Bayshore Networks: Industrial-Strength Cyber Security Requires Trust

As the Industrial Internet of Things (IIoT) and machine-to-machine communications (M2M) movements gain speed, some companies are asking themselves, "Wait. How much information do we really want to flow in and out of our premises? Aren't we supposed to be doubling down on cyber security?"

It's an excellent question, particularly for industrial organizations. Industrial control systems (ICSs) are highly susceptible to attacks because of their cyber-physical nature: a computer network responsible for controlling industrial and manufacturing machinery.

For many companies, this means protecting machinery and employees by layering on heavy security. Unfortunately, in doing so, they miss out on the benefits of a strongly networked system that shares data with partners such as equipment vendors. For this reason, manufacturers are being called upon to balance safety and security with productivity and flexibility.

The IIoT, at its very heart, requires a company be strongly connected to the outside world. For industrial organizations running complex machinery, broad networking relationships can be wildly beneficial, potentially leading to significant efficiency and operational gains.

According to Francis Cianfrocca, founder and CEO of Bayshore Networks, the cyber security that protects these industrial partner relationships, however, is an underserved topic. If companies that make machines for industrial use are going to help customers get the most out of the equipment, particularly when run as platform-as-a-service or machine-as-a-service, they require data -- and lots of it.

"Today, machines throw a lot of telemetry," Cianfrocca told Design News. "The makers have a great deal of knowledge about what can go wrong and how to operate them efficiently. Data communications between users of the equipment and makers of the equipment can solve a lot of problems."

But Cianfrocca said it's not easy. For starters, customers are hesitant to allow data to flow to and from their premises, and they believe that operating in isolation, or "air-gapping," helps protect their operational technology (OT). Next, many are loathe to allow vendors to have access to information they believe could violate data confidentiality or proprietary information.

MORE FROM DESIGN NEWS: Not Even Air-Gapped Computers are Secure

"Let's say you're a large industrial company," said Cianfrocca. "You use a lot of machines from a particular vendor. In order for you to send telemetry back to that vendor so they can run analytics and provide suggestions on how to improve efficiency and operating costs, you'll need to set up a communications pathway that bridges the network environment between the OT and the IT. That's a big set of challenges."

Equipment vendors need to convince customers to allow them to maintain these communications pathways. It's a tall order, as many industrial operators simply don't trust an Internet link, and they may be suspicious of vendors' motives and/or unconvinced of their capabilities of keeping the link -- and the data that flows over it -- secure. As a result, many equipment users will permit only a limited amount of information to flow back to their vendors.

According to Cianfrocca, some industrial organizations believe they're doing the type of analytics work that can help lead to zero machinery downtime by feeding telemetry back to equipment vendors. Unfortunately, they're not doing nearly enough of it, and they're not using predictive analytics.

"They do it once a month with a very small set of data on a small set of machines, using STP," he told us. "That's not nearly enough. What you need to do is feed telemetry from every machine once a minute. The quality comes from the quantity of the data. If the vendor has a whole lot more data, they can use predictive analytics to achieve zero downtime and deliver new business models that benefit end users."

To gain the most out of the vendor-customer relationship when it comes to industrial machinery, end users will need to become more trustful of their vendors' motives and ability to handle sensitive data. That said, vendors need to earn the trust of their customers with the right security protocols. In part two of the interview with Cianfrocca, we'll look at the safeguards that need to be put in place in a machine-to-machine environment.

Bayshore Networks will be a key presenter at Atlantic Design & Manufacturing in New York City, June 9-11, and at Design & Manufacturing Canada in Toronto, June 16-18, discussing industrial connectivity and cyber security. Both Design News events, Atlantic D&M and D&M Canada will offer a comprehensive education conference program on smart factories of the future.

Tracey Schelmetic graduated from Fairfield University in Fairfield, Conn. and began her long career as a technology and science writer and editor at Appleton & Lange, the now-defunct medical publishing arm of Simon & Schuster. Later, as the editorial director of telecom trade journal Customer Interaction Solutions (today Customer magazine) she became a well-recognized voice in the contact center industry. Today, she is a freelance writer specializing in manufacturing and technology, telecommunications, and enterprise software.