The potential of the Industrial Internet of Things (IoT) is bound only by the limits of our creativity. But its realization will forever be tied to security.
We’ve seen this trend play out among early Industrial IoT adopters in the oil and gas industry, where there is tremendous motivation to adopt networked technologies and smart sensors. Many oil and gas facilities, especially offshore platforms, are located in environments we call “4D” – dirty, distant, dull and dangerous. In these harsh areas, automation and remote management can increase efficiency, improve performance, and enhance profitability. But most importantly, they keep people out of harm’s way.
For decades, the industry has primarily used closed, private networks to control critical plant functions, or Operational Technology (OT). But in recent years, oil and gas companies have been among the first to explore IoT applications that enable more widespread and cost-effective monitoring and control of facilities, along with reduced cost and increased flexibility. By definition, Industrial IoT applications require moving data from existing OT systems to the internet. Doing so in a secure manner is of paramount concern.
With 25 years of experience in smart sensors, wireless technologies, and digital automation, Emerson delivers a wide array of networked OT solutions to oil and gas and other industries. As we help lead the evolution to Industrial IoT today, we’ve seen one universal truth: the growth of Industrial IoT applications will be dictated by the level of trust in its security.
Securing the Industrial IoT requires focus on four zones that comprise most applications: sensors that remotely gather data, the “first mile” on-site OT networks that convert this data and securely connect it to the internet, software that stores and processes the data to generate valuable insights, and finally, the people who design, manage and use these networks.
Emerson recently expanded its highly sophisticated Plantweb ecosystem to help manufacturers securely address these four zones as they adopt Industrial IoT to automate processes and maximize efficiency.
With connected devices monitoring and controlling industrial processes throughout a manufacturing facility, the potential exists for attacks that might manipulate devices in critical OT systems that control plant processes – which could mean harm to people, production or the environment if misused.
This threat requires new thinking on device security. Emerson helps customers deploy devices and wireless networks that measure and track everything from energy efficiency and hazardous gas leaks to corrosion and maintenance needs. These devices and networks are designed with always-on security capabilities front and center, with features such as encryption and key management. This high level of security makes them suitable for use in critical OT systems.
2. The “Secure First Mile”
The term “last mile” was first used in telecommunications to describe connections between individual homes and businesses to the core network that carries communications across the globe. With Industrial IoT, we are concerned with the export of data from individual facilities into the broader enterprise network – the “first mile” of communication.
These first-mile communication connections must be designed to allow companies to selectively connect highly secure OT data with highly secure private or cloud networks for real-time analysis. This is all about ensuring that only the desired data is sent, only to the designated recipients, in such a way that intrusions into the OT systems cannot occur. A secure first mile ensures one-way transmission of data out to a broader Industrial IoT network, making it impossible to send potentially malicious information to devices and potentially impact the operation of a facility.
A secure first mile can be achieved using a tiered network infrastructure to connect the OT network to the internet. Tiered networks provide security by protecting different tiers with specialized firewalls and applications. In some configurations, inbound communication can be completely disabled to prevent potential intrusions.
3. Data Storage & Software
Smart application software is key for analysis and extraction of insights that result in business value. It’s also the third zone of security that must be considered for Industrial IoT deployments.
There are two models where data and application software can run in Industrial IoT deployments: an internal, company-hosted computing environment or a third-party IoT environment. In the internal-hosted environment, the in-house IT department takes the necessary steps to safeguard data and application access.
Some companies are considering third-party outsourcing, sending their non-critical data out for analysis and insights. In this scenario, companies will rightly have many concerns around how their data will be secured, clarity of ownership, regional legislation, who has access, etc.
Many third-party application providers (such as Emerson) are taking advantage of leading cloud computing environments, such as Microsoft Azure, which have already proven themselves in these areas among IT departments of many leading corporations. Generally speaking, this approach is well-accepted because it relies on services most companies have already vetted, and have met the most stringent global security certifications and regional requirements.
4. People and Policies
The fourth zone of Industrial IoT security is physical access to equipment and networks, which requires clear security policies that are known and understood by all employees who interact with IoT network elements.
Access to equipment and software should be limited to employees with a direct need, and access to facilities where Industrial IoT is deployed must be strictly controlled to maximize both the security and value of data. Unauthorized physical access to sensors and equipment can result in increased security risk as well as the potential for degradation of valuable data. Even inadvertent disruption of sensors or controls can reduce performance in some cases.
The promise of Industrial IoT is undeniable. But if the right attention is not paid to security in these early years, it will take only a few security breaches with deleterious effects to dramatically dampen enthusiasm for this game-changing technology. Industrial IoT providers that are focused on secure solutions will be the trusted players in the months and years to come, and the ones that help companies explore the creative boundaries of what’s possible with Industrial IoT.