The Digital Factory Requires Reliable Protection

Introduction

Over recent decades, industry has seen three main boosts to productivity: first, the advent of automation technology, second, the introduction of networking from the management to the field level on the basis of standards (Ethernet, TCP/IP and ProfiNet), and third, the introduction of operator control and monitoring devices using Windows-based operating systems. The use of modern standard solutions allows automation systems to be efficiently connected and their data used for comprehensive analysis purposes. However, the improvements gained in terms of accessibility, efficiency and productivity must be accompanied by a high-level of protection against attack both from the outside and from within.

Industrial plants typically have a life expectancy of several decades. It was as long ago as 1970, for instance, that Siemens installed its first gearless drive at the Portland Cement Works in Rohrdorf, Southern Bavaria. Although the inverter and automation system have been updated several times, the ring motor continues to operate as tirelessly now as it did on its delivery 40 years ago. This achievement testifies to the reliability of the equipment – with regularly scheduled maintenance. Generally speaking, however, on average new technological process and product developments may be expected to emerge every seven to ten years. This is the interval at which a plant will generally be modernized – whether in the interests of greater energy efficiency and more environmentally responsible production, to increase speed or reduce costs, or simply to allow the production of new materials to a higher standard of quality.

Standardization of plant IT increases risks and requires more efforts in security measures

The situation is quite different when it comes to information technology components. They are more prone to “obsolescence” than the industrial plants themselves. New components offering vastly improved functionality are generally available within just six months. After three to four years at the most, this type of component has not only reached its depreciation point in terms of its value as an asset, but is also technically obsolete. New operating systems, new peripheral devices complete with new drivers, new hardware with even greater storage capacity and higher processing speeds all give rise to the need for an almost yearly reinvestment cycle. Failure to invest in new components for this type of “IT-mated” production plant can result in data bottlenecks, lack of transparency, increased work due to duplicative work managing the data and the potential for an unsecured plant environment

Letter sorting - an example of IT-mated processes

At first glance, replacing old equipment with new would appears to be a relatively easy process. This may well still be the case in the office environment, although even here upgrading an existing PC with new software can cause problems. The situation faced in the factory is far more complex, where the installed platform generally comprises a conglomeration of gradually developed and extended systems, components and applications.

To a greater or lesser extent, the overall system will have evolved logically and will have been updated and maintained with limited interruption to production processes. Some elements are certain to be technologically out-dated, but the functionality as a whole is too valuable to allow the configuration to be altered. This naturally evolving hardware and software conglomeration will generally consist of a number of internally developed software components, hardware and software elements from different suppliers, using different generations of programming languages and programming environments, and be based on different software architectures. Each different area of expertise has installed the most favorable solution for its specific process. Networking based on individual standards and stand-alone solutions. Whatever had originally been incompatible was laboriously cobbled together. The inevitable outcome: incompatible data and uncoordinated processes, incapable of exchanging data. Yawning information gaps were left at the interfaces - between management and purchasing, sales and engineering. Not everyone concerned had access to vital information.

Changing over to different systems is far from simple in the field of production. Here, an enormous store of knowledge relating to the process routines of automation devices and control systems has been gathered over years. This is where a company’s expertise actually resides. It is a resource which must be maintained and protected at all costs when the time comes to make the change to a new system. For the technician, it is difficult to grasp the point of interfering with a process that is running well - particularly when it appears that a heavy investment in modernization serves only to exchange one successfully operating system for another. However, the point does eventually come when costs for repairs and maintenance increase to a disproportionately high level. Sometimes there is simply not an effective way to scale up and data exchange is no longer possible. This is the moment when it becomes necessary to invest in new hardware and software components, offering benefits such as extended functionality, improved operating behavior, advanced programming, better interfaces, enhanced graphics, etc.

But the decision to opt for a particular IT landscape is far from the end of the story. Additional investment can vastly exceed the original equipment outlay if the software must be integrated and maintained in the existing corporate landscape. We are all familiar with the factors to be weighed when considering the purchase of a previously owned car. Simply knowing the price is not enough: the added costs such as future repairs and diminished fuel efficiency all have to be factored into the equation. Seen from this perspective, IT is like a never-ending construction site. There is a good reason why plant owners tend to opt for standard components. This allows them to protect their investment, remain abreast of the latest technological developments and choose from a wide spectrum of different manufacturers.

