Protect PdM from cyber attack

Cybersecurity measures for Predictive Maintenance

Plants are rightfully concerned about new IIoT technologies introducing new types of cyber threats onto the plant floor. However, not all IIoT solutions are equal when it comes to cyber risk, and reputable vendors are heavily investing in cybersecurity for the hardware and software they provide.

With the adoption of Industry 4.0, many industrial plants are concerned that implementing new cloud-based technology increases the threat of cyber-attack. There is a growing awareness of the role of state-sponsored actors.

These fears are justifiable because the threat is real.

Industry statistics are indicative of a startling reality:

  • The average data breach costs than $3 million
  • 67% of manufacturersare only “Somewhat Ready” and 14% are “Not Ready” to address cybersecurity risks.

The dual pressure of competitive market conditions and shareholder demands make IIoT an unstoppable force. At the same time, many security breaches are based on careless and avoidable mistakes. The rush to IIoT cannot and should not be used as an excuse to avoid implementing policies and deploying solutions to protect the plant from attack.

The need for cyber-conscientious planning has been exacerbated by the low touch economy launched by Covid-19 and the ensuing rise in Work from Home. One 2020 study found that over 50% of manufacturing employees have no home working experience. Reskilling plant workers to connect and share information safely within their home environment, and building or expanding secure remote IT infrastructure, are fast becoming a top priority.

Here’s the good news: Many plant owners are still in the planning stage, developing their overall Industry 4.0 strategy and defining the requirements for their Predictive Maintenance solutions. Instead of having to adapt older practices to new cybersecurity requirements, plants that are only now creating their Industry 4.0 roadmap can build cybersecurity safeguards into new strategies and procedures from the outset.

This article addresses the following questions:

  • What are the most common cyber-threats facing industrial plants?
  • Do Industrial IoT or IIoT Predictive Maintenance solutions increase the risk of cyber-attack?
  • What are the Best Practices for improving plant cybersecurity?

ICS: The Achilles Heel of industrial cybersecurity

Before we analyse the threat of IIoT Predictive Maintenance, let’s review the current state of industrial cybersecurity.

Manufacturers are concerned about the theft of intellectual property, and with good reason. According to Deloitte research, manufacturers believe that IP theft has been a primary motive for the cyber-attacks on their factories. State-sponsored cyber-attacks have also reached a critical mass. In the latter case, manufacturers are faced with an adversary who has deep pockets and strategic patience.

In recent years, cyber-criminals have attacked industrial plants using infectious ransomware. Typically, ransomware starts with Information Technology (IT) where an employee opens an email or accesses a website. The ransomware then infects Operational Technology (OT) including industrial controls. Ransomware is a highly profitable criminal venture as facilities are extorted to avoid an expensive shutdown.

A primary target for state-sponsored cyber-attackers and other cyber-criminals are Industrial Control Systems (ICS). ICS refers to control systems used in industrial production technologies and includes Supervisory Control and Data Acquisition (SCADA) systems, Programmable Logic Controls (PLC) and Distributed Control Systems (DCS).

Industrial facilities’ ICS are being targeted at an alarming rate. Data from the Kaspersky Security Network showed that over 40% of manufacturing customers had faced malicious activity on their ICS computers during the second half of 2018 alone.

Why is ICS vulnerable to attack?

Manufacturers avoid ICS stoppage because it results in costly production shutdown. Many of the ICS are systems dating back to the 1970’s and 1980’s; because they were not designed for the internet era, they lack “means of authenticating commands received.” Vulnerability in authentication creates a significant opportunity for external breaches.

The introduction of Operating Systems to enable communications between enterprise systems and ICS systems exposed the ICS to outside threat. These Operating Systems are often too old to be supported by the software vendors. At the same time, they provide sufficient functionality so that costly upgrades are difficult to justify. Although it is rare to find Windows XP in an office environment, the same cannot be said about a manufacturing environment.

Can hackers target Industrial Analytics for Predictive Maintenance to access Intellectual Property?

Depending on the type of solution, certain information can be gained from an Industrial Analytics solution. Typically, hackers seeking to access IP are looking for the following:

  • Product / R&D planning and strategy documentation
  • Machine blueprints
  • Manufacturing process flows
  • Control diagrams
  • Internal processes (e.g., problem resolution)
  • Quality control information
  • Details about product components and sources

There is a scenario that cyber-attackers will attempt to penetrate Predictive Maintenance tools directly, even if this information is not as high a priority as asset blueprint and production processes. Operational metrics such as Root Cause Analysis and Mean Time Between Failure (MTBF) could be of interest to hackers, and therefore security protocols for storing and accessing the reports of this information are needed. Production facilities will need to conduct due diligence on the security of each solution type as part of the technology purchasing process.

What are the cybersecurity implications of industrial analytics for Predictive Maintenance? 

Any new service provider or technology hardware introduced into a factory environment needs scrutiny. The same applies to IIoT Predictive Analytics.

Since there are numerous approaches to Predictive Analytics, we will review each one individually.

Hardware-based Predictive Maintenance solutions 

There are numerous solutions in the marketplace that are based on detecting abnormalities in the behavior of specific sensors. These include acoustic and vibration monitoring. Typically, a specific hardware is installed on the factory floor and the results are monitored either on-premises or via remote.

