When discussing Industry 4.0, Factory of the Future and IIoT, the topic of IT security is of key significance for hardware and software alike.
Security incidents are not necessarily caused by external factors, they may also originate from inside the organisation either deliberately or accidentally. However, regardless of the intent or originator, a cyber security issue can lead to loss of revenue, significant downtime, accidental contamination, late delivery charges from clients and damage to brand integrity for manufacturers.
Crucially, every manufacturer also has unique assets and exclusive – sometimes top secret – recipes it must protect to remain competitive and, a cyber-attack, whether deliberate or not, puts these assets in danger.
Considering the sensitivity of these assets, many ask: is the security of cloud-based systems strong enough to ensure protection? However, the question itself reveals some of the common misconceptions about security.
The first step towards protection is to understand the real risk-impacts and, for many manufacturers, this means letting go of long-held misconceptions. Firstly, having physical control over your systems is no guarantee of safety. For example, air-gapped computers are not the answer. Although in theory, the idea of creating a physical gap between the control network and the business network, sounds like it would provide protection against hackers, it’s simply not enough.
Likewise, manufacturers who claim that their industrial control systems are not already connected to the internet, need to look again. The reality is that the average system will have at least eleven direct connections.
One single action is not the answer; companies need to take a more holistic approach. Security should be layered and multidimensional. The Cloud is not the reason you’re at risk and many manufacturers are already utilising cloud services in their corporate and commercial processes, whether that be email, accounting or even online services such as DropBox.
A successful cloud solution provider usually has multiple clients, creating economies of scale and the ability to invest in robust security capabilities, the cost of which is spread across their many customers. Few manufacturers have either the budget or the internal IT expertise to match that level of security investment. And, as a result, cloud systems are usually much more secure than a manufacturer’s own, physical systems.
Keeping your assets and data ‘where you can see them’ may feel like the most secure approach, but is it?