The conversation with Scante’s Jon Prescott concludes with a discussion of common best practices for managing the important cybersecurity infrastructure required for success inside the Internet of Reliability.
Welcome back to Noria’s new web series called “The Internet of Reliability.” I’m your host, Jeremy Drury of IoT Diagnostics, joined for a few episodes by the CEO of Scante.net, Jon Prescott. We’re getting very specific about the IoT platform side of this migration into Industry 4.0 and the connected reliability operations to which we’re striving to drive you. We’ve put this episode last because it is a big topic.
Jeremy: “So far, we have talked about the ins and outs of how to choose the right IoT platform provider and the facts and myths inside the IoT space. We all know that things get tripped up when the information technology (IT) department gets involved with IoT enablement and getting devices on the network.
“Everyone’s got sensors. We walk in and say, ‘Hey, I’ve got this great new connected sensor for you.’ People on the shop floor, if someone has already given you a sensor device and you haven't talked to the IT department yet, good luck getting that device connected that day. It’s not the right time to be like, ‘Hey IT, what’s the Wi-Fi password to get this thing up and moving?’
“However, I believe there are solutions and ways that we can talk to the IT department. I believe there are ways that we can get our IoT applications up and running. We can collaborate with the IT department to start to move these things forward. I would call this cybersecurity 2.01.
“So, what does a reliability engineer or someone on the shop floor need to know about cybersecurity to sit down and have that conversation with the IT department or to know enough to ask the right questions of IoT platform and sensor providers to make sure that they’re not getting bad news on something for the network?”
Jon: “There’s a list of things or data that an operations or maintenance person should be gathering from the platform provider, other partners involved in your IoT, sensor companies and so on. Essentially, if data is going in and out of a company firewall, then there’s no question you are going to have involvement with the IT staff.
“What we’ve seen over the last couple of years with IT departments is that typically you are going to get good uptick as long as you are not springing a full-fledged project on them on the last day and saying, ‘Hey, we need the keys to the kingdom here.’ They are reading the same articles that you are. They see the same potential for improvement in operations, distribution and reliability. We’ve found over the last few years that the conversation has improved a lot.
“Basically, reliability personnel need to be gathering as much data as they can from the provider of smart sensors, industrial gateway devices and IoT platform providers, or service providers in general, as to what kind of network penetrations they are going to be having. Is this gateway device an outbound virtual private network (VPN) device? That has become more and more of a best practice to have a gateway device installed in a piece of machinery establishing an outbound connection to a specific set of websites so no one can drive around in a truck and gain access to your network.
“What we see a lot now are segregated machine networks, so your reliability project can go on that separate network, and any penetration of it only has access to those assets, not the company’s accounting system or benefits and so on. There’s very little personal information that can be gathered in that way, and that’s a big deal.
“Every vendor is going to have or should have a good amount of documentation. You want to gather that, and you need to have it be part of your communications with the IT group. It’s really just about gathering the information that is most likely already there and collaborating with the IT group on what kind of architectures you can implement with these projects.
“So, a couple of keywords would be outbound VPN connections, industrial gateway devices and segregated IoT networks. All of these things are good ideas that will get you down the road.”
Jeremy: “What about encryption? That’s a word that comes up a lot. What’s the 101 version or 201 version of encryption?”
Jon: “Early on in IoT, a lot of data was sent essentially in plain text between devices. It had some inherent vulnerabilities to what are called ‘man in the middle’ attacks, where someone could just piggyback on your network connection, see the data and get all the information that was going back and forth between these things. Shockingly, up until recently, even ATM networks were sending data in the clear. It was ridiculous. Those problems are largely solved with most devices that you are going to buy.
“You do not want to go down to the local electronics store and pick up a baby cam or a nanny cam monitor and put it on some critical asset outside of your firewall because it’s going to be vulnerable. Things like the Mirai bots and other malware attacks that have gotten a lot of publicity are in those kinds of scenarios.
“You don’t actually see a lot of hardcore industrial gateway devices and outbound VPN connections or narrowband (NB) IoT hacks. Those things are much rarer. Part of the reason is because there’s less incentive. There’s not as much control of the machine that way, and that’s a critical step you are going to have to decide in your reliability project. Are you going to be able to control the machine sitting at home in your easy chair hitting the e-stop? Some of that might be helpful to you in your operations, but it introduces vulnerabilities into the system versus just data outbound to let you monitor the machine.
“There’s a lot less incentive to hack that outbound data channel than there is something that could replace the firmware in your system or open vulnerabilities to the rest of a large, joint company network. Those are the kinds of things that you need to be thinking about — segregation, high-quality and secure gateway devices, and encryption. The data that’s going back and forth needs to be encrypted in some best-practice schemes that your IT people can help you with. Your device suppliers and platform providers can also be a big asset in determining what the conditions are of your project.”
Jeremy: “Let’s talk about a future-state scenario. Let’s say we’ve had a couple of pilot projects that have gone very well. We’re now getting into a multitude of devices on our network. Let’s say we have 100 of one type of sensor on our network. As with our smartphones or smart devices, we know that these need to be updated. We download the latest update version 2.4, 5.6 or whatever that may be. Our IoT sensors aren’t going to be any different. They need to stay updated on the latest software. Help us understand a bit more about security in managing these types of updates.”
Jon: “That is both a big operational value and a question that you have to ask on the security side. How will these devices be updated and maintained over the long haul, not just for security concerns, but operational concerns? How will they get new firmware? Will they have network access to do that kind of stuff? Does it have to be inside your firewall by somebody with a laptop? Those are more expensive propositions.
“These ideas of over-the-air software updates are critical. You need to ask those kinds of questions. How will this device or this platform be updated and maintained, especially if it’s inside your firewall or disconnected from the network and just sitting there gathering data in some way that you are accessing. Those are all important questions. You need to know about them and not treat the IT group as an enemy.”
Jeremy: “If there’s one takeaway from this episode, it’s to ask your IoT platform provider or smart sensor provider if they have just a one-pager to pass onto your IT department with some of the things we talked about on encryption. As soon as you can, get your IT department involved. We hear that time and time again. People wait too long to get the IT department involved, and then things get stuck. So, get your IT department involved. They will appreciate it, and they may actually become an advocate if you get them involved. So, get them started early.
“Jon, I can’t thank you enough. We really appreciate you being here and helping us out. We know this IoT stuff can be complicated. I think with companies like Scante you are helping to make it less complicated, so we appreciate what you are doing on that path.”
Jon: “It’s always great to talk about these issues.”
Jeremy: “Jon and I are going to be on stage together at Noria’s upcoming Machinery Lubrication Conference & Exhibition in Houston Nov. 6-8, so put that on your calendar if you haven’t already. We’re looking forward to that.
“So, here we are, concluding this episode of Noria’s new web series called ‘The Internet of Reliability.’ Again, I’m your host, Jeremy Drury, joined by Jon Prescott. We’re glad to be here. Join us next time for the final phasing of this video. We’re going to talk about how to actually get things started, so we’re excited about doing that with you.”