As advances in technology enable increasingly connected machinery, what steps should you take to improve security? By Jonathan Chou
Emerging new information technologies are revolutionising manufacturing. According to Stefano Tedeschi and his research team, the two main contributors are cloud computing and the Internet of Things (IoT).
In an increasingly competitive landscape, businesses need flexibility, improved productivity, and the capability to make gains in efficiency and reductions in downtime. In fact, nearly half of 100 C-level executives said their organisation either had an established IoT strategy with applications in production (19 percent) or have pilot projects underway (28 percent), according to a recent “2017 Digital Transformation Study” by Constellation Research.
Monitoring & Control
Mr Tedeschi added that “the basis of this new philosophy is the concept of sharing information and the possibility to access information from a variety of devices.”
The main features enabled by these technologies allow for remote monitoring and control. Monitoring is possible in the form of a sensor that is able to produce information about itself or the encompassing environment. Control means that objects can be remotely controlled through Internet-enabled technologies.
In the industrial sector, the Internet of Things is associated with the concept that intelligent machines, devices and people are connected through them. This connection leads to the possibility of making better decisions with large databases and advanced analytics, according to Mr Tedeschi.
This aspect is of high importance for factories that will be increasingly intelligent. Significant advances in the ability to collect, analyse and distribute data and convert them into important information could help manufacturers in various ways, such as improving maintenance operations through the sharing of data with the service assistance.
Remote Machine Monitoring
Presently, many machine tool builders are providing ways for end users to gain business benefits through increased connectivity, by helping to deliver improvements in production optimisation, monitoring, remote services and predictive maintenance.
For example, Mitsubishi Electric’s [email protected] concept is a structure for delivering such solutions, enabling the process of digital transformation to happen at a manufacturing level. Key technologies are an integrated mix of machines that have computer numerical control (CNC) and programmable logic controllers (PLCs).
The company also has a pilot project with the Fraunhofer Institute of Production Technology that features “Human Orientated Monitoring and Training”. Dubbed the Smart Services project, it utilitises a cloud-based artificial intelligence (AI) platform within IBM’s Watson supercomputer linked to a Mitsubishi Electric robot delivering new predictive maintenance models, augmented reality and voice control.
In the demonstration, data from the robot controller was passed to PLC which provided an edge processing layer. Pre-processed data was then passed to the cloud for analysis using the AI platform within IBM Watson. A dashboard provided an overview of robot health, and transmitted maintenance requirements to an operator tablet. This allowed the user to see the efficiency of each joint of the robot, look at how that has changed over time, and view maintenance action suggestions so that efficient maintenance could be planned.
In a nutshell, the project displayed predictive maintenance models, digital simulation and extrapolation of trends to provide maintenance information based on actual usage and wear characteristics.
The demonstration also included the use of smart glasses, where the operator received guidance on what tasks need to be performed, allowing for the potential optimisation of maintenance activities. The glasses can show computer-aided design drawings of the various robot parts, superimposed over the robot itself. The glasses can also show the maintenance manual and individual instructions.
As well as highlighting predictive maintenance, the demonstration on the Mitsubishi Electric stand at Emo Hannover 2017 also showed how integrated safety can help manufacturers to optimise floor space, boost productivity and reduce downtime while maintaining a safe environment for operators.
Smart Factory Know-How
Having recently opened the second smart factory at its Japanese headquarters, another machine tool builder Okuma was keen to pass on its smart factory expertise at Emo Hannover 2017. The learnings from the company’s “Dream Site” factories resulted in its Smart Factory Solutions as a means of making Industry 4.0 a reality for customers.
Driven by the company’s latest AI-imbued CNC controls, these applications allow for control of the entire scheduling and manufacturing process to support high product mixes and shorter delivery times, ensuring flexibility even with fluctuating demands.
The company’s machine status monitor connects not only machines but also production plants around the world, displaying their availability at any given time. It visualises the machine status and accumulates, stores and processes big data, including machining reports, operating reports and alarm history.
Based on this, continuous improvements can be made to make each run better than the one before. The web-based interface can be viewed from anywhere and on any device—even smartphones. By connecting the machines on display at the exhibition floor, Okuma simulated a smart factory and demonstrated the possibilities afforded by their Smart Factory Solutions live on the exhibition floor.
