Industry 4.0, IIoT, smart manufacturing – catchphrases we’ve been exhaustively talking about for years, with visions of factory floors filled with futuristic robots and drones like something out of Star Trek. For many companies though, these are no longer just buzzwords, or something only pictured on TV. A 2021 McKinsey & Company survey indicates that a majority of global manufacturing companies (94% of the respondents) were able to keep their operations running during the pandemic, thanks to Industry 4.0. More than half of them (56%) also said technologies had been crucial in responding to the situation.
With the rapid acceleration in the digitization of the supply chain predicated by the COVID-19 pandemic, recent studies show that we have vaulted five years forward in digital business adoption, with manufacturers actively developing plans for “lights out” factories and supply chains. As the demand for remote operations increases, more and more connected devices are coming online and in turn, an increased attack surface for potential cyber security bad actors. The divide between IT and OT starts to fade and with that, the rise in prominence of the IT function on the factory floor. This places the CIO in an even more crucial role, especially when it comes to the criticality of maintaining secure operations. People, process, and procedures will always be integral in securing network environments, including the edge.
The industrial edge enables resiliency
A main driver of resiliency in manufacturing environments has been through distributed IT environments, including edge data centres, to improve speed and lower latency with this increase in data from connected products. For industrial operators to reap the benefits of this digitization and automation, CIOs are deploying edge data centres in manufacturing settings to ensure they have the capacity to capture this incremental amount of data.
Local edge data centres are used to enable these connected endpoints on the network. As a distributed model, computing, aggregation, and analysis occur at the physical site instead of being sent to a server sitting at a centralised site or onto the cloud. This infrastructure includes IIoT devices, switches, routers, servers, virtual. An IT edge environment in an industrial setting includes a plethora of distributed endpoints and, in turn, increases the attack surface for cyber criminals and hackers. A challenge of edge computing for CIOs is security and how to manage the increased risk.
Cybersecurity best practices for edge computing
Managing this risk requires the proper implementation of security best practices for devices, networks, and applications. IT decision makers with a distributed IT environment will need to implement a comprehensive cybersecurity approach focused around these four tactics:
-
Selection criteria: Microsoft introduced the Security Development Lifecycle (SDL) to consider security and privacy concerns throughout the entire software development process. It’s important to validate that vendors develop their applications, devices, and systems following a well-implemented SDL. A properly integrated SDL process can reduce vulnerabilities and coding errors with the necessary mitigations to secure the application, device, and system, while, improving the reliability of the software and firmware. Another popular standard, IEC 62443, is accepted worldwide in defining security standards developed by industrial control experts. This standard specifies process requirements for the secure development of products used in industrial automation and control systems as well as edge IT applications. It defines a secure development lifecycle (SDL) for the purpose of developing and maintaining secure products. This lifecycle includes security requirements definition, secure design, secure implementation, verification and validation, defect management, patch management and product end-of-life.
-
Secure network design: As edge computing evolves and grows, so will the need to design network security for the devices and systems running in the edge. Securing access to the edge should include only providing access to resources via encrypted tunnels (i.e., VPN) and the proper implementation of firewalls and access control systems. Other best practices categories for securing networks and the edge include a defence-in-depth methodology and network segmentation.
-
Device configuration: Before an embedded device or software-based system is used in an edge application, proper analysis should be done to understand how the device / system communicates and how the device /system functions within the use case that is required by the customer to operate at the edge. Best practices for device configuration include performing vulnerability assessments upon receipt of the device, verifying that the device can be configured to disable any unsecure protocols and finally, ensure all patches and updates for the device are current before final deployment.
-
Operation & maintenance to reduce the risk of breaches: While there may be specific best practices for particular applications, patch management, vulnerability management, and penetration testing are good practice categories that apply to operating and maintaining all edge applications.
Edge computing provides high-speed delivery of data for edge applications, essential for today’s business. It reduces network latency by providing the processing and delivery of needed information locally. Edge security must maintain integrity, availability, and confidentiality to support and strengthen business needs and objectives.