printer friendly version

You can’t isolate, so integrate

As if security in this day and age weren’t complex enough, industrial sites have to contend with a barrage of health and safety risks, strike action and sabotage to machinery. As events in recent years have shown, they have also proven to be particularly prone to cyberattacks, whether through random acts of vandalism, or more targeted and profitable ransomware attacks. And then you get the really bad guys: governments.

At the risk of sounding all ‘The Commies are coming!’ paranoid, one only has to follow the news to know that many of the current diplomatic tensions between the world’s major nations are centred on their cyber-warfare activities against each other. The ability for nation states to probe, and potentially disrupt, other nations’ critical infrastructure has never been more enticing.

According to a 2019 Forrester Consulting study commissioned by Kaspersky Lab, the number of successful breaches to industrial/manufacturing organisations has risen more than 27%, from an average of 102 to 130 per organisation per year. The financial impact of cybercrime is also getting worse, averaging over $10 million for the sector in 2017.

Throw into that volatile mix the fact that many industrial plants still run on ‘brownfield’ systems that are, at their core, decades old and, at best, upgraded with modern bells and whistles, and you have a recipe for disaster. The result is that security professionals in this sector are often left scrambling to manage risks within outdated infrastructure that is not up to the job of dealing with modern threats that can emerge and evolve within a matter of days, or even hours.

One of the most exciting trends to emerge from the Industry 4.0 revolution is that technologies and hardware that were originally developed for the security market are increasingly being co-opted to enhance organisational productivity: think CCTV camera feeds being used to monitor production lines, or access control systems providing a time and attendance function.

Therein lies a further pitfall, however. The increasingly hyper-connected nature of these complex systems leaves them vulnerable to cybersecurity risks from within and without. According to a 2018 study by the research firm Gartner, whereas most threats to operational technology (OT) systems traditionally originated from internal actors with access to physically secured and unconnected components, the opening of these systems to external networks and devices has driven the need to add and integrate information security measures to counteract the growing eventuality of Internet Protocol (IP) or other network-based, external attacks.

Integration is critical

Primarily due to their size and location, industrial sites are generally difficult to protect against intrusion as perimeters may be extensive. This leads to tighter security measures being centred around main buildings and entrances more often than not, and necessitates a more holistic approach to security, in the view of Axis Communications’ Sasha Bonheim. “All stakeholders also need to be involved in the discussion from the get-go: the IT department, operations department, security and SHEQ (safety, health, environment and quality). The security deployment strategy needs to have input from all departments to ensure that there is no duplication of physical security measures, and that vital areas are not overlooked.”

As she points out, the requirements of a process manager are vastly different from those of a security manager: whereas the former wants visual confirmation that the conveyor system is operational, the latter is more interested in observing that no one is trespassing in an area. These days it is trivial to satisfy both these requirements with a single camera, but cross-collaboration across departments is vital if such solutions are to be planned and deployed properly.

Such inter-disciplinary collaboration has to be based on an integrated approach, says Bonheim. “On many industrial sites, most security solutions are standalone. Your surveillance platform, the access control and even your fire detection are on separate servers, being managed by separate departments, and there is no central control of any of these.

“All these solutions should be integrated – they should speak to each other at all times for clear control of the site, from one central point. This allows for faster response to any type of emergency or breach, and also allows for the right response. Should it be a fire in the production area, you would want the control room personnel to call the right people to respond. By having an integrated solution, there is still accessibility for each department, and they do not lose control of their own process or requirement for information.”

Putting it into practice

By way of example, Bonheim says Axis Communications has recently been involved in the upgrading of an unnamed ‘global industrial customer’ to a comprehensive IP-based system. The surveillance system in this application is required to operate in conjunction with a weighbridge, licence plate recognition and visitor access control.

High-level analytics are being employed at the site to identify unusual behaviour. “The unusual behaviour application is based on SHEQ requirements as well as process control,” Bonheim explains. “In essence the cameras have analytics that will identify if someone is on a cell phone in a dangerous area, or if they are moving/walking in an unusual area.” The analytics algorithm differentiates between normal and abnormal behaviour and alerts the control room operator via a dashboard, allowing them to react in the appropriate manner.

“If the normally moving conveyor belt stops moving, this is also deemed unusual and once again an alert is sent. The idea is to minimise the number of screens an operator is looking at, as well as diminish the number of alarms that get missed or dismissed intentionally without review. Furthermore, by utilising crowd identity applications and a PTZ camera, the site can be forewarned about any impending strike or riot action. In the bigger picture, how this helps in the long run is that the customer can now view trends in their processes, and minimise any future disruptions.

“According to Wikipedia, ‘Industry 4.0 is a name given to the current trend of automation and data exchange in manufacturing technologies’. It includes cyber-physical systems, the Internet of Things, cloud computing and cognitive computing. In terms of this description and where IP surveillance and the various subsystems intersect, security has absolutely become part of Industry 4.0. Customers are realising the benefits of having their solutions integrated, for operational processes as well as streamlining of business intelligence. By using the big data and applying rules to filter information, the customer has a much better idea of how their site is operating,” she summarises.

Share this article:

Further reading: