Cybersecurity and Hacking the Manufacturing Plant Network
We hear a lot about hacking into networks these days. Most recently the news has been about email and email servers. But hacking is hacking and if someone can figure out the passwords and break through the security for an email server there is no reason to believe that the same hacker can’t break into the server in a pharmaceutical plant, water treatment plant or power generation plant. We don’t spend a lot of time worrying that Wiki Leaks will get data on hacking into one of these but some of the more serious international competitors might. We wouldn’t be surprised to hear a news report that says China, Russia, Korea or Iran had hacked into a manufacturing facility and shut it down, or worse yet kept it going but created a dangerous condition for either the plant or the products they produce.
There are a lot of things manufacturers can do to prevent cyber-attacks. The only truly effective way to guarantee system can’t be hacked it is to provide no connectivity between the manufacturing network and the internet. But this is not often likely to be the case.
Modern manufacturing trends are taking us toward IIoT, the Industrial Internet of Things. IIoT is all about big data and machine-to-machine communication. Its foundation is in the concept that smart machines incorporating machine learning are better than smart humans. IIoT implies that these smart machines are interconnected in ways that allow them to accumulate huge amounts of data and enables them to analyze and improve the manufacturing plant and supply chain using this data. The question then becomes: how do manufacturers increase the flow of data to enable success of IIoT, while at the same time protecting this data and limiting and restricting access from hackers and malware creators with the intent of corrupting or destroying their plants?
Cybersecurity is being built into the framework the Industrial Internet Consortium is developing. This is great protection up to a point but each situation is different and an out of the box solution should never be accepted as a perfect solution. There are many improvements in this area and many of them go far beyond the traditional firewall and what it could accomplish. Firewalls were normally fine for IT networks. But when we begin to try and protect data between IT network and the manufacturing network, or between the manufacturing network and a safety network a traditional firewall will not be sufficient. One solution used by manufacturers is a newer technology known as “unidirectional security gateway technology.” These permit information to flow in one direction and physically block anything travelling in the other direction. A unidirectional gateway can allow monitoring of manufacturing without allowing any attack to flow into the manufacturing networks. Of course at times the manufacturer will want to make changes from the IT network side. When this is the case, a scheduled and time limited switch can allow data to flow back into the plant while at the same time greatly reducing the risk that a cyber-attack can be timed to match this encrypted opening.
The challenge will continue for a long time, but for the near term we can believe that a determined manufacturer using an IIoT network, good practices and the latest technology, can stay ahead of the hackers intent on destruction of their facility.