Industrial cybersecurity at the heart of INDUSTRY 4.0 development

Everything is digital. We want data. But not all data is interesting or necessary. We need methods to classify, prioritize and refine data, to connect bits and turn them into meaningful information, and then share that information with operators and other assets, ensuring that the most valuable and efficient business, financial and operational decisions and actions are taken.

While the entire industry is scrambling to digitize, all that connectivity, productivity and efficiency will not be effective if the culture, systems or installations are not intrinsically secure. Before implementing a digital strategy it is important to understand not only the implications of the strategy for the business, but also the implications for the security and protection of people and assets. In short, integrating cybersecurity is the cornerstone of this new digital age.

The prospect of connecting billions of devices to industrial automation systems raises two really important questions.
First, how do we keep systems and information secure? Adding more devices means increasing the attack surface area, which in turn increases cybersecurity risks. In this matter there must be a balance between adding intelligence, protecting devices and protecting data. Compiling data just for the sake of having it may result in no additional value being created. In turn, more data means a potential cause of confusion and increased risk of cyber-attack.

Secondly, what do we do with the data and information? We need processes to find out what the data means and what it is telling us. There are many options for analysing data, including trends, reports, alarms and other functions. But there must be a reason for gathering all this information. This is known as an operational intelligence approach, which is based on optimizing automation and control, remote administration and predictive maintenance to enable services, advanced analysis, and the generation of actionable information to drive better and more efficient decision making.

Operations are improved by providing operators with intelligent data so that they can make better decisions based on this data to optimize production. As an analogy, let’s think about what would interest us if we connected our washing machine to the Internet. Would we want to know when the water starts to enter, how is the soap dispensed, the drying cycle time, the rinse cycle time, the centrifuge cycle time and the RPM? We probably don’t need that information. Is it worth the risk of a cyber attack? And what do we do with the data? In practice, all we would probably like to know is when the washing machine started, when it finished and if there were any potential problems. Just because I can connect my washing machine to the Internet doesn’t mean I should, unless it makes sense and unless I can do something worthwhile with the information.

Digitisation in general is a huge breakthrough and a real opportunity to increase ROI and asset value. But, when it comes to process automation, we should use digitisation’s capabilities to bring intelligence to the device layer, which means we need much smarter sensing and instrumentation to simplify control architectures and reduce the time, cost and effort required to configure systems.

Distinguishing the data actually needed from the data available is important in system design. It is about applying lean design concepts to improve operations, efficiency and productivity. Scanning strengthens our capabilities so that we can help users extend the life of their assets, improving decision making and creating intelligent enterprise control systems that give businesses better financial control and enable them to approach the customer more flexibly. In any case, the system must first and foremost be intrinsically cybersecure.

In 2007, ISA developed the ANSI/ISA-99 standard entitled “Security for Industrial Automation and Control Systems: Concepts, Terminology and Models”. In 2010, this document –extended and updated– became the IEC-62443 international standard and is still in use today; it is the most widely acknowledged and used standard for industrial cybersecurity assurance in the world.

Since the beginning of 2017 ISA has been teaching several officially certified courses on industrial cybersecurity in Spain. These provide a detailed overview of how ISA/IEC-6243;standards can be used to protect critical control systems.

About ISA in Spain

ISA (International Society of Automation) is a professional non-profit association whose mission is to disseminate knowledge on instrumentation and control of industrial processes to improve their management, security and cybersecurity. Founded in 1945, ISA develops standards, certifies and trains industry professionals, publishes books and technical articles, organizes conferences and offers development programmes for its 40,000 members around the world. In Spain, ISA has more than 350 members and 55 sponsoring companies from the industrial sector that support the more than 50 activities the association conducts throughout the year. These include, technical meetings, training courses, books, conferences, university groups and working groups, among others.

En España ISA cuenta con más de 350 socios y 55 empresas patrocinadoras del sector industrial que apoyan las más de 50 actividades que la asociación desarrolla a lo largo del año. Entre otras, reuniones técnicas, cursos de formación, libros, conferencias, grupos universitarios y grupos de trabajo.

Leave a Reply

Your email address will not be published.

Post comment