Integrating Cybersecurity into System Design

Would you build a highway up a steep mountain and then wait for cars to start falling off before installing guardrails?  That’s often how cybersecurity gets added to products and services—as an afterthought—according to a recent article in Harvard Business Review titled Cybersecurity Needs to Be Part of Your Product’s Design from the Start.

The article says that security must be intrinsically designed into new products, services, and business activities, rather than added on.  If not, those who attempt to secure the service or product later on may not fully understand how it works, leaving potential gaps that hackers can exploit.

A changing role

Like civil engineers who anticipate the risks of winding mountain roads, product and system designers need to be more proactive in their approach.  The role of cybersecurity has to change, according to the article.  It says, “To be successful, companies must ensure that their products, services, and business operations are proactively resilient to cyber attacks by changing the role of cybersecurity in digital innovation.”

Cybersecurity should become an intimate part of the innovation process.  It must be integrated into the design of each component as it is being built, as well as when these components are assembled into larger systems.  This expanded role calls for deep collaboration between design and security teams.  Designers need to share details for how the product or service is built and will function, while security experts must provide guidance on how to implement best practices at each step.

Skkynet’s approach

Product design at Skkynet has been following this model for decades.  Fully aware of the high risk of transporting mission-critical production data across insecure networks, our design and security teams collaborate continually in the development of Cogent DataHub software. For years our DHTP (DataHub Transport Protocol) has provided a solid cornerstone for secure OT/IT networking, giving access to production data without exposing the networks.

With the DataHub software as a basic component, and following our documented recommendations, process control engineers and system integrators are ready to design security into their system architectures, and implement it as they build them.  When new requirements come up, such as a need to isolate OT and IT networks using a DMZ, they are fully equipped—even able to surpass the security capabilities of major industrial protocols like OPC and MQTT.

There’s no chance of forgetting the guardrails on this highway.  They come pre-installed with each meter of pavement.  Skkynet’s tools are secure by design so that our customers can build security into their systems from start to finish.

Handling the Mid-Life Crisis in Digital Transformation

A recent survey conducted by the ARC Advisory Group says that manufacturers are going through a “digital transformation mid-life crisis.” The results of the survey have not been published, but a new article in Microsoft’s Technology Record gives an overview. And it matches what we’ve been seeing.

Responding to the pandemic, supply chain issues, war, and economic fluctuations, more manufacturers than ever are embracing digital transformation. But despite the benefits, they face problems scaling up, implementing security, putting together disparate systems, and building a unified data model. As a result, we are seeing growing interest in Skkynet technologies that directly address these issues.

Scaling Up

“The main takeaway is that most manufacturers are well on their journey to digitalization, but continue to face complexities to scale out,” says Rodriguez Lepage, Microsoft’s director of product marketing for manufacturing.

This is not surprising, since many of the solutions being tried are new to the industrial space. Those vendors lack experience working with real-time data coming from dozens of sources using multiple protocols at scales of hundreds of thousands of data point changes per second. This has been our wheelhouse since day one, and we thrive in this environment.

Security

“One of the major issues impacting how far manufacturers have progressed on their transformation journeys is security,” the article said. These enterprises are getting plenty of support in the cybersecurity war from both the tech sector and governments.

The White House and European Union in its NIS 2 Directive have laid out requirements for secure networking of industrial data that call for segmenting OT and IT networks using DMZs. Skkynet’s DataHub tunnel/mirror technology, continually being refined for over 20 years, provides an off-the-shelf solution for network segmentation across DMZs that is unmatched in the marketplace.

Puzzle Pieces

The article points out how manufacturers struggle with large numbers of industrial applications and protocols. “Some will have thousands of different vendors, equipment, proprietary protocols and applications that they’re trying to stitch together,” said Lepage. “They’re all looking for help with digitalization, with IT connectors to the enterprise systems and OT connectors to manufacturing execution systems (MES).”

This kind of connectivity has been a Skkynet mainstay since its inception. Our DataHub technology was created to connect one vendor’s industrial operating system with another vendor’s HMI system, in real time. Protocol conversion, TCP networking, and real-time data handling were built into that application, and continue to be heavily featured in today’s products and services.

Unified Data Model

“Connecting OT and IT, and creating a unified and extensible factory data model also came out as a high priority for manufacturers to accelerate their digitalization efforts,” said Lepage. “Ease of use in terms of interoperability with the standard tools is also important.”

As they move towards digital transformation, companies are beginning to value how Skkynet’s DataHub architecture provides the unified data model they need. Each application connects using its own protocol to send or receive data. Whenever any data value changes, the unified data set updates, and the new value goes to each connected application in its own protocol.

Crisis? What crisis? Skkynet has been on top of these issues for over 25 years, before most people even heard of digital transformation. We’ve done this by developing a deep understanding of the principles of industrial data communication, and building them into all our products and services.

Industry Embraces Big Data

We blogged about Big Data six years ago. Back then, pushing industrial data to the cloud in real time was a novel idea. Collecting industrial data within the plant for on-site use had been going on for decades, but few companies were integrating that data with enterprise IT or analytical systems.

