This week at the Rockwell Automation Fair in Houston, an over-riding theme was the role of cyber/information security in enabling the “Internet of Things” for industrial manufacturing. For those of you who are not “in the know” on all things high-tech, the Internet of Things (or IoT for short) is the latest and greatest of buzzwords in the world of Information Technology, and it is now gaining traction in the realm of industry.
In its most basic sense, IoT from an industrial manufacturing perspective has to do with leveraging technology to connect the plant floor to the enterprise (business side of the organization) and/or the Internet in a way that enables smart decisions based on analysis of key data points. Or, as Keith Nosbusch, chairman and chief executive officer for Rockwell Automation, put it during his opening address at Rockwell’s Automation Perspectives kickoff event, “A world where billions of smart things and machines are connected to the Internet.”
Citing statistics compiled by Cisco Systems, Nosbusch said the global IoT market represents $14 trillion in value, 27 percent of which is in manufacturing. With so much potential revenue at stake, Nosbusch said Rockwell believes IoT will accelerate the adoption of the connected enterprise, driving demand in manufacturing for such IT-centric concepts as cloud computing, mobility, and big data analytics.
Amid all of the optimism and excitement around IoT, the focus on the crucial role of security was at the forefront of just about every briefing I participated in during my two days at the Automation Fair.
EtherNet/IP & Security
Rockwell’s intense focus on security has much to do with its bet on EtherNet/IP as the protocol of choice for enabling industrial communications going forward. Rockwell has partnered with Cisco Systems to build out its “Connected Enterprise” approach based on EtherNet/IP, a protocol Rockwell developed in the 1990s, which is now managed by the Open DeviceNet Vendors Association.
At last year’s Automation Fair in Philadelphia, EtherNet/IP was the key focal point in much the same way that security was top of the discussion at this year’s event. And the transition from Ethernet to security makes sense, as the success of Ethernet as a mechanism for "connected” industrial manufacturing scenarios depends on a robust cybersecurity approach.
While Ethernet offers several compelling advantages, notably its ability to easily network industrial machines with traditional IT-based systems, connecting industrial manufacturing to the Internet is something that is greeted with hesitance among some end-user groups.
“As we’ve worked with Cisco over the years, we’ve worked very hard at creating a connected enterprise vision, which is our view of the technology moving manufacturing forward,” said John Nesi, vice president of Global Market Development for Rockwell, during his presentation at Automation Perspectives. “But a lot of that comes with concerns on the part of our customers.”
The two key worries Nesi cited were cost and security. Regarding security specifically, Nesi said Rockwell and Cisco are committed to proactively addressing end-user concerns with technology and best practices for securing systems in connected environments.
Tackling the Cybersecurity Challenge
During the Automation Perspectives kickoff event, Robert Soderberry, senior vice president and general manager of Cisco’s Enterprise Networking Group, provided some basic building blocks for establishing a secure foundation for industrial IoT, including:
1. Access Control: “A lot of people when they think about security, they think about this box right here—a firewall. Firewalls are very important for security architecture, but if your security architecture is a firewall, you’re essentially unprotected. You have to be much more aware.”
2. Awareness: “The first thing you have to be aware of is the content—what is this traffic that is moving around my network? You need to be aware of that content at a deep level, using things like deep packet inspection engines to understand what that content traffic is. It may look like good traffic, but be bad traffic, and so on.
“The second thing you need to be aware of is the context. What’s the thing that’s coming onto my network? What’s its identity? What’s the device? What kind of data does it produce? And you want to be sure of that identity. Is this device actually in the location it says it’s in? Is it actually my device, or is it somebody else’s device? How do I securely connect into that?
“Then I can marry context and content to make some interesting decisions. I’ll let a machine with this type of signature come into the manufacturing network, while a monitoring system with a different signature has to stay on the guest network.”
3. Understand the Threat Landscape: “Who are the bad guys? What are the bad guys trying to do? What actions are the bad guys likely to take? What actions are they taking now, and what is the next thing I need to do to protect myself? All that information comes from being threat aware—understanding and being able to detect things like advance persistent threats, malware, and all of the subtle layers of threats that come into the environment today.”
One of the complicated aspects of cybersecuring industrial manufacturing environments is that most of the work will be on existing systems rather than in greenfield scenarios. “The gross majority of implementation will have to occur over time,” said Mike Asante, advisor and director for the National Board of Information Security Examiners (NBISE), during his Automation Perspective’s presentation. “We’ll have to take legacy technologies; technologies that existed when security really wasn’t required because understanding that these systems would one day be connected with business systems or to the Internet was not something that the designers originally thought of.”
In contemplating the key to a successful cybersecurity strategy, Asante said, “If you’re going to tackle security—you’re going to make enhancements—you need to do it with a strong partnership and trust with your automation supplier. They understand the technology that they’ve given you, and they’re the key to understanding what can be done to secure that technology.”
Cyber Threatscape & IoT Opportunities
So, as industry moves toward an IoT approach, cybersecurity is a critical piece of the puzzle. But just how persistent and dangerous is the threat? According to Asante, not only is the cyber threat real, it is growing more targeted and structured. In fact, he said some estimates show up to $2 billion is being invested annually in cyber attack tools designed to enable advanced and targeted cyber attacks. Further, and perhaps more concerning, he said up to 94 percent of the victims of these advanced attacks aren’t the ones who detect them. Rather, he said notification typically comes from an outside organization that, in most cases, discovers the attack when information that belongs to the victim is found on an external server in another part of the world.
And while the cyber threatscape is growing more advanced and complicated, Asante said the move to create systems and best practices to meet the cybersecurity challenge is underway and gaining necessary momentum.
“What we’re doing is establishing underlying expectations on what we’re demanding from the technology, and I think that’s really critical,” said Asante. “What Cisco and Rockwell have brought to the table, if you will, are two big, important concepts. One is that security quality matters; and that means that in the technology that they deploy, they’re going to have security—it’s not a feature that you buy, it’s going to be inherent in the technology all the way from the network platform level to the applications and down to the actual devices,” he said. “The other element is that they’re going to invest in developing security features.” These features will allow the customer to make the decision to add more robust security to their systems as necessary.
“So, I think you’re going to see a diversity in approaches to providing security, but some common expectations,” said Asante.
To further the dialogue on industrial cybersecurity and IoT on an ongoing basis, Rockwell announced the launch of its Industrial IP Advantage online resource center. The site, which is located at www.industrial-ip.org, offers a community-based approach to discussing and learning about trends, developments, implementation advice, and opinions on the use of IP in industrial applications. It offers tutorials, videos, infographics, discussions, and other similar materials on topics such as Energy Management, Mobility, Security & Compliance, and Remote Assets & Services.
You can find PDF downloads of the presentations from the Automation Perspectives event here.