The most exciting thing about new technologies in industry is that machines can communicate with one another as well as with humans, workpieces, and so forth. This provides opportunities for machine learning, for increased flexibility and speed, and for many new capabilities we haven’t even dreamed of yet.
The most frightening thing about new technologies in industry is that machines can communicate with one another as well as with humans, workpieces, and so forth. This provides opportunities for hacking, cybercrime, and sabotage we haven’t even dreamed of yet.
Worry about security is one of the biggest obstacles to moving forward with Industy 4.0. The idea of adding machines and therefore people outside the plant to the security equation is a major concern for many decision makers.
As is so often the case, there’s a human element that often gets left out of these discussions. The most common threat to security is not the criminal mastermind who manages to hack into the system. It’s the guy who leaves his computer on and logged in when he leaves for lunch. Oh, and leaves his office door open, and the papers he was working with out on the desk. That’s the usual source of data breaches.
Packaging World magazine did a survey recently which illustrates this point perfectly. In the survey, they discovered that 51% — just over half — of the companies they surveyed had a policy specifying who is allowed to add new devices to a network.
That was the good news. Only 26% have recovery plans in place. Only 19% have a tech plan that addresses cybersecurity at all. Only 14% have analyzed their systems to figure out where data is located. Only 9% follow ISA99 cybersecurity standards.
And yet the same survey found that 71% of OEMs responding would provide remote service for their machinery if they had access. 39% would offer software updates. 32% would provide predictive maintenance services. 29% would monitor and report on their machinery.
These are familiar services for computer owners. They would probably be highly beneficial for the end users involved in the survey. But these services are not available to end users, the OEMs said, because they are not allowed access.
The lack of cybersecurity action beyond refusing access is startling. But the problem is not that the end users are insecure if they allow access. Instead, it’s that they won’t allow access because they’re insecure.
How’s your cybersecurity?