators working on the machine or in the environment surrounding. A machine has to check its status and that of its communications in real time, in order to instantly stop in the event of a malfunction.

How to develop the necessary skills

To cope with the huge amount of skills needed to secure an OT infrastructure, therefore, you will have to create a team composed of elements that come from both the IT and OT world and prepare it appropriately. The partner who follows the company in this process is usually able to provide both the consultancy relating to the organizational part and the necessary training.

"The approach we have at Siemens" - says Candian - " is precisely that of accompanying the company in this transformation, supporting trained personnel both in the technical and in the organizational part, in order to bring each plant to full compatibility with the IEC 62443 standard. "

The task it is not easy also because when it comes to OT, a huge number of solutions are grouped under the same hat, which instead cover very different areas.

"What is installed in a steel mill" - he says Emanuele Ermini, Sales Specialist DCP Team Leader at Siemens - “is very different from what is installed in the energy or logistics sector. The environments are very different, as are the temperatures and operating conditions. And in addition, we must take into account the case of making existing machinery fleets safe. "

Even existing and, perhaps, very dated machine fleets can be secured and brought to the norms of the standard with the addition of the right infrastructure.

"In industrial fields" - says Mauro Cerea, Cybersecurity OT Manager at Siemens - "it is very common to find machines with obsolete operating systems, even Windows XP, which are not patched to avoid problems during operations they monitor or for which updates are no longer available. In these cases, we often resort to "whitelisting" techniques to circumvent all technical limitations and ensure security. In other areas, however, where one has to do with even more previous protocols, perhaps analog, machines are inserted that act as a 'bridge' between old and new technologies, digitizing the output data and transforming the commands into analog. inbound. In this way, fleets of machines can be preserved which, despite their age, still have a lot to give ".

Covering all the possibilities, therefore, is a really complex task and the best way to tackle it is to exploit the skills of partners who have extensive experience on the market and can take advantage of the transformations already faced to find the most suitable solutions for each new individual case, in order to bring the OT infrastructures to offer the necessary resilience to the challenges that cyber-crime scenarios is drawing in these difficult years.

Powered by Blogger.