A gaffe by a Verizon vendor who uploaded data to an unsecured cloud gave cyber criminals a potential gateway to six million accounts. Is the cloud a safe place for manufacturers? Or could your private data—and potentially your operational functionality—be put at risk?
The short answer is that experts believe the cloud, used properly, is the only way forward for manufacturing. Some solutions include segmenting operations into those that may use the cloud and those that are disconnected from the Internet. Others say the cloud not only improves business processes and prospects but also improves cyber security.
According to Infoholic Research’s “Worldwide Cloud Implementation in Manufacturing Market: Drivers, Opportunities, Trends and Forecasts, 2016-2022,” cloud adoption in manufacturing provides “a single platform for tracking and managing direct and indirect sales channels,” freeing up time to launch new products and invest in improvements rather than operations. It reduces time to market, enhances productivity and allows for more precise on-demand manufacturing. It may even enhance your risk management capabilities.
Cloud computing is just one component of a digital production experience, according to the Information Technology & Innovation Foundation’s “How Cloud Computing Enables Modern Manufacturing” report. You’re already using wireless, advanced sensors, computer-aided design and engineering software. ITIF argues that cloud computing is essential to smart manufacturing—from enterprise resource planning and financial management to analysis of data, supply chain integration, and employee training. “The cloud is fast becoming the central venue for data storage, analytics and intelligence for most manufacturers,” the ITIF says.
One of the great benefits of the cloud is its ability to expand or contract without reconfiguring manufacturing systems. It also allows the adoption of many new production systems, such as 3D printing and industrial robots. Manufacturers establish their own access parameters, enabling select users to have access, but the cloud provider executes security protocols and access monitoring so the manufacturer can focus on its industrial processes and sales instead of cyber security. That’s a major factor in efficiency.
While cloud providers can typically provide much better cyber security than manufacturers can perform in-house, getting security right is a collaborative effort between the industrial client and the cyber vendor. Cyber security is a customized solution, according to Lane Thames and Dirk Schaefer, editors of Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing, a compilation of essays by cyber experts in the manufacturing field. Manufacturers should consider using direct-to-machine communications to limit and protect the flow of information to internal and subcontracted factory floor devices, according to the book. Such restrictions complement perimeter security and reduce the chance of proprietary losses to industrial cyber spies.
The book additionally provides some interesting pointers on detecting cyber intrusions, including malicious modifications to the behavior of industrial control systems. Monitoring of network traffic is essential for early detection and response. In fact, the editors say, “cyber attack detection and response mechanisms can be integrated into a software-defined cloud manufacturing system,” and they describe such an algorithm, which uses “a collection of neural networks whose outputs are fed into a neuro-evolved neural network oracle.” The oracle’s output provides feedback to “active response mechanisms” inside the cloud manufacturing system.
Closing your manufacturing processes off from the net is not going to be a viable option as smart manufacturing evolves, some argue. You’re going to have to “take the security fight to the cloud,” as Eric Knapp told attendees at the June 2017 Honeywell Users Groups Americas symposium in Texas. “We can use massive data stores and analyze them to find threats.”
New capabilities include “dynamic rules,” according to Automation World, which reported on the Honeywell symposium. Dynamic rules enable an operator to stay a step ahead of a cyber-security breakdown through the use of manufacturer-specific business rules within the security software that cause the program to look for cyber-attack indicators, pinpoint them for the operator and specify a response.
Another recently deployed application provides protection against USB-transported malware by implementing a gateway device in your plant. That device doesn’t connect to your process control network, but it does send USB files through a cloud-based analytics program, which shoots back an all-clear for the device, which then receives permissions to access the manufacturer’s protected system. If the gateway program finds USB problems, it will quarantine the files that are hazardous. That allows the USB to transmit work files—but only those that have been declared safe. The gateway relies on the cloud because such an in-depth scan of USBs could not be accomplished locally, not while keeping the device affordable and manageable on site. When the scan is transferred to the cloud, however, the scale of the threat detection increases geometrically. Honeywell’s version, called ATIX, which operates only on Honeywell products, is a “self-learning organism,” Knapp said. It uses information learned about one threat to inform its detection scans across its networks.
Using the cloud wisely for both manufacturing operational needs as well as cyber security allows industry to move forward on advanced-computing processes, recordkeeping, tracking and communications without clinging to the “air gap” mentality that keeps systems disconnected from Internet networks. Such loss control efforts can minimize or prevent paralyzing, expensive cyber-related incidents.
About Precision Manufacturing Insurance Services
Precision Manufacturing Insurance Services (PMIS), specialists in insuring manufacturers and metal service centers throughout California, can provide you with the property insurance coverage, including Cyber Liability insurance, you require, HR assistance and the loss control services you need to help manage your risk. We can also review your entire portfolio and advise you on other areas of business protection. Give us a call at 855.910.5788.
Sources: Advisen, Infoholic, ITIF.org, Automation World