Accelerate manufacturing innovation with secure access controls
Manufacturing is going through a technological resurgence that is transforming the modern factory. Today we are seeing data-driven factories, with an unstoppable integration of connected systems and devices. Gartner predicts that 25 billion Internet-connected things will be in operation by 2020 with close to $2 trillion of economic benefit globally, and the advantages of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems being integrated into the IoT is proving its potential in improving efficiencies, innovation and profitability.
However, at the same time this increased connectivity is also opening up entry routes for cyber criminals, leaving manufacturers open and vulnerable to a multitude of exploits and unauthorised access attempts. This is yet further complicated by the increasingly complex network of third parties across the supply chain that are employed to manage many aspects of their operations, with some having several hundreds of external parties accessing their systems in a typical week, according to Bomgar’s 2017 Secure Access Threat Report. In addition, more than half of the respondents of the report said they had sole responsibility for managing third party access into their infrastructure, and one in five admit to offering three or more access routes to their vendors, making an already big job even more challenging.
IBM’s 2016 security intelligence survey revealed that manufacturing is now one of the most frequently attacked industries, second only to healthcare. In addition to the increased risk of attack via third parties, Bomgar’s report also revealed that insiders, such as employees or contractors, also pose a significant threat to security. The survey found that 67 percent of IT professionals believe an insider data breach is the primary security threat for them, and a further 73 percent were also concerned that they could lose sensitive company information within the next 12 months.
The race to connect devices and transform processes and procedures offers many competitive advantages to manufacturing organisations, however the security stance should not be compromised and must therefore be incorporated in projects from the outset. The detrimental impact a breach could have on the public as well as an organisations’ reputation, far outweighs the benefits that can be achieved.
It only takes one employee or one third party to leave an organisation vulnerable, and with the continuation of high-profile data breaches, many of which are caused by compromised privileged access and credentials, it’s crucial that organisations control, manage, and monitor all access to their environments to mitigate this risk.
Adding to this pressure, all manufacturers are under immense pressure to have effective security and breach response capabilities in place ahead of the 2018 EU General Data Protection Regulation (GDPR) deadline. The EU GDPR brings consistency to the current data protection laws across EU member states and provides guidance on how any EU citizen data should be stored as well as how companies must respond in the event of a data breach. In the short term it is key to minimise some of the more common security weak points such as password sharing and poor employee on and off-boarding strategies to support ongoing GDPR initiatives.
Security must therefore be built into the ethos of any organisation and its projects, where workforce training, regular security assessments and specific policies and procedures are included and understood by the whole organisation.
With the variety of hacking strategies combined with the integration of modern solutions such as the IoT and complex interconnected networks of suppliers, it is paramount that controls are put in place to manage and audit all access to both complex systems such as server based environments, but also to less complex devices such as routers and switches, including all insider and third-party access.
There are a few core steps the industry can take to securely manage access:
- First, verify that employees and third-party vendors are who they say they are when requesting access to the network. Once confirmed, centrally manage all privileged accounts using an enterprise password vault so that passwords do not need to be in the public domain, written down, shared or stored in multiple places and systems.
- Next, implement an access solution where credential injection functionality is available so that passwords cannot be accessed or seen by the user but ensure they can still gain secure, instant access to the systems they need. Using a privileged access or privileged session tool also enables organisations to granularly control where users can go, what they can access and when.
- Finally, ensure that all access is audited and recorded. If a breach does occur, it will support the traceability to an entry-point and provide a record as to what may have been compromised. With GDPR regulations requiring organisations to quickly notify the relevant regulator if they have been impacted by a data breach, solutions that support these features will be a must have.
Manufacturers need to encourage the integration of multiple best-in-breed tools together with privileged session and privileged access management solutions as part of a robust security eco-system. These include detection tools, SIEM solutions, network segmentation and employee awareness initiatives to ensure they protect themselves from attacks through their connected devices whilst maximising the benefits available.
By implementing secure remote access, architecture and controls, manufacturers can prevent breaches and protect their corporate and reputational damage, ensuring innovation can prosper and regulations met.
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.