Risk of cyber crime outweighs initial costs of cyber security in manufacturing connectivity.
Many OEMs are struggling with the financial requirements of investing in full factory cloud connectivity. Manufacturers who aren’t having second thoughts about the price tag are concerned about security risks from cyber criminals.
ENGINEERING.com recently had the chance to speak with Rob Dolci, president of AizoOn Technology Consulting about the security risks and ways to protect yourself when adopting connectivity platforms.
The video above and Q&A below record interview highlights.
Jim Anderton (JA): When we think of manufacturing connectivity, there are many misconceptions and fears about how to start and the potential difficulties. What do you see are the current trends?
Rob Dolci (RD): You’re right, there is a lot of fear. Because cyber crime is such a big issue, we could call the digital world the “Wild West.”
Companies are, correctly, worried about how to approach connectivity. At the same time, the connected enterprise or “Smart Factory” is actually enabling small and medium sized companies to scale up their operations and reap benefits that in the past were only privy to larger companies.
It’s a trade off today for companies in the small and medium-sized sector especially, to weigh the cyber security aspect and when the study is done, to open up and connect their machines and even their products in some cases, to the cloud.
So we see cases of smart products as well as smart processes in the manufacturing and supply chain area.
Keeping Cyber Security in Mind When Implementing IoT Systems
JA: I’ve seen small and medium sized operations where the fear of cyber crime is so great that USB drives and laptops are physically carried to the production floor and then jacked in with Ethernet cables into machinery.
I’ve also seen a lot of hardwiring, which is very old school, very noisy and very susceptible to losses out of fear of going wireless.
JA: Is it possible to make wireless systems that are truly secure?
RD: It is possible today.
One needs to design systems with cyber security in mind. Systems in the past were not designed with that in mind and that opened them up to all sorts of vulnerabilities, but today that situation is different.
In the news, large corporations have been hacked through their air conditioning systems. It is true that mills have been shut in the furnace, it’s true that even large corporations have seen hacks that are really worrying. Yet the technology is there, the research is there, the support from governmental institutions and academia is there to actually do it, maybe one step at a time, but safely. It can be done.
JA: Large corporations have the resources to invest in the people and the time to do this. Their supply chain, tier 1 and 2 suppliers are compelled and drawn along with the necessary security regulations that their customers impose on them.
Can the cost spin out of control? How does a smaller-level supplier keep a lid on costs, yet at the same time satisfy their customer?
RD: There are two aspects here: One is compliance, where there’s nothing you can do about it. But then there’s the aspect of insuring yourself against damage.
When you look at cyber security in terms of insurance premiums, you can quickly realize that if you’re under attack for 200 days and you don’t realize it, then there would be huge damage. It would be worth the cost to prevent or repair that.
At the same time, when we look at the ability to connect and scale up manufacturing and supply chain processes, the advantages that you gain in terms of productivity and efficiency are such that you have the gain to pay for the cyber security aspect.
All-in-all, the equation is a positive one for a company that wants to take these steps. It’s something better done with professional advisors in cyber security in the way you connect to the Internet, in the choice of gateways, censors, different PLC vendors and you need to do it all correctly.
Interoperability Between PLCs
JA: The days are gone when a small or medium sized shop uses a single vendor for PLCs. Often different controllers are shipped with different machines and there’s a strong movement to allow a mix and match with different controllers. Does that complicate the connectivity issue?
RD: It does, especially because many companies that we see, that we’re dealing with actually want to avoid changing technology that may be old but is still working.
They’re asking us to improve the connectivity and reliability of those systems while still using all of their old PLC technology. All of a sudden, the interoperability issue of all their PLCs with newer generation industrial IP-based PLCs is huge.
There are companies that just do that on purpose. We actually partner with one of them, Kepware. All they do is work on the interoperability of different generations of PLC from all the vendors in the world.
JA: Will we see a point where interoperability becomes so important that it actually drives the decision to upgrade or replace working PLCs?
RB: It already happens.
I think what the connected enterprise, Smart Factory or Industry 4.0 is showing is that you can actually come up with new business models and new revenue streams. When that happens, that’s where you can go find new investments and vary your technology.
JA: Is there a single biggest issue or mistake that firms make when they try to adapt the broadly based interoperability that you see?
RD: In the Internet-of-Things (IoT) scenario that we see today, there are many vendors both large and small and there are new ones coming up by the day.
The market is very much in a dynamic situation – in a flux. There is no best of breed or best possible vendor or solution today.
Companies need to test different technologies and different vendors to see what best fits their own specific needs. Certainly on the industrial side, there are vendors marching in that direction and it’s worth investing in them today.
Cost Vs. Benefit: Why Adopt Manufacturing Connectivity Now?
JA: Once the investment is made, what sorts of productivity improvements could a fabricator or machine shop of medium size reasonably realize?
RD: We’re seeing different scenarios here. At FABTECH 2015 I presented about gaining productivity from user experience reengineering. You’re looking into some eight to 12 percent [in gained productivity] depending on the process that you’re dealing with.
In other cases, you may have very interesting energy efficiencies in the way that you are managing the workload of different machines and so you reduce the peak, you reduce the tariff and then you reduce the overall consumption of energy. There too, the percentages of seven, eight, nine percent are very feasible.
The big advantage of this new approach is actually that the investment is minor.
The approach is bottom up and uses very scalable technology so that you can actually start at one specific part of your factory and then enlarge from there – opposite to the past where you had to come up with very large and intensive capital investments that would impact the entire factory, or even the entire company.
Now we have this connected enterprise type of approach where you can start small, prove your benefits and just grow up from there. This is a huge plus for companies today that can hardly predict what their product mix will be in two year’s time.
Because there is so much uncertainty today in the way that the market is dynamic, avoiding the investments that go beyond the two years type of payback time is really important.
To learn more about aizoOn Technology Consulting, visit their website here.