It’s undisputed: the future of enterprise maintenance is digital. In the near future, numerous internet-connected sensors and devices will be available in industrial plants, empowering maintenance technicians, plant managers, supervisors, and even business owners with timely and accurate information about the physical world. These devices will be used to provide insights about the status of assets in various settings, including smart electrical grids, smart buildings, factories, as well as intelligent transportation systems. The data they collect will be integrated within cloud-computing infrastructures and processed, enabling novel maintenance approaches, such as predictive maintenance.
But these innovative new advances are not without risks. Transfer of data from the field to the cloud raises significant cyber-security concerns, as servers, networks and communication channels can be attacked by malicious parties.
These concerns are not theoretical. Many enterprises that rely on digital infrastructures have experienced cyber security attacks. For example, according to an official report, the number UK businesses that suffered a cyber attack doubled in 2016, with almost half of firms detecting a breach during the same year. In the case of industrial organizations, cyber security attacks can lead to expensive data breaches or even loss of Intellectual Property (IP) assets.
To make things worse, recent research studies and surveys reveal that most plant operators are not very well prepared to address cyber security risks. Hence, we’ve witnessed several large scale cyber security attacks against critical infrastructures of industrial organizations, such as the notorious cyber security attack against Saudi Arabia’s national oil company back in 2012 and the more recent watershed cyber attack against Triconex industrial safety technology that was reported by FireEye Inc. last December. In this context, developers, deployers and operators of digital systems for enterprise maintenance need to understand the risks and be aware of best practices for mitigating them.
Four of the most prominent types of cyber security attacks against elements and modules of IT-based enterprise maintenance systems are as follows:
Despite the technological advances and increased investments in cyber security, addressing the above-listed risks is still challenging due to the following factors:
To successfully cope with the above listed challenges and risks, plant operators and IT experts can consider the following guidelines:
Industrial organizations are increasingly deploying IT-based predictive maintenance solutions for their assets, as means of improving Overall Equipment Efficiency (OEE) and reducing costs. However, they often tend to overlook the importance of cybersecurity, as the latter is seen as a defensive investment rather than as a Return-On-Investment (ROI) generating one. This is a big mistake that must be avoided, as cyberattacks can lead to significant losses ranging from data breaches and stolen assets to regulatory penalties.
It’s time to start considering your cybersecurity needs and identifying the controls to be implemented to mitigate risks and prevent attacks, or at very least to detect issues and resolve them in a timely manner. I hope that these guidelines will help you start your cybersecurity projects on the right foot.