Is IIoT Security a Showstopper?
In this article from Today's Medical Developments, Executive MES Director Greg Giles addresses user access when implementing IIoT (Industrial Internet of Things)
Is IIoT security a showstopper?
Top 4 move-forward tips from industry experts
Recommendation #1 – Don’t assume cloud means Internet, Intranet works too
“IIoT doesn’t need to be on the Internet. It can also be run on an Intranet. In fact, you can use both on-premise and publicly accessible clouds,” said Sloan Zupan, senior product manager, Mitsubishi Electric Automation, Inc. “To manage risk, manufacturers should determine the sensitivity level of the information to be shared, who needs access in the organization and then choose the best technology.”
Recommendation #2 – Modernize your security technology
“Although security is a critical issue, it should not prevent a manufacturer from taking advantage of IIoT. A modern security framework requires a holistic defense-in-depth approach that addresses both internal and external threats to minimize vulnerabilities when applied appropriately,” said Beth Parkinson, market development director, The Connected Enterprise, Rockwell Automation. “Manufacturers need to assess current security processes and develop an evolution plan to use modern technology that offers layers and depth of security focusing on physical, network, computer, application and device security.”
Recommendation #3 – Focus on operational requirements, not IT policy
“Operations and IT need to eliminate barriers and work together to create the right security. Although IT provides security, the person in charge of manufacturing operations provides an equally important perspective,” said John Kowal, director, business development, B&R Industrial Automation Corporation. “If Operations describes a need, IT needs to consider the business imperative. What the operations team requires must be secured to move the business forward. IT does need to address security threats as they continue to evolve.”
Recommendation #4 – Break down who needs access to what
“Manufacturers need to define basic rules about the access level for consumers of data,” said Greg Giles, executive director of MES, Red Viking. “Within that framework, security needs to be assessed against the potential threat presented by the data. Reasonable mitigation strategies should be implemented based upon the specifics. An application may require a basic web front-end encrypted with SSL, or could require a more stringent user identification system. For more sophisticated needs, servers may be configured in a manner which strikes an appropriate balance between security and ease of access, but, these security decisions start with defining needs.”