Balancing risk with IoT benefits: How plants can secure themselves against hacking

The British media widely reported how the recent WannaCry cyber attack largely targeted NHS trusts across the country. However, what was not as widely reported was that the attack also affected many factories across the world, shutting down production and causing concerns about data security. Here, Steve Hughes, managing director of power quality specialist REO UK, looks at how companies can reap the benefits of interconnected devices while staying safe in the age of cyber attacks.

No plant manager can deny that the internet of things (IoT) has had a substantial impact on the plant that they run. They now have the ability to monitor, measure and optimise almost every process in their plant, using interconnected devices and control software such as SCADA.

As British industries look to reverse the productivity crisis by optimising output in their factory, even small improvements in efficiency and quality can give a competitive edge.

REO UK’s REOVIB and REOTRON units are examples of the types of devices that can be connected to a FIELDBUS network. They are used in processes such as food manufacturing, water treatment, cathodic protection and surface coatings.

REOVIB units are standalone control units used to directly control conveyor systems, allowing plant managers to control the fill-level and guard against overflow. They can also monitor the speed of the feeder and its performance.

REOTRON units are often used in cathodic protection applications, where monitoring is becoming increasingly important. Remote monitoring allows plant managers to accurately measure the performance of the installation, without having large survey costs to manage.

Like many other smart monitoring devices, the REOTRON and REOVIB units can both use a variety of industrial fieldbus networks such as PROFINET or DeviceNet. This allows them to connect to SCADA software, allowing plant managers to better monitor a wide range of devices.

Although the interoperability of devices presents many benefits to the plant manager, it does present risks in terms of cyber security. Attackers that successfully penetrate a system can hold important and potentially sensitive data to ransom and can use the interconnectivity of devices to shut down the entire plant.

Before plant managers introduce smart monitoring systems they should consult independent experts to perform a risk assessment and evaluate existing security measures.

Plant managers should adhere to standards such as IEC 62243, which makes provisions for the network and system security for industrial-process measurement and control. This will limit the damage caused to employees, businesses and the wider industry from a potential cyber attack.

Cyber attacks usually target conventional IT rather than operational technology (OT). Because many monitoring systems such as SCADA are PC based, when the attack spreads throughout the network, this will affect the entire connected network of devices.

Using PLCs will reduce the likelihood of this type of issue as they are not PC based. However, OT is not completely immune to the threat of cyber attacks, although these tend to be a form of industrial espionage rather than an external attack such as ransomware.

We all know that IoT devices are good for our plants but the recent wave of cyber attacks is causing many to question their presence. However, with the right security measures in place, smart monitoring devices can play a pivotal role in the modern factory and should be embraced, rather than shunned.