By Tom Gilheany, portfolio manager of security training and certifications, Cisco Services
As industrial networks interconnect with enterprise networks, information and operational technologies are merging. In addition, there is a massive surge in the number and type of connected devices and machines. Amid this digital shift, stepping up network security is imperative. For today’s plant manager, the challenge lies in identifying and developing the right strategies to tackle today’s cybersecurity challenges head-on and prepare employees with skills to proactively mitigate risks in the future.
The IIoT Security Challenge
The Industrial Internet of Things (IIoT) presents a security challenge on a scale never seen before. IIoT leverages the power of Internet Protocol networking to connect industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems with enterprise business logistics. In layman’s terms, the IIoT is a wired or wireless network of physical objects, systems, platforms and applications. Each of these objects, systems, platforms and applications interacts with the others, gathers information and shares it.
Hooked into the IIoT are sensors and controls of all types, as well as mobile devices like smart phones or tablets, as in the consumer-focused IoT. Underlying these devices is software performing a wide range of functions. The main IIoT security issue, though, lies in the vast array of machines that are currently connected or might be one day.
Security becomes a tremendous challenge with the IIoT’s sheer complexity, diversity and potential size, plus the critical nature of many of these connected machines. How do you keep all of these networked things safe from hackers? Every component and every connection is a potential vulnerability.
However, security is often not top of mind for manufacturers and industrial companies. They want to connect their business systems to more quickly take advantage of new capabilities. In the rush, many are doing so without a security background. Or without fully understanding the security implications of how their new, connected devices and sensors affect the overall security of the organization or factory where they’re being installed. Consequently, a part of or even a whole factory can be shut down or damaged by security issues in newly networked or connected equipment.
New Skills for the Connected Factory
Today’s connected industrial environment calls for a new set of skills. A highly autonomous assembly line is now possible. The production line can automatically reconfigure and optimize itself and produce at scale customized products in custom-sized batches, with full tracking and connectivity to sales and ordering systems, Enterprise Resource Planning (ERP) systems, Work In Progress (WIP) inventory, supply-chain systems, and delivery and order-tracking systems. Throw in collaborative robots, or “cobots,” that work alongside humans.
Not only multiple skill sets but a breadth of skills across silos and specializations are needed for this technology set-up. It requires a whole new category of technology professionals. They understand the interconnectedness of IT and OT. They recognize that the IIoT is really about digitizing business processes far more than it is about digitizing things or their connections. And for the IIoT to work, operations, IT and business units need to communicate effectively.
In addition to machine protocols, it’s critical for IIoT security that IT and OT professionals know IIoT standards and how to bolster existing control systems, which weren’t originally designed to be connected to enterprise networks but are now in the connected factory.
General cybersecurity skills are also essential, of course. Among these are the ability to:
- Develop secure software to thwart future cyber events.
- Analyze networks and systems for potential vulnerabilities.
- Spot intrusions, leaks, or data breaches quickly, preferably as they happen.
- Stop incidents and repair any damage to network or system integrity.
To make the most of this opportunity, it’s imperative that plant managers enable employees by providing hands-on training in the right IIoT security skills and professional certifications to demonstrate validity of those skills.
Securing Your Connected Factory
The IIoT is the biggest change to hit industry since the invention of electrical power and the discovery of oil and gas. The tricky part is that many organizations are not sure how to identify which skill sets or certifications their employees will need. As a result, almost one-third (31 percent) of major global corporations reported they face a big IIoT skills gap.
How can you get ahead of this skills gap? How can you enable your employees with the right security skills? And how can you, as the plant manager, ensure that your team is up-to-date on the latest security threats and risks? Using the guidelines above as a benchmark, your organization can hire certified talent and develop internal talent through continuous learning and training. By enabling employees with continuous training and learning, your organization is best positioned to create and maintain a secure IIoT environment.
About the author
Tom Gilheany is the portfolio manager of security training and certifications within Cisco Services. Tom holds a CISSP, an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.