Information security of industrial internet brings a competitive edge

Whenever the industrial internet is discussed, information security is almost always mentioned. For example, Konecranes' CEO Pekka Lundmark's statement ’Industrial internet will rise or fall with information security’ has been quoted in the media countless times. In this posting I want to clarify what his statement means in practice.

The Finnish manufacturing industry is moving towards the industrial internet at full speed. In terms of future success that is an excellent thing. However, many organisations are taking unnecessary risks and moving forward in a way that can eat away any advantages gained.

In the worst case we also lose confidence in innovations that utilise the industrial internet, for it is these innovations we need to maintain our competitive edge in a global economy.

The advantages and risks of digitalization

The digitalization of industrial services is gaining speed. Tough international competition is pushing service providers to move form selling spare parts to promising customers a higher level of availability. This is achieved by constantly monitoring system usage and status, servicing remotely, anticipating malfunctions and timing part replacements just right. 

Remote control and analysis tools can also help in utilising specialist resources more effectively. Sending a specialist to optimise a production process or solve a problem at a client's production facility on the other side of the world is costly and time consuming Everyone benefits when most of the issues can be handled remotely.

The risks involved in digitalization are largely due to the fact that old industrial device and system platforms were designed to operate in isolated environments and have not been updated to meet increasingly tight information security standards. Now these systems are being punched full of holes in the name of the industrial internet. And since production system networking is still a new thing in an industrial setting, very few organisations have a clear idea about who is responsible for the information security of industrial services.

Stop hitting the brakes

Carelessness in information security acts like the brake pedal: even good product and service innovations get choked by the well-founded security concerns of IT professionals. Carefully designed information security measures can enable the implementation of effective, new innovations and the advantages gained by their full utilisation.

So instead of hitting the brakes, we should be flooring the gas.  And this can be done when information security is well taken care of.

The fast and the agile will get to pick the cherries off the cake. When information security is made a priority from day one of a development process, the application can quickly be implemented into the production process. If information security is not taken into consideration in time, it can take months to run through all the required checks and updates.

With proper management, services can be reliable and robust. Industrial big data can be quickly utilised even from critical infrastructure environments, provided the sourcing process is properly protected.

Typical information security challenges in industrial environments:

1. Responsibility for information security has not been assigned: Responsiblities regarding information security have not been defined for the business units in charge of developing industrial internet or between system suppliers and end-user organisations.
2. Industrial systems have long lifecycles while information security challenges are constantly changing. When implementing industrial internet services it is important to consider the lifecycle phase of surrounding industrial systems and their protection.
3. System and service providers are keen to collect industrial big data, but they've neglected to ask their clients for permission or haven't properly assigned responsibility for protecting the process.
4. Organisations do not have the resources to identify or react to information security attacks targeting industrial systems. 
5. This posting is an introduction to a series of blog posts discussing information security of industrial internet. In our next blog post we'll write about Nixu participating in the IAEA's international conference on information security of nuclear power plants.