In my last post I mentioned that I will participate in a virtual panel discussion related to IIOT.
While preparing my script, my mind started circling around one topic which unfortunately became a very realistic scenario if we have a look at the deadly invasion going on in Ukraine and the related threats for our economy.
New Threats for Your Shopfloor
What if you and your company are becoming target of cyber warfare? Maybe not dedicated target but sort of collateral damage? Are you prepared? And as it is clear that sanctions have not been put in place for a matter of weeks, this new situation will last. If that’s the case: is there an urgent need to adjust our ideas of Industry 4.0 or IIOT?
If your stomach starts shaking when you are thinking about cyber security, this article will be a good starter for you.
Before we are diving into this topic let me put one thing clear: I am not an IT guy, also I am not specialized in cyber security. I will have a look at this topic from end user side. However, there is a good reason I picked this topic besides the new threats we are facing. During the last months I noticed that attacks on SMEs are increasing.
Apparently there is no month without any company becoming blackmailed. Many are paying a lot of money at the end just to get their data back. It’s not a scene from a cheap movie. It’s real and it’s ubiquitous.
If cyber security has not been a topic on the agenda of your company, I will save you a lot of money with my first trick. It is completely free of charge. Stop whatever you are doing and call your IT manager or the external company taking care about your IT now.
Schedule an urgent meeting in order to discuss your vulnerabilities. If your IT is not prepared, you need to hire a specialist immediately. Imagine waking up one day without any access to your mail system, to your CAD files, your ERP, your payroll system… do you want me to continue? Start taking cyber security seriously!
Set up a Security Task Force
Unfortunately, cyber security is a dynamic thing. That means it’s not a one-shot activity, it’s rather something like a marathon. So, you better have kind of a task force which is monitoring the situation, taking measures and giving advice to your staff about how to behave.
Security starts with awareness
Often, your staff is opening the doors to virtual criminals. Of course not on purpose. More like someone leaving doors open in the evening without noticing. Thus, it’s vital to make sure that everyone in your company is aware of the threats.
Schedule annual obligatory trainings for everyone. It needs to be clear that cyber security is not something, only your IT is responsible for. Every USB stick can become a master key to your company. Be aware this applies as well to USB sticks being used in your equipment on the shop floor. If you have a KUKA robot, ask your contact in support to recommend appropriate security options which can suppress usage of USB sticks.
Update! Update! Update!
As the situation is a dynamic one, you need to make sure to install all security patches immediately. This applies to your server structure, to your PCs, but also to all your mobile devices and to your equipment on the shopfloor. Check if the suppliers of your CAPEX equipment offer maintenance contracts which include software updates. Sometimes you have to book security updates as an option.
Phishing for compliments
Although present in the news, it is still hard for a significant number of users in your company to detect phishing mails. I read some articles which mentioned that the amount of phishing attacks literally exploded since many employees work remotely due to Corona crisis. You can find latest risk assessments on the official websites of agencies for cyber security in your country like on the site of German BSI.
Copies? Everything is in the cloud!
I know. First you wanted to get rid of local copies and now you should make some on purpose. Sounds crazy? I am not saying “print out your mail”. I am saying “copy critical data to an external hard drive”. If things ever should get crazy, you will buy me a coffee for this recommendation one day. However, make sure to avoid the physical loss of this hard drive. Don’t take it with you when travelling. Lock it away. Weekly backups should do the trick. Remember: I am just talking about activities of end users here.
Only the sky is cloudy
Now let’s go to the shop floor. You have listened to a lot of discussions about Industry 4.0 in the last years. Or about IIOT. Or both. I am pretty sure you did. It was all about clouds and portals and big data, right?
The scariest think I saw was a demonstrator exhibited on a machine-tool show a couple of years ago. One single machine was connected. It proudly produced like 5.something terabytes of data. Per day! One machine. Imagine 50 machines, robots, additional equipment. Honestly? Trust me. You don’t want that.
You don’t want to send out terabytes after terabytes of data to any 3rd party cloud system using open ports and hoping for some mystery coming back from big data one day. Chances are higher that you will invite some unwanted guests. I remember some customers (not too long ago by the way) who would disconnect their equipment and who would only bring it back online if remote support was needed .
On the guitar: The Edge
There is one musical element which is mainly responsible for the singnature sound of Irish rock band U2: It’s the rhythmic delay combined with various effects on their lead guitar which creates this typical sound layer. It helps you to identify a song as a U2 song only after listening to a short guitar riff. The Edge is most of the time (at least in older performances) in the background, focused on his performance. That’s what you want for your IIOT solution: a powerful performance in the background.
Forget all this mystic big data marketing bla which exists mainly on powerpoint slides and not so much in reality. If talking Industry 4.0 start thinking in added value. There is no value in connecting everything and sending out all your data in good hope that one day everything is organising itself in some mysterious way.
If we start talking about use cases instead, we will see that there is a fair chance to implement these one after another without sharing all your data with cloud services. Instead, there is a realistic chance to keep your data on the shopfloor and do the “computation” on site using an industrial PC, or – if you want use a more fancy expression – on the edge instead of using cloud computing.
KUKA teaming up with T-Systems (source: SteelGuruBusinessNews)
As a strategy to create value, I suggest to try out one dedicated project after another. Think about predictive maintenance, or about augmented reality to support your maintenance staff. Think in solutions. If they work for your: scale them up. If not take them down again. At this point it is important to remember: if it doesn’t create value on the shopfloor you won’t need it.
Get support – Where to start?
Cybersecurity is of such importance, that many countries have installed agencies dealing with this topic. The websites of these agencies are a good start. They offer publications especially for SMEs to get some kind of a guideline at hand.
ENISA – European Union Agency for Cybersecurity
U.S. Cybersecurity and Infrastructure Security Agency
What’s your experience with cyber security on the shopfloor? Let me know in the comments below how you secured your CAPEX equipment and if you have additional tipps you want to share.
If you found this article helpful I invite you to share it within your network.