Integrated cybersecurity: A cornerstone of IIoT

By Bill Lydon, InTech, Chief Editor 

I had a discussion with Gary Freburger, president of Schneider Electric’s process automation business, about the Industrial Internet of Things (IIoT) at the 20th annual ARC Industry Forum. He framed the discussion by introducing a new concept, “intelligize.” Simply put, intelligize means establishing a method to sort, prioritize, and refine your data, to connect bits of data so they become meaningful information, and then to share that information with operators and other assets, ensuring that the most effective, valuable business and operating decisions and actions are taken.

“While all industry is chomping at the bit to realize the promise and rewards of IIoT,” Freburger noted, “all that connectivity and proposed productivity and efficiency won’t matter if the culture, systems, or plants are not inherently safe and secure. Before deploying IIoT, it is important to understand not only the implications for your business, but also the implications for overall safety and security.” In short, “a cornerstone of an effective industrial automation system is integrated cybersecurity.”

It is critically important to think about all the opportunities IIoT presents before connecting a large volume of sensors, solutions, and automation and control systems. The prospect of connecting billions of devices to industrial automation systems begs two really important questions.

First, how do we keep systems and information secure? Adding more devices creates a broader attack surface, which increases cybersecurity risks. In Freburger’s view, there must be a balance between adding intelligence, securing the devices, and protecting the data. Collecting data just for the sake of having more data might not create any additional value at all. More data has the potential to cause more operator confusion and increase the cyberattack risk.

Second, what do we do with the data and information? “You need a process to figure out what it means and what it is telling you,” he said. “There are a lot of options for using data, including trending, exception reporting, alarming, and other functions. But there needs to be a reason to collect all this data. It’s what we call an operational intelligence approach, which relies on optimizing automation and control, remote management, and predictive maintenance to enable managed services, advanced analytics, and the generation of actionable information that drive better, more informed decision making.”

Improving operational efficiency and reliability can be better accomplished by providing the intelligent data for operators to make the better decisions that optimize production. Freburger used an interesting analogy to make his point. “If you connect your washing machine to the Internet, what do you really want to know? Do you want to know when the water turns on, the soap dispenses, the drying cycle time, the rinse cycle time, the spin cycle duration and RPMs? That’s a lot of data. But is it valuable and worth extending your risk of a cyberincursion? And what would you do with the data anyway? In all practicality, all you probably want to know is when the washer turned on, when it’s complete, and if there is a potential problem. Just because I can connect my washing machine to the Internet doesn’t mean I should, unless it makes sense and unless I can do something valuable with the information.”

“What’s interesting to me from our perspective, with a lot of feedback from users, is that control systems have become complicated,” he told me. “We’ve come to the realization that we need to simplify the data and make it easier for users. This includes standardization in a number of areas to make things simpler—for example, standards that define the meaning of operator display colors for consistency. But ‘simpler’ and connecting another 5,000 devices don’t quite go together. The important thing is deciding how to intelligize the data, deciding what you really want to accomplish, how to use the data to do that, how to bring it into the systems, and how to keep it and your systems secure.”

“The Industrial Internet of Things is a wonderful advancement, and a real opportunity to increase ROI [return on investment] and asset value. When it comes to process automation, we should be using IIoT capabilities to push control further toward the device layer, which means making instrumentation much smarter. This should allow you to simplify the control architecture to match the topology, so that we are reducing time, cost, and effort to configure systems.”

Distinguishing the data you really need from the available data is important in system design. For Freburger, this simply means applying lean design concepts to improve operations, efficiency, and productivity. “The IIoT strengthens our capabilities so we are better able to help customers extend the life of their assets, enhance decision making, and create a smart-enterprise control system that drives improved financial performance for the business. But it has to be inherently cybersecure first.”

 

About the Author

Bill LydonBill Lydon is chief editor of InTech. He has been active in manufacturing automation for more than 25 years. Lydon started his career as a designer of computer-based machine tool controls; in other positions, he applied programmable logic controllers and process control technology. In addition to experience at various large companies, Lydon cofounded and was president of a venture-capital-funded industrial automation software company.

About Freburger

Gary FreburgerGary Freburger is president of Schneider Electric’s process automation business, responsible for the company’s industrial automation and control and safety business globally. Previously, Freburger held several positions at Invensys plc, including president of systems business, operations management divisional chief operating officer, interim president of the company’s North America region, chief operating officer of the company, and senior vice president, global operations.

Reader Feedback

We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.