Today, all that is changing. IoT and Industrie 4.0 are ideal for connecting industrial processes to Big Data. Progressive companies routinely use digital transformation to feed analytical systems to improve performance across the enterprise. Others are taking notice, trying to catch up. A recent research project by Automation World points to the growing rate of acceptance and adoption of Big Data among system integrators and end users, and how they leverage it.

Half of the system integrators in the study report that most or all of their clients collect production data to run improvement analysis. A quarter of the end-users surveyed say that they collect data from over 76% of their systems and devices.

While most of the data being collected is for in-plant improvements in equipment and maintenance operations, somewhere between 40% and 54% is also being used for Industry 4.0, smart manufacturing, or digital transformation initiatives. Pulling Big Data from the shop floor has become that important in just a few years time.

Data collection technologies

Despite the move towards Big Data, the most widely-used approaches to collecting data are still hand-written notes entered into a spreadsheet, as well as on-site data historians, according to the report. So for many users, the technology hasn’t changed significantly since the 1980s. However, cloud and edge technologies are gaining acceptance, being used at some level in about one fourth of the facilities reported on.

The survey didn’t specifically address it, but we see that some technologies originally developed for in-plant use—most notably data historians—are now widely used in edge and cloud scenarios. Some of the most well-known real-time data historians have cloud equivalents, or can be run on cloud servers. As a result, there is no clear line between traditional data collection and IoT-based systems, and there doesn’t need to be.

What is needed is secure, real-time data communication between the plant and the office or cloud. As high-quality data communication is more widely adopted, and as companies implement digital transformation in more areas, we can expect to see a huge growth in Big Data applications to optimize resource use, increase production efficiencies, and bolster the profits of the enterprise.

North Sea Oil-to-Wind Transition

Way back in 2018 the Norwegian oil company Statoil changed its name to Equinor. This marked a clear shift in company policy, a transition to broader range of energy sources such as wind and solar. That change was highlighted in a recent Supplier Day event held during the Offshore Northern Seas (ONS) 2022 event at company headquarters in Stavanger, Norway. Over the course of two hours, it became clear that Equinor invites its suppliers to make this transition with them.

“We really want to progress the acceleration of the energy transition together,” said Mette H. Ottøy, chief procurement officer for Equinor. She told the audience of well-established providers of equipment and supplies for offshore oil and gas extraction that the company will now be looking for new suppliers of renewables, as well as those that can make the transition.

“I think we will need a whole range of different suppliers,” she said, “those competent and experienced within oil and gas, and new suppliers within renewables and low-carbon solutions.” Then she added, “And suppliers that have been with us for a long time within oil and gas that are actually able to transform themselves, that is also something that we are working on.”

Making the Transition

The transition has been interesting so far. Spoken presentations were punctuated by videos of Equinor suppliers installing oil platforms and erecting offshore wind turbines. You could see the similarity of technology and hardware needed to construct platform bases and wind-turbine pylons on the ocean floor—structures capable of supporting the necessary equipment. Certainly those engineering and construction companies are well-positioned to make the transition, with perhaps some adjustments in product design and implementation.

From our side, the transition is even easier. Data is data, after all. Whether it comes from an oil platform or a wind turbine, a secure, robust connection between the offshore equipment and onshore facilities is vital for safe and efficient operations. The same, secure DataHub tunnelling technology that Equinor has been using for years works equally well for renewable energy sources as it does for oil and gas. And the Equinor suppliers that also use DataHub technology will have an effortless transition as well.

Safety and Cybersecurity

Safety is the number one priority at Equinor. And for connecting remote systems through networking, that means cybersecurity. “Interconnected industry is what we have become,” Ottøy said. “We share data, we share systems, and links, and like it or not, an attack on one is an attack on several, and sometimes it’s actually an attack on all. Cybersecurity is becoming increasingly important, and digitalization of the energy industry is something that is increasing that risk, no doubt.”

This issue is front of mind for many in the industry: how to gain access to production data without compromising on cybersecurity. It is possible—with the right approach. Our recent white paper, Accessing Production Data vs Cybersecurity? Why not both? explains the challenges, pitfalls, and best practices in detail.

As the world faces ever-worsening effects of climate change, we fully support Equinor in their initiative to transition from traditional to renewable energy sources and low carbon technologies. We are pleased to see the company respond to the needs of the times, and equally pleased to play a part in making their transition a success.

Calling for Resilience

Tough times demand tough measures.  A recent convergence of three disruptive forces on industrial automation calls for resilience, according to the report of a recent survey from Claroty, The Global State Of Industrial Cybersecurity 2021: Resilience Amid Disruption.  These forces are: an increase in ransomware attacks, accelerated digital transformation, and a growing trend towards working remotely. What’s needed is more investment in improved technology and the hiring and training of staff, according to the majority of the 1,100 IT and OT (operations technology) security professionals interviewed.

