Although security is a given in traditional office IT, that isn’t the case for the world of IOT. In an industrial environment, in particular, this can lead to risks that can jeopardise continuity of production.
Production facilities are increasingly becoming targets for cyber attack – and often present vulnerabilities that are easy to exploit. This factor alone makes it necessary to have special protective measures in place. But the level of security at industrial facilities is still surprisingly poor. The reason can be found in the specific demands made of protective mechanisms. But even so, inadequate protective mechanisms expose manufacturers to the risk of production outages.
In an office environment, standard products and procedures are well known and established. But the situation regarding IOT devices is different. Standard IT security products often cannot be used: the processes are not transferable because networked industry has its own rules and regulations. Demands in terms of availability are very stringent, and downtimes are not acceptable. Often, additional software cannot be installed on these machines to avoid jeopardising production processes. Updates are virtually impossible, since rebooting would interrupt production and is therefore largely out of the question.
In addition, the technology in the factory halls is often antiquated from an IT perspective. While office PCs are generally replaced every five years, a production plant is often used for 20 years or more. That means security products have to cover several generations of systems. State-of-the-art Industrie 4.0 systems just aggravate this problem, since they often use special network protocols that do not match those of traditional IT networks. And network communication is often proprietary, or in other words the manufacturers do not make the interfaces open.
The special conditions often extend to the tiniest component: IOT components like sensors generally have to be made as small as possible, use minimal electricity and cover a wide range in wireless networks. The demands of security typically run in the opposite direction. Even encrypting network data uses more electricity, since more powerful processors are needed, and these also take up more space.
The difficult nature of security requirements in IOT for industry quickly makes security solutions cost-intensive. There is no off-the-rack software in such cases. SMEs in particular face problems as a result, since they lack not only the staff to deal with security strategies, but also the relevant expertise.
Implementing the right security strategies for Industrie 4.0 therefore still requires a bit of research. The scientific world knows about the problem: various projects by the Fraunhofer Institutes are devoted to this task, since entirely new analytical and protection processes will have to be developed in the longer term.
A separate article will look at the organizational side of IT security in production.