Standardization brings its own risk potential

Standardization as a result of regulations and market share

Standardized processes and components have managed to stand the test of time. They prevent costly stand-alone solutions which become almost impossible to update and maintain after a certain period. Internationally introduced standards also act as a catalyst to knock-on developments which provide benefits to all their users. The best known example of a standard which spread to take on worldwide significance was the one introduced in 1922 by the German Standards Institute DIN governing paper formats.

Since this time, every consumer knows the size of a DIN A4 sheet or how to most usefully fold it to fit into a C5 envelope. Taken in conjunction with the ASCII standard introduced 45 years later, every printer knows the position at which it needs to reproduce each character so that the printout complies precisely with the completed Word document. Standards offer the user the freedom to change manufacturers if required – for example, to opt for a more attractive faucet in the bathroom.

In the office environment, certain programs and formats have become established as de facto standards simply because of their widespread use by millions of consumers. The first examples that come to mind are operating systems and Office programs, largely produced by Microsoft. In line with this example, efforts are under way to deploy familiar operating systems and control philosophies across the board in the operating controls, monitoring systems and management systems used in industry. When Windows-based systems work perfectly, when the required information is accessed quickly and reliably, when the data is still there just where it was filed years before – then we love them. Love quickly turns to hate when production comes to a halt because a bit is corrupted, when report data has to be re-entered because applications are unable to supply compatible data, or the transmission line fails. The greater the market share commanded by a software product, the greater the degree to which it is accepted as the standard. If we wish to enjoy the benefits of standards, then we also have to put up with the manufacturer’s release and model policy. The greater the degree of accessibility, compatibility and standardization achieved by these systems, the more they are at risk. The alternative is internal development, and stand-alone solutions which are disjointed and disconnected from technical progress.

New risks occur with new technologies

The more vital the part played by IT becomes to industry, the more difficult it becomes for companies to isolate themselves from the global exchange of data. There is also a greater the risk that dangerous security gaps will be created within their communication networks. This is why intrusion detection tools are at work day and night in modern companies. Their aim is to head off problems before they occur, and to identify and eliminate any probes to the network’s integrity.

Unfortunately, it is no simple matter to trace back or prosecute detected intruders. The last line of defense is then often to simply cut the connection. However, this will not solve the problem because the probe that the intruder used to gain access to the system might still be causing problems there. The only resort is for a company to harden its communication network, which means the system is unable to process online orders, exchange email, communicate with the supply chain, etc.

Situations which might appear acceptable in the office environment will cause enormous problems to industry: While many Windows operating systems offer a large number of safety features such as encryption, authentication or firewalls, on average at least one security breach comes to light every week. This can be remedied immediately using a patch. But for industry, this would mean changing the IT landscape fifty times a year. In addition, patches have to be tried, tested and approved for industrial application. Untested patches could result in significant loss of performance in the machines and plants running these operating systems. Furthermore, in continuously operating processes in the petrochemical industry or in steel and rolling mills, it is impossible for a processor to be simply shut down briefly and then rebooted.

Industrial security levels

Areas of weakness in the various operating systems are certain to come to light over the coming years, because a 100 percent guarantee simply isn’t possible. Consequently, the aim of industrial cyber security must be to decrease the likelihood of a successful attack. This means that security is more than just a technical solution. Rather, all components and company processes must be fundamentally oriented towards the achievement of security. Durable protection can only be provided by security policies which make use of sound expertise and are anchored in every stage of the electronic business process from the very beginning. If we then envision this scenario in a communication network comprising 3,000 users, various branch offices and mobile laptops, then the amount of work involved for the administrators comes into perspective.


Office security and Industrial security focus on different targets

Without the use of automated processes and tools, and without a company-wide security policy, this daunting task can only be managed with extreme difficulty. This makes choosing the right IT strategy decisive to business success The only way to successfully protect the digital factory is to balance the competing requirements for availability, topicality, security, TCO (total cost of ownership), investment safeguarding, compatibility and scalability.