In today's interconnected world, machines are no longer isolated islands of productivity. They're connected to other devices and networks, making them vulnerable to cyber threats. As machine builders and plant owners, it's crucial to recognize the importance of industrial security and take proactive measures to protect your assets.
This article explores the challenges of maintaining machine security and offers insights and tools to help machine builders with that.
The gap between Information Technology (IT) and Operational Technology (OT) is a well-known obstacle in maintaining machine security. While IT systems are designed with security and confidentiality in mind, OT environments tend to prioritize availability and physical safety. This mismatch can lead to serious consequences when machines are attacked. Priorities are often completely reversed, as the figure below shows.
Different IT/OT security objectives (source: ISA)
In the world of OT, there’s often the motto: "Never touch a running system". This is different from what IT experts usually say, which is to update and install the newest security patches regularly. OT operators hesitate to update machines because patches take time to install and might have bugs that cause interruptions. This might cause downtime and risks the availability of the system. As a result, a machine runs outdated, vulnerable software.
Another challenge in machine security is the mismatch between the lifecycles of OT and IT systems. While machines are built to last for decades, operating systems and software typically have a lifespan of only 3 to 5 years. This means that the software running on machine controllers and operating systems become outdated and vulnerable to cyber threats long before the machine is decommissioned.
Addressing the challenge posed by the differing lifecycles of OT and IT systems, implementing edge connectivity through edge gateways and complying with IEC 62443 become essential for securing machines. Let's discover why.
Edge connectivity offers solutions to secure machines while minimizing the impact and risk on production processes. An edge gateway is a multifunctional device that combines a router, modem, and firewall. It allows for secure remote connectivity and maintenance and protects the machine network from external threats by segmenting the IT and OT parts of the network.
Example of a dangerous situation without edge connectivity:
Because no remote connectivity is available, maintenance and service is done by external service technicians on-site. There’s a risk that they physically connect their infected laptop to a machine, exposing it to viruses and ransomware, or leaking confidential data.
To improve machine security, machine builders should consider designing their machines in accordance with IEC 62443 guidelines. This international standard provides a framework for securing industrial automation and control systems.
It helps to mitigate risks throughout the machine's lifecycle and can help with setting systems to last for the long-term, including those short-lived IT operating systems. The standard takes the unique challenges and priorities of OT environments into account, so they can effectively be applied to the machine building industry.
As technology continues to evolve, so do the threats to industrial machines. To future-proof your machine security, you need to adopt a proactive approach where you understand the unique challenges of machines, use edge connectivity and apply guidelines such as IEC 62443. Don't wait until it's too late – take steps today to protect your industrial assets.
Our Security Kit can help you to start with IEC 62443 through a starter guide and webinar. It also gives you insight into how security is managed at IXON. Download the security kit here.
Discover how the SecureEdge Pro gateway can transform your industrial network security.
Learn more