The number of ransomware attacks sustained by industrial enterprises, and the costs involved, are staggering.  A full 80% of the companies surveyed were hit, including a breach of their OT/ICS (industrial control systems) for more than half of them.  Over 60% paid the ransom, with an average payment of around $500,000 USD, and over $5,000,000 for some.  That doesn’t count the cost of lost production downtime, which for the companies surveyed ranges from tens of thousands to millions of dollars per hour.

At the same time, the need for networking industrial data is stronger than ever.  Fully 90% of these companies report that they sped up adoption of digital transformation since the start of the pandemic, and don’t anticipate turning back.  Adding to that, working remotely has become a new normal.  Just 21% of the companies surveyed had their full staff working onsite in 2021, and only 27% expect to have everyone back working onsite after the pandemic.

Secure data communications are vital

Taken together these trends indicate a strong demand for secure data communications.  Claroty, the industrial cyber security company that sponsored the survey, offers five technical and procedural  recommendations.  For data communications, the report said maintaining proper segmentation between OT and IT networks can be a highly effective defense against ransomware:

“There are many business processes and applications that need to communicate across the IT/OT boundary, so organizations need to ensure this is done in a secure way. Ensuring an organization’s OT network and assets are isolated from IT in a manner that aligns with segmentation best practices can be a highly effective means of stopping the lateral spread of ransomware and other malware from IT to OT.”

Responding to this need for network isolation, Skkynet offers a wide range of secure solutions for in-plant, OT/IT, and cloud connectivity.  Industrial enterprises large and small have come to recognize the value of our secure-by-design approach that gives them full access to their production data while keeping their OT networks secure behind DMZs and fully closed firewalls.  Skkynet’s software and services answer the call for resilience.

Real-Time Manufacturing Trends

The world of industrial automation is changing rapidly, generating a need for real-time manufacturing.  Most industrialized nations are seeing their economies shift from labor-rich to labor-scarce, forcing plants to automate to keep costs down.  At the same time, consumers are demanding more customized products and sustainable use of resources, which requires smarter and more versatile production lines.  Adding to the challenge, obtaining raw materials and parts has become less predictable since the start of the pandemic, creating a need for more dynamic and flexible supply chains.

Responding to these circumstances, executives and managers are increasingly adopting new ways of managing their businesses, according to Bill Lydon at Automation.com.  In a recent report, The Digitalization Dozen, he wrote: “The foundations of manufacturing and production are being reshaped by their integration into a comprehensive real-time business system, creating more efficient and responsive production to increase sales and profits.”

Real-time data

Real-time business systems rely on real-time data.  ERP (Enterprise Resource Planning) systems of the past were not directly synchronized with operations, providing data that was weeks or months old.  That led to the use of MES (Manufacturing Execution Systems) which are quicker, but add a layer of cost, complexity, and fragility.  What is needed, according to Lydon, is to rebuild the enterprise as a real-time manufacturing business.

A few pioneering companies have read the writing on the wall, and are now looking at ways to implement the necessary changes.  Melanie Kalmar, spokesperson for Dow Corporation said, “We are really focused on being a real-time company, using and leveraging the data we have to drive better decisions, be a more sustainable company, and a favored company.”

Many others will follow, says Lydon.  He explains how digital communication in real time unifies the corporate vision by providing accurate and timely data for interested parties throughout the enterprise, as well as among suppliers and customers.  This data transparency keeps employees at all levels well informed, improving their decisions, which leads in turn to greater success.

Closed-loop operations

Lydon envisions a digital manufacturing architecture that is real-time, synchronized, and optimized through the use of “closed loop operations of IT and Operational Technology OT groups.”  By this he means that data coming from sensors and field equipment, edge devices, plant or process operations gets passed in real time to business systems like digital twin models and analytical tools, including artificial intelligence engines.  These systems pass commands back to the OT systems in a closed loop, all in real time.

Needless to say, this must all be based on secure, bidirectional real-time data communications.  Security is essential because plant and operations networks must be kept isolated, completely separate from business networks.  And robust, bidirectional real-time communication is necessary for closed-loop performance.  Otherwise it would be like driving a car with a three-second lag between the steering wheel, brake pedal, and tires―a recipe for disaster.

Other trends

Two other trends in industrial automation are helping make real-time manufacturing work.  The first is wide-spread use of open standards like TCP and OPC (Open Process Communication).  Open data communication standards like these give multiple vendors a chance to compete and contribute, which brings new ideas and more product choices for system designers and integrators.  Industrial systems are complex, with a wide variety of sensors, devices, tools, machines, and other components that need to be connected seamlessly.  Standard protocols make these connections possible.

A second trend is towards less programming, by using off-the-shelf software and services.  These make it easier, faster, and cheaper for a system integrator to test, build, and deliver a working automation system. A generation of engineers who had to build solutions from scratch is retiring, just as systems are growing more complex.  The new generation understands the value of using ready-made tools to quickly implement solutions, rather than starting from the ground up on each new project.

From our perspective, these trends all point towards a need for products and services that provide secure, real-time industrial data communications.  Our latest release, DataHub 10, runs both on-site or in the cloud, connects OT to IT securely through DMZs, and supports real-time networking of live and historical data. It is well positioned to lead the way for digital and real-time manufacturing.