Rethinking industrial security and functional safety in the new normal

Rethinking industrial security and functional safety in the new normal

Janne Kuivalainen SVP, Global Product Management & Development in Danfoss Drives

Janne Kuivalainen SVP, Global Product Management & Development in Danfoss Drives

The current COVID-19 pandemic crisis is an unprecedented one. It requires novelty to save lives, maintain safety and health, and keep our businesses running. There is a before and after COVID-19 moment. Particularly in respect to adaptation of new digital technologies and ways of working.

Before COVID-19, we experienced a some whats low adaptation and use of digital technologies despite the clear-time- and cost-saving benefits. In some areas, like commercial buildings or mining, the transformation happened at a higher pace, primarily due to bigger payoffs by minimizing complexity, improving efficiency and increasing uptime. But we also saw areas where things did not move as fast. Yet, we can seethe move towards everything is connected and smart products and services has accelerated over the last 9-12 months.

Within the manufacturing space, we see an increased pace of adapting new smart, connected products and services, in the form of collaborative robots, automation, and connected devices to ensure higher uptime, quality, and energy efficiency. As products become connected and made easily available in new ways–via mobile apps and cloud-based offerings— functional safety and cyber security become more important. This is also true on a component level like variable speed drives.

Thus, when developing new products or services, we all need to understand the environment they operate in, like temperature, humidity, and dust levels. And, we need to have a good understanding of the industries(e.g., manufacturing and mining)and applications (e.g., conveyors, pumps, fans, lifts)where our products and services are used. If we put the customer at the center of everything we do, we ensure we develop relevant and value-adding products. By maintaining this focus, we also keep in mind how we use digital technologies to make installation, operation, and service easier.

We are experiencing a paradigm shift—also within the manufacturing space—in which intelligence and controlling capabilities are moving towards the edge and towards the cloud (or in the fog, an on-premise deployment). This shift calls for a change in mindset regarding functional safety and industrial security. Functional safety has been a major topic in the Industrial Automation world for years. Now, we see the industrial cyber security for assets standards (IEC 62443-series) define similar requirements. These measures will ensure both development processes and the product itself complies to a minimum level of security.

The focus around Industrial Automation Control System (IACS) security programs, policies, and procedures has been on infrastructure services using industrial fieldbuses for communication. System integrators and component providers are gradually adopting guidance and requirements while standardization is proceeding, and new products and services are launched. This gives basis for asset owners for IACS security strategy roadmap to guide future investments.

It’s worth noting that industrial security is not only about making secure devices based on secure coding practices, crypto chips, etc. It is also about physical segregation by limiting who has access to the devices. Before Covid-19, security segregation referred primarily to networking segmentation and physical segregation of infrastructure and devices to minimize security risks. In these times, we have adapted these methods within the manufacturing space to limit contact between shifts of workers to minimize health risks, keep production running, and ultimately ensure business continuity. And when we combine physical segregation with digital technologies that allow for remote work, it opens the door to new ways of working, both within companies and how companies are working together.

More specifically, there is a trend towards procedure-based services. This typically consists of remote operations and maintenance, but also includes services in the earlier phases, such as remote commissioning and remote audits.

Managing this new dimension requires a technical and mental convergence of information technology and operational technology. This is because remote services typically use information technologies, while data and signals are connected to operational technology domain. We must define use cases of remote services in order to map requirements for the data and controls and security requirements for data management and data flow.

We must emphasize security awareness amongst both personnel and partners to address, for example, risk of attacks via social engineering alongside other common practices and policies like accepted devices, internet connections, and data access and storage.

One way to control field device data is to use edge devices to manage controls to data and enable a secure channel to the connected world, if the field device does not natively support such measures for remote services. Remote services may very well increase people safety, but we must design and execute with both safety and security aspects considered. Otherwise, we risk increasing the attack surface or minimizing people’s safety. This speaks to the industry need for more focus on both functional safety and industrial security in combination. So, when we design new products and services, we design them both safe and secure.

Remote services during the current global pandemic has pushed us to learn new ways of managing business continuity. Remote use of data and data-driven decision making is enabling faster reactions in operation, encouraging the development of new competences, and impacting the future of businesses for the better.

Managing it all in a safe and secure way is an ongoing journey for everyone. IACS security programs, policies, and procedures must be developed. Remote services request to share device level operational and maintenance data with OEMs and operators. Preferred solutions are business dependent and can vary from device or edge connectivity via cloud to cloud systems to fully integrated enterprise systems with role-based access control to partners.

The first steps to ensure business continuity, even in these extraordinary times, can be implemented quite fast, safely, and securely by using well-proven technologies and best practices. While doing so, it is important to keep focus on the use cases. It will be interesting to see how many of these changes remain when we get to the other side of this. What do you think?

Weekly Brief

Read Also

A Planet in Trouble: A Technologist's Call to Action

Sandy Anuras, Chief Technology Officer at Sunrun

Rethinking Your Digital Selection: How to Get the Most from New Tech

Bryan Friehauf, EVP and GM of Enterprise Software Solutions, Hitachi ABB Power Grids

A Pragmatic Approach Towards Sustainable Environment

Robert Sheninger, VP Health, Safety, Environment and Sustainability, Talos Energy

EPC Oil and Gas Companies' Role in Scaling Up in Energy Transition

Matthew Harwood, SVP Strategy and Sustainability, McDermott International [NYSE: MDR]