In a recent interview with Design News, Bayshore Networks Founder and CEO Francis Cianfrocca said machine-to-machine (M2M) technology, including the streaming of operational telemetry back to machine designers and suppliers, allows manufacturers and plant operators to get the most out of their equipment while helping vendors improve their systems. However, security concerns have inhibited the growth of these networked relationships between vendors and machinery users, he noted. Many worry about data confidentiality and giving away trade secrets as well as cyber attacks.
Industrial users simply don’t trust their vendors’ motives for requesting operational data. But safety concerns prevent other companies from allowing broad communications links with their equipment vendors. This connectivity, they feel, could violate line-of-sight rules that protect their workers from sudden machine start-ups and shutdowns. Network-authorized personnel who might not be physically near machinery -- and therefore are unable to know if safety protocols are being followed -- can unwittingly endanger machinery, workers, and production processes.
Cianfrocca said in order to keep in line with safety protocols, industrial networks need to be filtered in a semantic way so that only information related to diagnostics is flowing back to the vendor and that any communications that could be used for remote machine operations are suppressed. The problem, he said, is that very few industrial networking technology companies today are willing to offer these secure and customized communications. And what they do offer, customers don’t trust.
“Many industrial companies refuse telemetry to machine vendors for reasons of confidentiality and security,” he told Design News. “There is a great deal of desire to do these communications, but they are perceived as carrying too much risk. You can burn up a machine or endanger the safety of an operator if you do it improperly.”
MORE FROM DESIGN NEWS: Industrial-Strength Cyber Security Requires Trust
Companies with gaps in their security can also expose themselves to breaches of local and/or environmental regulations, such as those for emissions and energy use. The challenge then becomes: How can machine makers deliver the kind of advanced services that customers want, including zero downtime, while successfully addressing the security and safety concerns that their customers have?
“New technologies are needed, and the industry is only at the beginning of figuring that out,” Cianfrocca said.
Many existing IT security solutions simply aren’t designed for the unique safety needs of industrial users. Production environments are in constant flux, with machines being added and removed and firmware being updated all the time. According to Cianfrocca, there is a great deal of concern about the specific location of machines within production environments, and these concerns haven’t been well addressed by much of the IT security industry.
MORE FROM DESIGN NEWS: Executives Need to be on the Hook for Cyber Security
“Security safeguards around machine-to-machine communications between partners involve all the standard cyber-security practices familiar from IT: encryption, identity controls, firewalling,” he said. “However, they also must include content-based policies on the network links that carry control signals and telemetry to and from production environments. This additional security layer is required because firewalling alone is not enough to prevent machines from being operated unsafely by remote operators because telemetry must often be filtered to prevent leakage of sensitive data while permitting transmission of diagnostics and other information required for regulatory compliance.”
Industrial companies will not be able to buy off-the-shelf solutions that accomplish this. Instead, they will need partners that can help them deploy protective technologies that are capable of understanding machine-to-machine protocols, data models, and transactions in much greater detail than that is typical for firewalls and IDS/IPS systems.
These solutions, which are scarce today, will involve partnerships between cyber security firms, network communications providers, and industrial players. The ultimate goal is effective connectivity and data sharing inside the protective shell of operational, safety, and security policies.
Bayshore Networks will be a key presenter at Atlantic Design & Manufacturing in New York City, June 9-11, and at Design & Manufacturing Canada in Toronto, June 16-18, discussing industrial connectivity and cyber security. Both Design News events, Atlantic D&M and D&M Canada will offer a comprehensive education conference program on smart factories of the future.
Tracey Schelmetic graduated from Fairfield University in Fairfield, Conn. and began her long career as a technology and science writer and editor at Appleton & Lange, the now-defunct medical publishing arm of Simon & Schuster. Later, as the editorial director of telecom trade journal Customer Interaction Solutions (today Customer magazine) she became a well-recognized voice in the contact center industry. Today, she is a freelance writer specializing in manufacturing and technology, telecommunications, and enterprise software.