Mobile Navigation

Environment, Health, Safety & Security

View Comments PDF

Cybersecurity: The challenges of interconnectivity

| By Chemical Engineering

Big-time security threats and breaches, like the recent Target data breach involving confidential consumer information, remind us of how vulnerable our interconnectivity makes us. And yet, the advantages of the technological advances that we enjoy are so many that there is no turning back.

In his keynote presentation at the recent ARC Industry Forum (February 2014; Orlando, Fla.; www.arc.com), ARC Advisory Group president Andy Chatha described how intelligent assets, devices, sensors, data communication platforms, analytics and software are already in place, and form the building blocks for the industrial Internet of Things (IoT) — a term that is now commonly used to refer to the network connectivity of objects. Chatha cited the multitude of capabilities that are now being built into automobiles as an example of how our world is increasingly interconnected through technology. He predicts that this year will see a breakthrough in wearable devices, such as those already available for monitoring health.

The advantages of interconnectivity in an industrial setting can be many, for example: enabling better performance through predictive maintenance; remote monitoring and fixes; better field-service capabilities through mobile devices; and for platforms, such as cloud computing, cost savings by being able to pay for only what you use.

Along with the advantages comes a number of challenges, such as an increase in complexity. As one ARC Forum participant noted, things have become so complex these days that it can be a challenge to figure out how to operate a car when you rent one — sometimes even how to turn it on is not obvious. But for industrial IoT, Chatha says that “Cybersecurity is by far the biggest challenge.”

One part of this challenge is that the “fixes” to maintain cybersecurity are continuously evolving as the threats advance. A milestone in addressing the cybersecurity challenge was the release, on February 12, of the U.S. Cybersecurity Framework (www.nist.gov/ cyberframework). The intention is for the Framework to be a living document that will be updated as industry provides feedback. The Cybersecurity Framework is the result of partnership efforts among The White House, the Automation Federation and its founding organization, the International Society of Automation (ISA; Research Triangle Park, N. C.; www.isa.org). In fact, the ISA’s industrial automation and control system (IACS) security standards (ISA99/IEC63443) are among the framework’s recommendations.

But even with guidelines, the challenges faced by industry are many. In a survey of end users conducted by the ARC Advisory Group and reported by Sid Snitkin (vice president and general manager of Enterprise Advisory Services), major hurdles to industrial control system (ICS) security include a lack of understanding of the difference between cybersecurity for IT and for ICSs, and the lack of resources with the needed cybersecurity expertise. These issues, among others, were discussed during an ARC Forum panel on the topic. While there are no easy answers, two strong messages that came across are the following: (1) both IT and ICS experts need to work together on industrial cybersecurity; and (2) maintaining security is hard work that requires great diligence on the part of the user.

Dorothy Lozowski, Editor in Chief