Home > Cybersecurity
With the digitalization of companies, Industry 4.0 and Smart factories, all indicators are green for a major evolution in industrial information systems.
But in the heart of these hyper-connected information systems, there is a new threat: The malware intrusion, the taking over control of installations operating systems, and the theft and/ corruption of data.
How can we combat this threat in a world which highlights production and performance more than intrusion and computer infrastructure?
An environment that makes usual approaches to IT security difficult
For many years now, experts in computing and networks have been preoccupied by computer security, but the industrial information system is not comparable to the information system of the company as this is normally managed in a centralized way by the Information Systems Organizations..
An industrial information system is much more heterogeneous because numerous production devices are delivered with the automation, without the industrialist really being able to choose or know the content precisely.
Furthermore, the life-time of the automation in these devices is much longer than that of a PC, often by 5 to 10 times, and obsolescence in one part of the group of devices is not necessarily detrimental to Production which especially requires reliability and stability.
The exploitation and maintenance environments are also very different, because priority is always given to the availability and operational security of the installations. In addition, the people working on the industrial information system are not all IT experts. Therefore, due to the diversity of their profiles and skills, indispensable in Production, all messages must be adapted to make them comprehensible and easy to apply.
Industry 4.0: what impact?
The development brought about by Industry 4.0 essentially falls into 3 categories:
- Market evolution associates more and more data to the Product. These data could address the problems of the complex control of production processes. These data could come from the personnalization of the Product or from traceability or quality processes. In a market which focuses more and more on service, “data” and “product” are inseparable.
- Market demands make interconnections between the different business sectors within a company indispensable i.e. connecting Sales to Factory, R&D to Production, and Maintenance to Quality. These relationships, which have become indispensable, naturally mean that stronger interconnection of information systems is required, whereas until now separation was the most commonly-used protection mode.
- Finally, new technologies, connected objects, cobots, big data and AI are important catalysts in the transformation of the Company insofar as they allow previously unimaginable performance. However, they have the tendency to remove the separation between systems and so break up the present architectures.
As there are always more data and information systems are more open, the result is the need for more complex production tools and an increase in the number of entry points in the industrial information system.
When cyber security rhymes with common sense
When the operational and technical context is in rapid evolution, and traditional computing methods are difficult to apply or are insufficient, how to proceed?
All experts agree that it is necessary to use a common sense approach which above all consists in mastering the components of an industrial information system, and to apply good practices leading to this. This includes system data flow charts, configuration and access management, or business continuity plan.
This pragmatic approach is naturally not the be-all and end-all, but it will significantly contribute to the powerful defense of an industrial information system.
In this well-controlled environment, it is therefore possible to put into practice the traditional computing technologies such as network segregation, monitoring of user access, etc.
SPC, a long-standing player in automation and industrial information systems, has excellent knowledge of these systems and their architecture. Our consultants can assist you, using a practical approach of cyber security, making a Data Flow Chart of your systems, analyzing the risks, and defining and implementing good practices.
Our priority is to assist you with a pragmatic approach to leverage cyber security.