IIoT, Industry 4.0, Product Lifecycle Considerations
I recently attended an Industrial Control Systems and Critical Infrastructure Cyber Security Technical Workshop hosted by Public Safety Canada in Durham, ON.
In the introduction presentation there was a slide comparing technology life cycle of devices used in the IT (Information Technology) group vs. the OT (Operational Technology) group. It was suggested that IT technology lifecycles of 4-5 years are typical. OT had a much greater lifecycle and range of 10-20 years. My exposure to many industries in Canada suggests this 10-20 years may be optimistic. Why is this important? As companies look to connect their devices on the plant floor to some kind of OT network, with an eventual goal of bringing them into the Industrial Internet of Things (IIoT) – they do so at considerable risk. In the workshop they had a number of devices from the IT and OT world that would be common to see on the plant floor – each of them vulnerable to exploits.
Let’s look at the IT world. One of the reasons why IT has adopted a planned obsolescence technology life cycle of 4-5 years is due to security and support. In many cases, hardware vendors will support products for only so long. As cybersecurity exploits are found – patches are released to mitigate their impact. Sometimes exploits are difficult to patch such as UEFI BIOS exploits. In the OT world, things move at a much slower pace. Consideration for cybersecurity features common to IT devices are mainly absent. Convenience features such as remote access, remote firmware/software un-authenticated updates, USB or SD automated unauthenticated updates are all common “features” seen with OT devices. Many OT devices use outdated, unpatched IT operating systems such as windows. Software patches and updates to known vulnerabilities may not be available to older hardware/software.
Before embarking in connecting everything it is important that a device audit be conducted to identify all assets and potential vulnerabilities.
Rotalec has many products to assist with migration of plant floor devices to IIoT. Manufacturers such as Bedrock Open Secure Automation with a focus on cybersecure products down to the hardware level, to eWON whose principle product allows you to connect to remote networks securely over the internet, to Redlion whose line of routers, managed, and unmanaged switches, protocol converters and gateways, allow you to create smart networks, to SoftPLC with their IIoT Gateways/Data Hubs, Indusoft SCADA with OPC UA Security.
The asset audit is the first important step to a connected IIoT world. Sometimes the best, safest approach is to upgrade.