The #1 Security Question You Should Ask in IIoT
Any project in an Industrial Internet of Things (IIoT) context usually goes hand-in-hand with concerns about IT security and data privacy. And these concerns exist for good reasons because:
- Potentially confidential data about the production leaves the company and is stored in the cloud.
- The “ecosystem factory” is being opened to other systems.
Data Privacy and Cyber Security of the Cloud Platform
From our experience, most discussions are actually about the first reason. This is understandable since data from the shop floor often contains sensitive information like, for example, recipes in the pharma industry. Handing over this information to a third party (like a cloud provider) naturally feels wrong. There are two main risks here: the cloud provider could either abuse the data, potentially with the help or on request of some governmental bodies, or could be hacked. Data abuse is something that needs to be judged by everyone individually but it’s a fact that almost any large enterprise trusts in the integrity of a cloud provider as well as the data privacy laws of the given country. So yes, this is a risk but the question is if on-premise systems made by vendors located in other countries are limiting this risk. The concern that a cloud provider could be hacked is, especially for the large ones like AWS or Microsoft Azure, a really weak argument used by parties with a high interest in selling legacy on-prem systems. Microsoft for example invests over $ 1 Billion annually in research and development around cybersecurity. How much does your company spend on securing your on-prem installations? The cloud with all the advantages is the de-facto standard for IT systems and it will soon be for manufacturing-related use cases as well.
Opening the Ecosystem Factory / Cyber Security at the Edge
This brings me to the second reason, which is, in my opinion, by far more critical. A usual shop floor in the past had a very effective security mechanism in place: the air gap. This means the OT network was a closed system, never being connected to something else, especially not the internet. In turn, this allowed vendors of OT equipment to build horribly insecure systems. And again, I am referring to cybersecurity here and not safety. Pretty much every system on a typical shop floor is not protected at all which means it is accessible without any authentication or based on technology from the last century. The shop floor is a cybersecurity nightmare, that is a fact.
So what happens if you now use edge gateways to collect data from the shop floor to process it in the cloud? You open the insecure ecosystem factory and build a bridge into the IT/cloud. The only thing between the IT and your insecure OT network is the edge gateway. I think it is now pretty clear that this device needs to be quite bulletproof, right? That is why the cybersecurity of an edge gateway is one key point to consider while choosing an OT to cloud connectivity solution.
How to Identify Secure Edge Gateways?
Testing IT equipment in regards to cybersecurity is quite complex. Many enterprise organizations have a dedicated process for that, but before even doing this deep dive into the technology, there is one key question you should ask the edge gateway vendor:
“How do I update the firmware of my edge gateways?”
The answer will immediately show you if the vendor understands what cybersecurity is.
Why are Firmware Updates so Important?
Updates are so important because no software solution is perfect. EVERY software-based product has security vulnerabilities that haven’t been discovered yet. Just think about how often you need to update your smartphone or Windows PC. Remember, Microsoft spends $1 Billion annually on making their products secure.
And yes, a desktop PC is way more complex and thus error-prone than an edge gateway, but also the simplest products and even embedded solutions have security issues. For example, the Ripple20 vulnerabilities hit millions of embedded IoT devices.
Usually, those vulnerabilities are discovered at some point by either security researchers, criminals, or some governmental bodies. After details are becoming public, it’s a matter of days or sometimes even hours until the first attacks start. Once the vulnerabilities are out, the only way to fix your edge gateway is through a firmware update, which needs to be installed on every gateway you are operating.
The Potential Answers
So what are the typical answers to the question: “How do I update the firmware of my edge gateways?”
Not Possible / Our Gateways Don’t Need Updates
The answer that the respective gateway doesn’t need firmware updates is just a lie. As mentioned before, every software solution has vulnerabilities that will be discovered eventually. It is just a matter of time and will happen no matter if the gateway is built according to some IEC standard or the vendor has so much experience in creating secure solutions.
At least leaving a meeting has become much easier recently. Just do yourself a favor and jump out of the Teams or Zoom session immediately.
Not Our Business
Another frequent answer is that the gateway is basically a computer running Linux and of course the customer can update the firmware somehow. This means the vendor has no idea how to fix it and requires you to find a solution for it. This is at least not a lie but doesn’t help either. Let’s move on.
Possible with On-Site Access
This might be the most common answer. Something like “of course this is possible, just download the latest firmware version from our website, connect your PC via USB or Ethernet to the edge gateway and install the latest version”. Well, this is at least a potential solution to the actual problem. Next, you need to ask yourself how the process would work in your company. Remember, usually, you have days or even just hours to update every single edge gateway. Since most customers might end up with several hundred or thousand gateways, which are distributed over multiple sites and countries, this doesn’t sound too realistic. Or do you think in every factory someone will start running across the shop floor updating each device?
Remote Firmware Updates
This is the only feasible answer to the question. A remote firmware update that can be triggered without physical access to the edge gateway through a central device management solution. This allows you to update a large fleet of devices with just one click, or in most cases even automatically during defined maintenance windows. Real remote firmware updates can update the entire software stack of the edge gateway, including the operating system. Make sure that this is the case since sometimes vendors are just able to update the application, a VM, or a docker container which doesn’t help much.
While we created CloudRail, the ability to install updates remotely was a given for us without any other option to be discussed. Frankly, I’m still shocked that this even turned into a feature of CloudRail which we need to highlight rather than being a commodity. I hope that other vendors will follow and finally offer real solutions rather than incomplete pieces which put their customers at massive risk.