Threat potential

There have been instances of nefarious actors using external hardware to introduce malware into an operating environment.

Mitigating factors

Although some of the vendors that provide specialized solutions are relatively new, there is no reason to believe that they are using hardware that could compromise plant cybersecurity.

Cyber plan for new vendors

  • Audit all new hardware
  • Perform thorough due diligence on all new technology vendors

Manual statistical modeling for Predictive Maintenance solutions 

There are numerous statistical packages that can be used to predict changes in machine behavior. Statisticians use sample data from a machine or asset and then extrapolate. Although this method is time-consuming and not real-time, it augments current SCADA-based monitoring systems.

Threat potential

Any time new software is used there is a potential for vulnerabilities.

Mitigating factors

There is no reason to believe that any of well-known software packages could compromise plant cybersecurity. Many statistical packages are offered by reputable vendors with long-standing reputations.

Statistical data in the hands of cyber-criminals is of limited value and does not expose the production facility to loss of Intellectual Property.

Cyber Plan for new vendors

  • Audit all new software
  • Perform thorough due diligence on all new technology vendors

Digital Twin analytics

Several leading technology vendors offer a virtual clone of a factory asset. The virtual clone is designed to provide a real-time monitoring of the underlying asset’s performance and identify early warning signs of failure.

Threat potential

  • The typical deployment process of the Digital Twin involves outside consultants, statisticians, and CAD technicians. By definition, sharing internal information about production facilities to 3rd party vendors is a risk factor.
  • The Digital Twin is connected with Industrial Control Systems, which control the underlying machine asset.
  • The Digital Twin is built on an Industry 4.0 IIoT infrastructure that is an obvious target for state-sponsored cyber-attackers.
  • Potential access to Intellectual Property / Trade Secrets.

Mitigating factors

Major vendors are aware of the cyber-risk and have invested significantly in cyber-defense.

Compared with existing legacy SCADA systems with known vulnerabilities, Digital Twin has much stronger capabilities.

Cyber plan for new vendors

Work with vendors to create joint standards for governance, data control etc.

Automated Machine Learning for Predictive Maintenance

SKF Enlight AI is a cloud-based solution that uses sensor data from a production facility to detect abnormal behavior and identify asset failure before it occurs. The sensor behavior is analysed in the cloud using Automated Machine Learning methodology. The learning algorithm is agnostic with respect to machine age, asset class or sensor type.

Threat potential

Any time data leaves the internal operating environment, it is subject to third party hacking

Mitigating factors

Raw sensor data is not of high value for cyber-criminals seeking Intellectual Property. Therefore, this technology is not likely a high priority target for attack.

Raw data flows to the SKF Enlight AI cloud. The system cannot be used to infiltrate Industrial Control Systems. Therefore, there is limited potential value for cyber-criminals.

Cyber plan for new vendors

  • Audit all new software
  • Perform thorough due diligence on all new technology vendors

How to improve cybersecurity for Predictive Asset Maintenance

Cybersecurity for Predictive Asset Maintenance is incorporated into a production facility’s overall cyber-strategy.

There is no silver bullet for cybersecurity defense. However, given the cost of a security breach, there is no excuse for not having a robust security strategy.

According to a research survey of cybersecurity professionals conducted by SANS, the majority (83% ) of respondents understand the security strategy to address the convergence of IT and OT.

However, only 47% of their organizations actually have a strategy. The importance of a plan cannot be overstated, especially one that addresses the “what-if” scenarios with concrete plans to potential threats.

Cybersecurity is not only about the technical steps such as penetration testing and patch management. Today, these are basic and part of any plan. What is more important is to create a culture that recognizes the threat of cyber-attack – from the factory floor to the boardroom. Opening a spear-phishing email can cause just as much as damage as a piece of compromised hardware.

Rigorous employee training should be used to turn all employees into frontline fighters in the cyber-war. Within this context, situational awareness is as important as any software or hardware solution.

Regardless of which approach or methodology is used for Predictive Asset Maintenance, all employees and third-party vendors need to be vigilant. This applies to cleaning staff, reliability engineers and factory executives. State-sponsored cyber-criminals have access to highly skilled hackers and significant financial resources. These entities augment their cyber-attacks with physical security breaches and are known to exploit vulnerabilities in the supply chain. Embedding a microchip in a SCADA or PLC can wreak havoc and provide unparalleled negotiating leverage against the extorted victim.

Summary and conclusion

Every time a new solution is added to an industrial facility, due diligence is required. That is common sense. However, based on our analysis, most solutions for Predictive Asset Maintenance do not provide an entry point for a security breach. In general, Predictive Asset Maintenance solutions do not contain sufficient levels of Intellectual Property to become a target for attack.

This is particularly the case for solutions that merely analyze large quantities of data for analysis purposes but cannot be used to attack Industrial Control Systems. With careful due diligence and best-of-breed employee practices, IIoT Predictive Asset Maintenance does not pose a cybersecurity risk to today’s industrial plant.

Leave a Reply

Your email address will not be published. Required fields are marked *

*