Industry 4.0, IIoT, smart manufacturing – catchphrases we’ve been exhaustively talking about for years, with visions of factory floors filled with futuristic robots and drones like something out of Star Trek. For many companies though, these are no longer just buzzwords, or something only pictured on TV.
Malaysian companies also fall in line as 77 percent have indicated that they are prioritising technology adoption in the near term in an effort to accelerate their business adaption to the new normal, according to Ernst & Young’s 2022 Business Pulse Survey. Almost half of them (43 percent) are also optimistic that businesses will recover to pre-pandemic levels within one to two years as Malaysia moves into the endemic phase. With an increase in the digital adoption rate among businesses after the onset of the pandemic, the study outlined that 48 percent of large companies and 37 percent of micro, small, and medium enterprises have found that the adoption of digital technologies has made the most positive impact during the pandemic.
On top of that, there is increased demand for remote operations. More and more connected devices are coming online and in turn, an increased attack surface for potential cyber security bad actors. The divide between IT and OT starts to fade and with that, the rise in prominence of the IT function on the factory floor. This places the CIO in an even more crucial role, especially when it comes to the criticality of maintaining secure operations. People, processes, and procedures will always be integral in securing network environments, including the edge.
The industrial edge enables resiliency
A main driver of resiliency in manufacturing environments has been through distributed IT environments, including edge data centres, to improve speed and lower latency with this increase in data from connected products. For industrial operators to reap the benefits of this digitisation and automation, CIOs are deploying edge data centres in manufacturing settings to ensure they have the capacity to capture this incremental amount of data.
In Malaysia, only 27 percent of companies have leveraged edge computing while 38 percent said edge computing is new to them, according to Tech Research Asia’s 2020 survey on edge computing in the Asia Pacific. The report also found that 32 percent of local companies deployed the edge computing solutions using their existing data centres; 11 percent will be building new data centres; and nine percent will facilitate their edge computing with colocation facilities.
Local edge data centres are used to enable these connected endpoints on the network. As a distributed model, computing, aggregation, and analysis occur at the physical site instead of being sent to a server sitting at a centralised site or onto the cloud. This infrastructure includes IIoT devices, switches, routers, servers, and virtual. An IT edge environment in an industrial setting includes a plethora of distributed endpoints and, in turn, increases the attack surface for cybercriminals and hackers. A challenge of edge computing for CIOs is security and how to manage the increased risk.
Cybersecurity best practices for edge computing
Managing this risk requires the proper implementation of security best practices for devices, networks, and applications. IT decision makers with a distributed IT environment will need to implement a comprehensive cybersecurity approach focused on these four tactics:
- Selection criteria: Microsoft introduced the Security Development Lifecycle (SDL) to consider security and privacy concerns throughout the entire software development process. It’s important to validate that vendors develop their applications, devices, and systems following a well-implemented SDL. A properly integrated SDL process can reduce vulnerabilities and coding errors with the necessary mitigations to secure the application, device, and system, while, improving the reliability of the software and firmware. Another popular standard, IEC 62443, is accepted worldwide in defining security standards developed by industrial control experts. This standard specifies process requirements for the secure development of products used in industrial automation and control systems as well as edge IT applications. It defines a secure development lifecycle (SDL) for the purpose of developing and maintaining secure products. This lifecycle includes security requirements definition, secure design, secure implementation, verification and validation, defect management, patch management and product end-of-life.
- Secure network design: As edge computing evolves and grows, so will the need to design network security for the devices and systems running in the edge. Securing access to the edge should include only providing access to resources via encrypted tunnels (i.e., VPN) and the proper implementation of firewalls and access control systems. Other best practices categories for securing networks and the edge include a defence-in-depth methodology and network segmentation.
- Device configuration: Before an embedded device or software-based system is used in an edge application, a proper analysis should be done to understand how the device/system communicates and how the device/system functions within the use case that is required by the customer to operate at the edge. Best practices for device configuration include performing vulnerability assessments upon receipt of the device, verifying that the device can be configured to disable any unsecured protocols and finally, ensuring all patches and updates for the device are current before final deployment.
- Operation & maintenance to reduce the risk of breaches: While there may be specific best practices for particular applications, patch management, vulnerability management, and penetration testing are good practice categories that apply to operating and maintaining all edge applications.
Edge computing provides high-speed delivery of data for edge applications, essential for today’s business. It reduces network latency by providing the processing and delivery of needed information locally. Edge security must maintain integrity, availability, and confidentiality to support and strengthen business needs and objectives.
In essence, while companies and MSMEs understand the importance of digitalising their businesses to sustain and survive through the situation, it is also vital to note that improper implementation of digital technologies may lead to security risks that may jeopardise the business. CIOs and IT decision makers need to ensure companies have the necessary skills to mitigate the risks diligently. Thus, it is important for companies to form meaningful partnerships and work hand-in-hand with digital management and automation experts to achieve business sustainability and survive through the pandemic.
