Key technologies defining smarter factories: data security

The data collected and stored in each IoT device is an attractive target for hackers, who can also use one IoT device to reach other connected devices. The hackers might hold the data, or the system itself, hostage to obtain a ransom. Alternatively, they could sell the data retrieved on to a competitor. There is even the potential, under certain circumstances, for hackers to take control of entire plants. 

Data breach cost trend

The life cycle of a data breach is the number of days needed to identify the breach plus the number of days needed after this to contain the breach. According to the recently published “Cost of Data Breach Report” by IBM, the average data breach life cycle has increased from 247 days in 2017 to 279 days in 2019.

Data breaches that are identified and contained within 200 days cost 40% less than breaches that take more than 200 days to solve. Therefore, the average cost of a data breach is trending upward. To keep costs under control and minimize risks, here are some suggested proactive measures that should be considered.

1. Isolation: Isolating an infected system allows other systems to continue operating as normal. In addition to using the conventional steps (identify, isolate, report, disinfect and restore), a smart factory can fight cyber threats by working proactively and collaboratively. Security measures should be updated promptly, and employment of more complex authentication is also advisable. In addition, the business might consider adopting new technologies, such as Blockchain.
2. Routine self-assessment: Establishing a root of trust is pivotal when looking to shore up industrial systems, as this will give an immutable identity to each of the nodes within a network – enabling them to authenticate one another before the passing of any data begins. In addition, secure boot mechanisms mean that only code that comes from a valid source and has not been tampered with in any way can be run during boot-up sequences, thus protecting the network against the infiltration of erroneous firmware updates. Public key data encryption (either based on RSA, or more likely ECC for industrial nodes) and hash codes will help to prevent “man in the middle” scenarios.Working with “white hat” hackers to identify malware may also be appropriate. Following the automakers’ example, those building security into a smart factory should do so during the design stage. A lesson learned directly from the Marriott hacking back in 2018 is the importance of data encryption within a secure system, which provides extra security even after a system breach has occurred. Also, by limiting the choices software developers can make on the designated application programming interface (API), a company can decrease the surface that is exposed to hacker attack. Behavior-and-rule-based analysis will help identify potential cyber threats by analyzing abnormal online human behavior, and will enable in-depth scrutiny of the network to uncover malware. It is also advised to exercise caution during security analysis. Penetration testing is a controlled form of hacking where a professional tester mimics the tactics that hackers follow to identify the vulnerabilities in a company’s networks. Finally, policies should be rigorously applied where all unused ports are closed off (to reduce the potential attack surface) and only communication with authorized servers is permitted.
3. Close communication with business partners: According to Mandiant’s “M-Trends 2017” report, most data breaches are in fact discovered by external sources such as business partners. Thus, by working with their partners, companies can significantly increase data security levels for each other.
4. Updating security measures and authentications: IoT devices are easy targets, because they lack an established security standard and often have outdated passwords or exploitable internal bugs. For example, botnet attacks often succeed in breaking into IoT devices by using a list of common factory-setting passwords. Security experts have recommended the establishment of minimum safety standards and best practices across the industry. These would include patching the system regularly, periodically changing passwords, using two-part authentication and restricting privileges for IoT devices. Also, hackers look for weak points in the network, particularly low-level devices (like connected thermometers) and out-of-date software. Therefore, the company needs to make all software updates promptly on all connected devices. Over-the-air (OTA) updates are the most effective means of doing this (as long as the necessary authentication precautions are taken), as having maintenance staff going around every device on a regular basis to make updates is clearly impractical. 
5. Post-hack forensics: In conjunction with mitigation and prevention, engineers and security staff can improve security with post-hack forensics. By going through database access logs, network traffic logs and file systems, it is possible to determine how the system was breached, what was compromised or stolen, and how extensive the breach was. Such audits may assist criminal prosecutions, as well as helping other industry members improve their security measures.
6. Use of blockchain: One major pain point of data breaches is the long time-lag between the breach and its detection. Blockchain technology appears to offer an effective way of addressing this problem. Every transaction on a blockchain needs to be validated by all the designated stakeholders. Because any changes are visible to each stakeholder, businesses can rapidly learn of any unapproved or unusual activity being instigated by hackers. 

Application of digital twins

In the previous blog, we looked at the many benefits that can be derived from the construction of digital twins (in terms of boosting operational efficiency and suchlike). Another way in which this idea is now gaining traction is through creating twins of security control systems, where all the critical assets and processes have been included.

This technology is intended to complement existing firewalls and integrate with edge computing infrastructure. The digital twin will monitor the network continuously and use artificial intelligence (AI) to detect attacks on the sensors. It will replace the compromised sensors with estimated readings to enable engineers to install new sensors while operation continues safely and reliably. 

What individual users should do

A coherent enterprise IT system security policy should be implemented as standard on the factory floor as it already is in offices. On the individual level, workers should use a unique, uncommon and strong password and adopt two-part authentication for each connected device. Also, research shows that hackers can often trick users into downloading harmful apps that sound like legitimate ones. These fake apps could run without permission and cause major information leaks. Therefore, the business may need to alert employees to this possibility and limit what they can download onto company devices.

Conclusion

A smart factory can ensure that sensitive data remains safe via proactive and collaborative measures, frequent software updates, better orchestrated authentication methods and employee education. A smart factory also needs to treat data security as an ongoing, long-term project, as hackers are continuously creating new techniques, such as embedding back doors into AI algorithms, so they can storm the fort.

What does this blog series cover?

1. Key technologies defining smarter factories – connectivity
2. Key technologies defining smarter factories – sensors
3. Key technologies defining smarter factories – the rise of cobots
4. Key technologies defining smarter factories – digital twinning
5. Key technologies defining smarter factories – AI
6. Key technologies defining smarter factories – data security