How to choose a sustainable approach for secure integration of IIOT sensors
Digitalization projects are done in nearly all enterprises. Leveraging production data for future cost reduction and smart production planning is on the rise. It sounds easy if you believe the promises of IoT gateway vendors and cloud service providers: Simply buy their latest products and connect them in no time with one of the big cloud providers for data analysis. After this step, expected savings will happen immediately. This is, of course, quite far from the reality of implementation. Quick and unsustainable implementations in your production lines can result in serious cyber and business risks. Thus, such initiatives and projects must involve all stakeholders from the beginning. The concept for 'Secure by Design' implementations is not a checklist of technical features to tick during procurement process of new solutions. It is about managing the overall impact on your business caused by the implementation and ways of operating those solutions securely in your production environment. This article deals with the organizational complexity of running those emerging digitalization projects. No matter if you execute it in a waterfall or agile approach, the involvement of the right people is absolutely required and will save considerable effort in the longer run.
The Beginning of Digitalization
When enterprises aim to jump into the digitalized age, changes are usually required instantly. After all, digitalization aims at making everything easier and more accessible. The media is continually displaying digitalization success stories while pointing out that the industry in Europe is behind its international competition. Thus, management in global organizations struggles with following the daily highlighted pace and the emerging pressure from the market. As a result, a lot of quick and short-term digitalization projects are initiated to show the modern mindset to partners and customers. Besides missing the budget for such initiatives and overly ambitious timelines, we observe a lack of appropriate resources and required know-how. Along with stronger connectivity of production equipment, new challenges for secure, reliable, and stable operations arise. Those new challenges raise questions amongst the OT engineers:
- How can I make sure there are no backlinks and interferences to my production?
- How can I connect obsolete equipment, which is not foreseen for connectivity outside its physical production environment?
- How can I ensure operations of such new device types, if no knowledge is existing in our team?
Those are significant questions for which detailed answers are required to ensure the overall uptime and availability of the production environment.
Often, connected sensor devices have limited computing capabilities and cannot process any data themselves. They need external communication peers and applications at the end, which are able to interpret the data. When organizations are lacking the skills and resources of implementing and running edge applications close to their OT, thesis is outsourced to cloud applications. This type of implementation opens up an entirely new set of questions:
- How can cloud connectivity be ensured in a safe and secure way?
- How can the connectivity be ensured and what is the impact on production if the cloud or the cloud connection is not available?
- How can the collected data be securely stored and processed in the cloud?
Decision-makers today often struggle with the number of emerging questions. What seemed to bean easy plug-and-play automation project evolves into highly complex and time-consuming projects.
Simple Solutions for Complex Problems are Rare
If one follows the recommendation of many cloud solution providers, one will most probably obtain a solution containing components that are working well within the defined scope of the individual service, but what happens if other services shall be connected? For example, if an enterprise wants to extend its business and develop new products and sales channels? What sounded perfect in the planning and project phase, because of the comparably low cost and fast implementation, might become a major roadblock for future business agility. Once a company has such a dependency on a service provider, the relationship becomes in favor of the service provider. Obtaining feature requests or price-attractive service extensions becomes challenging for the customer. Another challenge lies in the often technology-centric offerings.
Important questions, which need to be answered for an effective 'Secure by Design' approach are often not considered in an early stage of the initiative, in an idea of time-saving but having impact on the longer term:
- What is the criticality of the data to be collected and processed? Which requirements for data integrity and authenticity exist during transport and processing by the data analytics application?
- Is there data collected, which should not be shared with the analytics application due to sensitivity or limitation in bandwidth?
- How is the data structured? Is it unstructured and does not allow any conclusion about the production environment or is there metadata attached, which gives more information about its source?
If one reduces digitalization projects such as sensor connectivity to technical-only implementation projects, one might miss potential material business and company risks.
Involve the Right Roles at the Right Time
For such projects, many different skills are needed, which are often distributed over many heads. The complexity of our business and technology world and the specialization of staff requires the involvement of many resources. Especially cybersecurity specialists are rare in many enterprises and have fully packed schedules with meetings, which do not allow them to work on practical solution approaches for their company's challenges with the appropriate focus. Organizations should ensure that these resources have the required capacity to take over such important roles. Communicating the vision and empowering these key talents is essential and often not enough considered.
