The Internet of Things (IoT) has seen explosive growth in recent times. According to a Cisco study, the number of networked devices is expected to exceed 50 billion by 2020. This includes everyday objects such as controllable lighting and heating in the home as well as machine-to-machine communication (M2M). Along with the IoT, the discussion about the use of artificial intelligence in the factory is also gathering pace. This development is being driven by ever-increasing computing power, growing data volumes and the increased use of sensors with IIoT features. In this context, companies are facing new security challenges that need to be mastered.

Adaptive algorithms offer enormous potential for further developments such as predictive maintenance and networked production. AI helps to increase overall equipment effectiveness (OEE), reduce costs and increase quality. Gartner predicts that by 2022, more than 80 percent of IIoT projects in companies will include an AI component, compared to just 10 percent today.

However, the rapid increase in IoT devices also means an increased security risk - especially with regard to the data to be collected and exchanged. Production facilities are facing more serious threats in this regard than ever before, as recent cases of production disruptions due to ransomware and other malware attacks show. The three security risks associated with the IIoT include, firstly, employees accessing devices and data at production sites. Secondly, the devices that are connected to machines and production lines, and last but not least, the data that is collected and exchanged. Each of these areas presents a challenge for effective authentication procedures.

Security risk 1: Users

On the one hand, threats from hackers posing as authorized users must be considered. Well-known examples in this context are provided by the internet, where authentication takes place via passwords and websites are protected by the SSL protocol. However, usernames and passwords are not always a reliable method of authentication for potential users of the IIoT. Some of the encryption methods are too weak and ineffective against potential hackers. Powerful authentication and encryption in the IIoT is therefore an area that leading manufacturers are increasingly addressing.

Security risk 2: Devices

Authentication, access control and the lack of basic security mechanisms are key issues for the devices used in an IIoT installation. If these are insufficiently protected, this has an impact on the systems to which they are connected and even on the entire infrastructure. Traditional authentication methods and weak passwords are not sufficient and cannot cope with the sheer number of devices and machine-to-machine communication within an IIoT operation. The devices must be able to authenticate each other securely so that data can be exchanged within the system. The IIoT platform must also be able to provide strong authentication processes, device authorization and access control. Reliable device inventory is also important. This can help managers isolate all devices involved in a security breach until the issue is resolved. Once the security of the devices is guaranteed, the next step is to ensure secure communication between devices, applications and, if necessary, the cloud. This involves the use of sophisticated encryption techniques.

Security risk 3: Data

Stringent data security - including secure transmission, storage, processing and final storage - is at the heart of all approaches to reliable IIoT in production facilities. Any measure in this regard must comply with numerous data protection regulations, including the much-discussed General Data Protection Regulation (GDPR). Aside from the thousands of interconnected devices that may be present within a production facility, the sheer volume of data that is collected and exchanged is almost impossible to monitor: IBM, for example, estimates that up to 2.5 trillion bytes of data could be generated every day.

Mastering modern IIoT challenges

So how can companies take advantage of the IIoT while protecting themselves from its vulnerabilities? Omron and Cisco Systems are tackling this problem together. Cisco's leading network and security technology will be integrated into Omron's machine control system. The latter was developed to ensure reliability under the extreme conditions in production plants. As the central automation component, the controller handles security authentication for the three elements mentioned: people at production sites, devices connected to machines and production lines, and data exchange.

Omron's controller authenticates user access and grants secure remote access (VPN) only to authorized users, enabling secure monitoring of machine controls and machines at production sites. The controller also detects device connections, blocks access from unauthorized devices and provides real-time alerts. Last but not least, Omron's controller also encrypts communication data, ensuring that data is transmitted correctly. It also detects and logs all unauthorized access and security risks. Prior to the collaboration with Cisco, Omron had already developed the Machine Automation Controller NJ series. This flagship controller is supplied with an OPC UA server as standard and complies with the global communication standard. The new PLC enables secure data communication with software and devices that support OPC UA.

Omron is also integrating AI capabilities into its machine-level control ("at the edge") to enable real-time predictive maintenance. This makes it easier to control the risk of potential security threats associated with the use of AI than with AI in the cloud. AI is also already being used by cybersecurity providers to improve defense capabilities.

By combining Omron's machine control with Cisco's technology, the range of available solutions for authenticating people, devices and data can be expanded. This helps to increase the security of IIoT solutions in production lines.

Lucian Dold, General Manager Product & Solution Marketing, EMEA Region, Omron / ag