The Industrial Internet of Things (IIoT) provides organizations the ability to take advantage of existing equipment investments by retrofitting current machinery with industrial automation and networking devices that support advanced capabilities. Connecting one device or thousands can be seamless with today’s technologies, but close attention needs to be paid to security to help avoid costly downtime as critical systems are networked. One of the biggest security hurdles for industrial organizations to overcome is balancing strategy with applicable implementation and management costs.
Security should be implemented in layers, starting with physical security and equipment access and moving on to data protection and transport. This process of layered security is similar to the best practices that have been employed effectively with enterprise networks for years.
Physical security represents an organization’s ability to physically separate equipment from non-authorized users. Fences and enclosures represent easy-to-deploy solutions that help keep sensitive equipment safe from theft or tampering. Whether the device or equipment is on a factory floor or at a remote pumping station, it is important to limit access to sensitive data.
The next layer of securing an IIoT network involves user access to control who has digital access to data at specific locations. Security at this level includes password policies, role-based access control and access control lists (ACLs). Simply requiring a passcode for access to touchscreen operator panels, or passwords on terminals, can significantly reduce compromised data by identifying and logging when and who is accessing equipment. For some applications, role-based access control or an ACL can limit user access to sensitive data based on the credentials provided. For example, a technician might require in-depth system access, while an operator might only require a small subset of permissions to operate equipment.
Controlling who has access to equipment at a site is sometimes the easiest part of securing sensitive data. A larger challenge is how to effectively collect data across tens or thousands of locations securely and reliably without requiring a full-time security or IT team. Securing data for transport between sites can be accomplished in a number of ways, but many pose implementation challenges.
IPsec, port forwarding and open VPN technologies are common ways to provide remote device access. Though familiar to IT, these methods are more complicated to set up and maintain on the operations side of the business. This is why the market needs easy-to-use technologies to securely address mass-deployed sites as part of successful IIoT adoption.
Emerging technologies are changing the paradigm of how organizations approach the implementation and maintenance of security policies. These technologies provide inherently more secure communications while simplifying the process of deployment and management, which can significantly reduce operational costs. Software-defined networking (SDN) is one example of an emerging technology positively impacting security for IIoT applications. SDN enables dynamic routing of encrypted information through secure nodes without the need for a dedicated IT team to manage it. Solutions like SDN in an industrial network, where environmental and backhaul variables are constantly changing, can help ensure data stays secure and systems remain operational without IT intervention.
Security strategies will continue to evolve as new threats and technologies emerge. Though a single security solution doesn’t fit every application, there are common measures that should be evaluated to help reduce most threats. Selecting vendors that offer paths to keep equipment updated with current security solutions should be a priority. Industrial networking products from Red Lion Controls help keep data secure both at the edge of a network and in transmission.
Red Lion Controls is a U.S. manufacturer of industrial automation and networking solutions that help organizations connect, monitor and control assets worldwide. Visit www.redlion.net to learn more.