The 'Secure by Design' Approach
In order to implement new technologies and processes securely from the beginning, organizations must manage further challenges, such as organizational interdependencies and frame conditions besides technology. In this chapter, we discuss, what are the most important aspects, which need to be considered in such projects. It is very important to mention that the different phases work hand-in-hand and enterprises must be able to take a step back and adjust an earlier phase if dead-ends are identified later in the project.
Describe the Business Purpose
If the main purpose is to just become more digital, every involved person will have another individual version of the target in mind because the purpose is missing details for a joint target picture. The better and more accurately the business target is defined, the better involved persons can share the same understanding of the envisioned result. Make sure project members and stakeholders understand the project's purpose and what the project is going to deliver. The more people identify with a target, the higher the intrinsic motivation - team members will find practical and useful solutions and make use of their entire skillset.
Integration into existing OT Architectures
Where organizations are already having a well-documented IT / OT architecture, the options for integrating sensors into the existing landscape must be incorporated into the architecture. It should be described how such devices are interacting with other components in existing network zones and over conduits' sensors are very often equipped with very limited security capabilities, they are usually made for collecting and forwarding data to analytics applications. The architecture must leverage the lack of security controls and introduce such controls on another level e.g., as a gateway solution between conduits to secure communication outside a defined OT cell. To further increase the security level, a protocol change on such control points could be enforced to make it even harder for attackers to exploit protocol vulnerabilities over multiple components in the connection chain. Operating companies should ensure having the ability to monitor the activity on such points by SIEM solutions and identify suspicious behavior.
API gateways have emerged in IT already to backbone components for flexible connectivity of various (micro) services. In connected IIoT sensor projects, such solutions have a great chance to provide the capabilities for secure and reliable implementation. Organizations can define which data is allowed to leave the edge, apply policies to protect the integrity of information or anonymize the data before forwarding it to the cloud application.
Create a Risk Profile
For the creation of a cyber security risk profile, standardized checklists with requirements from policies and standards are often used. That is a valid approach for a first assessment. Nevertheless, each project and the OT environment is individual and no checklist can honor that well enough. Organizations should involve skilled cyber security architects knowing the affected OT environments. There are various additional questions, which need to be answered to get an individual risk profile for any project. Some can be listed below:
- Are there specific legal or regulatory requirements applicable to the target production environment, which are not part of the enterprise-wide cyber security policy framework?
- How do the sensors and their data impact the production environment? Is analyzed data used to adjust the production and may thus impact its state and behavior?
- Are sensors going to use joint networks with other components and my impact bandwidth of those networks?
- What kind of data shall be collected and forwarded to cloud applications for analysis? How are such data classified and do they need specific protection during transport or at rest?
- Are sensors going to be integrated into an existing OT network? How are they going to be integrated into an existing level model?
Focus on existing governance documentation helps going through an obligatory project step more quickly, but does not really help a lot to define a reliable and individual protection concept. Rather, the interdependency of sensors and the collected information to their environment must be considered. Standardized risk models are barely able to sufficiently address every business use case. Experience of involved roles and transparency in risk assessment is still the best consultant during this phase.
Conclusion: Stay curious and critical!
In the rush of many ongoing digitalization projects, the integration of connected sensors into production sounds not too complicated and risky. The promises of solution providers give the impression that this step is already a commodity for them. However, in our view, the opposite is the case and they are learning as much as organizations do during such projects. Connected factory is a rather new field for all players in the market. Enterprises should demand transparency from providers about their solution portfolio to understand how it is working under the hood. What is not clarified during the concept phase and before signing contracts, is rather hard and expensive to change afterwards. Prefer looking for a solution provider, who is willing to think from a position. Rare and highly skilled cyber security resources should be protected from spending their time in non-valuable meetings. They need this time to think, exchange with colleagues in order to be able to provide effective protection concepts.
Control points should be built into the architecture to be able to inspect the data and behavior of connected sensors. Implementing the right controls ensures the required integrity, confidentiality and authenticity of gathered production data before sending to the next solution component. Organizations should keep in mind, accountability for data security cannot be delegated to a service provider.