The Role of Cyber Security in Enterprise Maintenance

Author: John Soldatos
Category: Enterprise Asset Management

It’s undisputed: the future of enterprise maintenance is digital. In the near future, numerous internet-connected sensors and devices will be available in industrial plants, empowering maintenance technicians, plant managers, supervisors, and even business owners with timely and accurate information about the physical world. These devices will be used to provide insights about the status of assets in various settings, including smart electrical grids, smart buildings, factories, as well as intelligent transportation systems. The data they collect will be integrated within cloud-computing infrastructures and processed, enabling novel maintenance approaches, such as predictive maintenance.

But these innovative new advances are not without risks. Transfer of data from the field to the cloud raises significant cyber-security concerns, as servers, networks and communication channels can be attacked by malicious parties.

These concerns are not theoretical. Many enterprises that rely on digital infrastructures have experienced cyber security attacks. For example, according to an official report, the number UK businesses that suffered a cyber attack doubled in 2016, with almost half of firms detecting a breach during the same year. In the case of industrial organizations, cyber security attacks can lead to expensive data breaches or even loss of Intellectual Property (IP) assets.

To make things worse, recent research studies and surveys reveal that most plant operators are not very well prepared to address cyber security risks. Hence, we’ve witnessed several large scale cyber security attacks against critical infrastructures of industrial organizations, such as the notorious cyber security attack against Saudi Arabia’s national oil company back in 2012 and the more recent watershed cyber attack against Triconex industrial safety technology that was reported by FireEye Inc. last December. In this context, developers, deployers and operators of digital systems for enterprise maintenance need to understand the risks and be aware of best practices for mitigating them.

Understanding the cyber security challenges and risks

Four of the most prominent types of cyber security attacks against elements and modules of IT-based enterprise maintenance systems are as follows:

  1. Hardware-based attacks: Predictive maintenance systems are based on the collection and processing of data from multiple sensors such as vibration, acoustic, ultrasonic and temperature sensors, as well as thermal imaging sensors. To support this data collection, several hardware devices are introduced in the shop floor, ranging from wireless sensor networks to edge gateways. The latter devices must be secure in order to avoid attacks against them, which could disrupt the operation of the maintenance system. In particular, a compromised device can start exhibiting abnormal behavior, which would lead to malfunctions of the data-driven maintenance system. Moreover, they have to be trustworthy in order to properly collaborate with other devices and IT applications of the predictive maintenance solution. The introduction of a malicious sensor or device in the shop floor can be the foundation of various cyber attacks.
  2. Software-based attacks: Software packages for asset management, data collection and data analytics can also be sources of cybersecurity vulnerabilities for predictive maintenance systems. Hacking these systems can also cause malfunctions or even break-down of maintenance processes.
  3. Risks of Digital Simulation and Digital Twins solutions: Several enterprises are developing digital twins solutions for maintenance. These simulate the behavior of the equipment in order to predict parameters such as a machine’s RUL (Remaining Useful Life) based on the execution of different what-if scenarios. The development of digital twins applications is based on domain knowledge about the equipment and its maintenance process. When compromised, such applications can reveal elements of Intellectual Property (IP) or Trade Secrets, including details of automation and control systems operations.
  4. Compromising data analytics algorithms for IP assets theft: By hacking a maintenance analytics solution, attackers may be able to access intellectual property of the plant owner and/or the plant operator, such as manufacturing process flows, production automation and control diagrams, quality controls diagrams, or even information about the lifecycle of machines, tools and their lifecycle. This includes maintenance and asset management indicators such as EoL (End-of-Life) and Mean Time Between Failure (MTBF). Stolen IP can be extremely valuable to competitors, given rise to loss of market share and customers.

Attempting to mitigate cyber security risks

Despite the technological advances and increased investments in cyber security, addressing the above-listed risks is still challenging due to the following factors:

Cyber security best practices

To successfully cope with the above listed challenges and risks, plant operators and IT experts can consider the following guidelines:

Industrial organizations are increasingly deploying IT-based predictive maintenance solutions for their assets, as means of improving Overall Equipment Efficiency (OEE) and reducing costs. However, they often tend to overlook the importance of cybersecurity, as the latter is seen as a defensive investment rather than as a Return-On-Investment (ROI) generating one. This is a big mistake that must be avoided, as cyberattacks can lead to significant losses ranging from data breaches and stolen assets to regulatory penalties.

It’s time to start considering your cybersecurity needs and identifying the controls to be implemented to mitigate risks and prevent attacks, or at very least to detect issues and resolve them in a timely manner. I hope that these guidelines will help you start your cybersecurity projects on the right foot.

Author: John Soldatos

John Soldatos holds a Phd in Electrical & Computer Engineering. He is co-founder of the open source platform OpenIoT and has had a leading role in over 15 Internet-of-Things & BigData projects in manufacturing, logistics, smart energy, smart cities and healthcare. He has published more than 150 articles in international journals, books and conference proceedings, while he has authored numerous technical articles and blogs posts in the areas of IoT, cloud computing and BigData. He has recently edited and co-authored the book “Building Blocks for IoT Analytics”.

Similar Posts