Cybercrime costs the global economy an estimated $400 billion per year. Attacks can target anyone or anything with a digital presence, and they can come in many forms — from a malicious hack halfway around the world to the insertion of a USB device into an unguarded computer port in an organization's facility. Companies also can face well-intentioned internal threats from employees or others in the supply chain who make accidental, but costly, mistakes.
In the industrial world, security risks are a growing concern as more companies develop a Connected Enterprise to capture the value of the Internet of Things (IoT). This greater level of connectivity offers nearly limitless opportunities for improving a company's operations and reducing downtime, but it also can carry risk if not implemented properly.
Original equipment manufacturers (OEMs) are increasingly taking on the responsibility of helping protect their customers' critical production data from internal and external threats. This includes providing smart machines and secure connections, as well as following security best practices, to help keep customers' operations running and to support critical information-sharing priorities within their enterprise.
OEMs should understand the problems industrial security challenges pose today, and the steps that fellow OEMs are taking to help protect customers' sensitive data.
Security Matters
Think of any organization that recently made headlines as a cybercrime victim. It might have been a major retail chain, or a movie studio, or maybe even a government.
The truth is this: No entity is safe from cybercrime, including manufacturers and other industrial operators. In fact, one in five manufacturers admits that security breaches have led to intellectual property loss.
The idea of an individual or organization gaining access to a company's intellectual property, trade secrets and employee or customer data is no longer a nightmare that haunts only a company's IT department. It's on the minds of most company leaders, as well as employees and customers.
Machine and equipment builders are stepping up and playing an increasingly important role to help protect customers' critical production information — as well as their own intellectual property — from cyberattacks, whether those attacks are internal or external, malicious or unintentional. As OEMs are providing smarter machines that provide greater connectivity within their customers' converged networks, they are also helping ensure customers have a secure machinery-to-enterprise information flow in place.
To help illustrate how industrial organizations around the world are working to enhance cybersecurity and protect customers against brand-crushing cyberattacks, representatives from four global OEMs recently shared their experiences and advice on the subject.
Securing Remote-Access Applications
Gianluca Battistoni, key account manager for Loccioni — an Italy-based producer of measurement, testing and assembly equipment — says the demand for security is very high in the automotive, home appliance and industrial components industries. The company has moved from a hardware-controlled security approach to a software-based security system to provide customers greater flexibility.
Battistoni also sees a challenge in delivering the benefits of remote access while addressing customers' security concerns. Remote access enables OEMs to respond to critical situations or provide ongoing maintenance support without the time and travel costs associated with visiting the end user's facility. This can help minimize downtime and cut operational costs throughout the machinery's life cycle. However, the benefits of this key enabling technology can only be fully appreciated if the connection is secure and the customer has peace of mind that their sensitive data is safe.
“Remote access is more and more subject to strict customer control,” Battistoni says. “We have to interface with the customer's security infrastructure. Five years ago, we could have stored our preferred system on the machine. Now, the customer controls access more.”
Michele Rasi, technology and innovation manager at Rockwell Automation OEM Partner Tissue Machinery Company — an Italy-based producer of packaging and tissue/wipe machines for paper mills — says his company uses VPN connections for remote access applications. It provides engineers and support staff the access they need to help address customers' maintenance or production issues, but the connection is open and accessible only for limited periods.
Beyond remote access, Rasi says providing customers with secure access to machine performance software and the sensitive data within the software is an ongoing challenge.
“Passwords are an important first step,” he notes. “Hardware solutions can also filter information coming over the Internet to protect against the possibility of someone viewing or copying the software.”
Requirements Differ Globally
Rasi also sees challenges in the varying security requirements around the world. Even within the same company, the needs can be different depending on where the customer's facility is located.
“In China, Russia and Eastern Europe, we are allowed to gather more KPI information,” Rasi explains. “The U.S. is more conservative, and this can present a challenge for us because we need to understand how often machines are stopping and why they're stopping.”
Many companies in Western countries are taking a proactive approach to identifying security vulnerabilities and protecting customers from cyberthreats and information leaks.
Wulftec International Inc., a Quebec-based Rockwell Automation OEM Partner that produces stretch wrappers and pallet machines for food and beverage, pharmaceutical and other industries, is among the companies that joined the Customs-Trade Partnership Against Terrorism (C-TAPT) program. The public-private partnership program is voluntary for global trade businesses, transportation companies and manufacturers seeking to strengthen their international supply chains. The U.S. Customs and Border Protection runs the program, but has arrangements with Canada, Mexico, the European Union and several other countries.
“We chose to take an active role in helping protect our customers' sensitive information,” says Priscille Tremblay, sales director for Wulftec International. “Becoming a C-TAPT partner assures our customers and the authorities that we are a secure company, and that our employees and vendors are secure.”
Additionally, Wulftec International maintains a database of machine serial numbers, which allows the company to track any changes that have been made to a machine during its warranty period. Tremblay also says nondisclosure or confidentiality agreements are standard practice these days to help protect intellectual property, and the company doesn't share detailed drawings other than CAD drawings without such an agreement in place.
“Customers require a lot more documentation protecting their intellectual property,” Tremblay says. “Protecting their information is absolutely essential, and we make it a top priority.”
Security Equals Safety
Vladislav Hermann, president of HSP Inc. and U.S. representative for Rockwell Automation OEM Partner INCO Engineering — a producer of vertical, inclined and horizontal transport equipment for underground mines — says equipment security and reliability is especially important in the mining industry. Cyberattacks that affect mining equipment applications can jeopardize lives.
“Applications are safety critical, particularly in deep-shaft mining for coal, copper, uranium, gold and silver, because you are bringing possibly 50 to 60 metric tons of material up from a mile deep,” Hermann explains. “People and materials being transported must absolutely be kept safe.”
To help keep such underground operations safe, INCO Engineering developed a remote-monitoring system that allows its service experts to monitor customers' equipment from a central facility in the Czech Republic, where the company is based. INCO Engineering service engineers can view real-time machine data, such as from a customer's hoist-controlling system, and immediately alert local service personnel at the mining site if they see any abnormalities or critical status information.
Protect the Connected Enterprise
Establishing a Connected Enterprise and taking full advantage of the IoT presents significant opportunities for smarter, streamlined and more efficient operations for industrial customers — but it also presents risks. OEMs serving industrial customers in today's highly connected world should take an aggressive stance when it comes to protecting intellectual property, preventing unauthorized access, and providing secure remote access.