Featured Product
This Week in Quality Digest Live
Management Features
Brian Lagas
Help employees overcome obstacles and develop scientific thinking to solve problems
Knowledge at Wharton
Societal challenges of our time are mounting, and a growing number of corporations are confronting them
Jennifer Rosa
The secret marketing ingredient to outshine larger competitors
Susan Fowler
Stepping into the light of heartfelt psychology
Chad Kymal
Understanding the changes

More Features

Management News
April 25, 2019 workshop focused on hoshin kanri and critical leadership skills related to strategy deployment and A3 thinking
Process concerns technology feasibility, commercial potential, and transition to marketplace
Identifying the 252 needs for workforce development to meet our future is a complex, wicked, and urgent problem
How established companies turn the tables on digital disruptors
Streamlines shop floor processes, manages nonconformance life cycle, supports enterprisewide continuous improvement
Building organizational capability and capacity to create outcomes that matter most
Creates adaptive system for managing product development and post-market quality for devices with software elements
Amendments to the California Consumer Privacy Act go into effect no later than July 2020
Why not be the one with your head lights on while others are driving in the dark?

More News

Jody Muelaner

Management

Moving to Secure Industry 4.0

The human element is key to digital security

Published: Tuesday, June 11, 2019 - 12:02

Whether we like it or not, manufacturing is becoming digitized and connected. Industry increasingly connects production machinery with internet of things (IoT) devices, gathers multiple real-time sensor information into large datasets, and harnesses machine learning to make data-driven decisions. The advantages of this Fourth Industrial Revolution are expected to generate huge increases in profits during the next few years. However, these developments are not without risk.

I’m not going to discuss the existential risk of drifting into dependence on a system so complex that only machine intelligence can make any sense of it. Cybersecurity presents much more immediate risks. Industry 4.0 brings the possibility of both terrorists and state actors gaining the ability to remotely shut down and sabotage critical infrastructure and military assets.

One of the key shifts in capability brought about by “big data” is the ability to combine what were previously separate packets of information into an overview of the entire organization. This will help optimize productivity and set up a cycle of continuous improvement, driving still more efficiencies across unconnected business functions.

It’s important that in our haste to embrace data as a powerful commercial enabler we don’t forget fundamentals like business continuity, and health and safety. When we forget these basics, it can lead to machinery breaking down, power outages, or even fatal accidents. The conservative and skeptical, who view Industry 4.0 as something to be approached cautiously, should not be dismissed as Luddites. Rather, their concerns should be addressed. The risks of disruption and security breaches must be reduced to enable a more widespread adoption of these technologies.

“When talking to either a big data evangelist or a risk-averse naysayer, I often find they both share a lack of understanding about the nature, value, and significance of the data they produce,” says Paul Hingley, business manager for data services at Siemens. “Some simply don’t know what data they are generating, whether it is secure, and whether it needs to be secure. Questions such as are the data subject to compliance, are they a business continuity risk, or are they actually a piece of proprietary IP, are not always considered. And when I ask how robust the data security is within their supply chain, the answer is very often, ‘I don’t know.’”

How important are my data?

When data are used as part of an optimization process, their importance invariably changes. Data that were previously seen as of low importance may now impact on critical processes. As an organization becomes more connected and uses data more intelligently, the overall importance of data therefore increases. Hingley refers to Siemens’ work at Heathrow Airport as an example of this: “As part of a wide-ranging data analytics project, we installed performance monitors on the 3,000 baggage carts that run around tunnels under the terminals,” he says. “Data gathered from these helped Heathrow to predict when a wheel was likely to fail, at which point the cart was automatically diverted into a repair area. However, while this is great example of predictive maintenance being driven by data analytics, Heathrow is also a piece of the UK’s critical infrastructure.”

Many experts agree that cybersecurity, as with other safety issues, is best addressed by standard protocols and procedures. Siemens’ answer to securing industrial data was to create last year the world’s first joint cybersecurity protocol for manufacturing. The “Charter of Trust” already has 16 international signatories including Airbus, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, IBM, and Mitsubishi Heavy Industries.

Assessing safety, security, and vulnerability

Critical infrastructure, such as power generation, is perhaps at even greater risk from cyber-attack than manufacturing and has become a major target for hackers. The energy sector is experiencing increasing numbers of near-miss safety events at power-generation plants around the world. These attacks could lead to significant wider economic impacts as well as damage to the plants and injury to people. According to Leo Simonovich, vice president and global head for industrial cyber and digital security at Siemens, cyber-attacks within the energy sector are getting increasingly more frequent and more sophisticated. As an example, Simonovich referred to an attack late last year at a Schneider Electric safety system in a Saudi petrochemical plant. Hackers were able to rapidly move from IT, to operations (OT), and into safety. “Attackers are interchanging their techniques—leapfrogging from digital to physical and back again,” says Simonovich.... “What’s common between IT and OT attacks is human error. We want to borrow the principles from safety and the principles of hygiene and awareness, and bring those two together.”

Building on their Charter of Trust, Siemens has now collaborated with TÜV SÜD to provide digital safety and security assessments, as well as industrial vulnerability assessments to help global energy customers identify asset risk and cybersecurity solutions.

The partnership will see TÜV SÜD providing digital assessments with cybersecurity vulnerability assessments carried out by Siemens. The assessments are not specific to Siemens technologies and products; they are vendor-agnostic when it comes to industrial control systems. The target customers are the oil and gas, and power generation sectors. Nuclear power is not yet covered.

“We’re combining core strengths that both companies have in order to bring a holistic approach for the energy industry,” says John Tesoro, president and CEO of TÜV SÜD North America. “We are leveraging our deep know-how across disciplines.”

Cybersecurity hygiene a focus

A key innovation of this alliance is an emphasis on minimizing the impact of human error. This involves borrowing principles from safety, and from hygiene and awareness, in an integrated way. Cybersecurity should incorporate resiliency, hygiene, and security by design. It’s important to understand specific cyber-risks and defenses, but generic safety measures are also important.

For example, gaining visibility and situational awareness of the risks is important. This depends on correctly implementing root cause analysis. In this way, the principles are the same as with health and safety: There needs to be a culture where people within the organization report on incidents that represent a breach of protocols or near-miss events. Examples might include using an unauthorized USB stick on the network, or forgetting to log off a terminal. Creating this culture requires continual learning and training.

The Siemens and TÜV SÜD approach of combining safety and security to address the human element of cybersecurity aims to significantly reduce risks in the digital and physical worlds. If you want to find out more, Hingley will be discussing the issue of cybersecurity at Siemens’ Digital Talks conference in Liverpool, UK, on June 11, 2019.

First published May 14, 2019, on the engineering.com blog.

Discuss

About The Author

Jody Muelaner’s picture

Jody Muelaner

Dr Jody Muelaner, is a Mechanical Engineer with expertise in metrology and advanced manufacturing. Muelaner's web-site provides information on topics ranging from the basics of metrology and MSA to specific guides such as how to perform a Gage R&R study in Excel.