The Question Of Safety
But as IoT systems become more ubiquitous, the potential vulnerability to hacking is becoming a bigger concern. As such, safety and security has to be considered in the whole life cycle for these systems. This includes not only the large amounts of data that needs to be exchanged securely, but also the design of the hardware of the devices themselves.
Mr Tedeschi has stressed that “security has to be designed right from the start into IoT devices rather than added on later”, and proposes a practical system that incorporates both software and hardware in his research paper entitled “Security Aspects In Cloud Based Condition Monitoring Of Machine Tools”.
This platform uses computer technology, communication and data analysis to evaluate and predict the performance of the equipment, while having security measures in place. Treatment and methods of self-diagnosis advanced data are developed to facilitate the approach to this architecture, so that it can be adjusted easily and quickly with minimal human intervention.
Secure Communication Channels
As shown in Figure One, the system architecture is divided into four blocks. The first block contains the units of data acquisition (DAQ). Data is captured by intelligent sensors on machine tools, which evaluate working conditions.
Through secure communication channels like HTTPS, an iteration of the HTTP protocol with an encryption mechanism such as Secure Sockets Layer (SSL), the acquired data is transferred to the cloud system. The SSL protocol provides connection security such as:
- Authentication (security identity of the subjects that communicate).
- Data confidentiality (protection of data from unauthorised observers).
- Data integrity (security that the data received is equal to the datum sent).
In the cloud platform, there is data protection recognition software for users to control privacy for the access management system, antivirus, firewall, authentication, access protocol and network keys.
The next stage provides access of the service company to the cloud to be able to recover data related to the machine tool. Important for the security of the information is that the company’s service has a single and secure access point to the cloud system.
Once the data is collected, the service will execute an assessment of the health status of the machine tool under consideration, through a comparison between the received data and those relating to the initial commissioning of the machine. After evaluating the data, the service company communicates the report to the production company, and if there were some incongruities with the normal operation of the machine, execute maintenance procedures such as repair work and calibration of the machine where suitable. The service company can also provide the production company with real time information for maintenance planning.
Analysis In The Cloud
Mr Tedeschi also proposes a similar system, in which data is analysed differently. As seen in Figure Two, analysis is carried out inside the cloud itself rather than at the machine; this solution avoids sending large amounts of raw signals to the cloud. This also avoids sending potentially vast amounts of sensitive data around the globe to the cloud, thus decreasing the risk of any eavesdropping along the way between cloud and the DAQ.
An additional fundamental aspect in risk management and security is the identification of potential threats. In another collaborative paper with Kennametal and the Engineering and Physical Sciences Research Council, Mr Tedeschi also gave an overview of threat examples for the development of a more secure remote monitoring system through secure IoT devices, divided into three types:
- Inadvertent acts or carelessness: Unintentional acts that could cause system performance degradation or system loss.
- Data entry errors or omissions: Non-malicious threats that could affect system resources and the safeguards that are protecting other system resources.
- Unauthorised use of remote maintenance accesses: Continuous acts that could cause damage of system assets. Such an act could also enable other threats, such as the insertion of virus, or collection of sensitive information.
- Electromagnetic interference: The impact of signal transmitters and receivers operating in proximity integrated system, which could cause an interruption in the electronic operation of the system.
- Power fluctuation: A disruption in the primary power source (power spike, surge, brownout, and blackout) that results in either insufficient or excessive power.
- Voltage spikes: A rapid variation of voltage, more specifically to a voltage peak in a short duration that may cause damage system assets.
- Dangerous emanations: Unintentional data-related or intelligence-bearing signals, which, if intercepted and analysed, could disclose sensitive information being transmitted and/or processed.
- Data/system contaminations: Intermixing of data of different sensitivity levels, which could lead to an accidental or intentional violation of data integrity.
- Software: Malicious intent to change a system’s configuration without authorisation by the addition or modification of code, software, database records, or information.
An Organisational Approach
“What makes IoT unique when it comes to security is the combination of digital (cloud, IT) and physical (devices, sensors, machines) into one deployment,” said Microsoft’s Azure Internet Of Things security lead Arjmand Samuel in an dialogue with The IoT Institute.
Real-life cyberattacks have happened before, with the most recent case being the “Wannacry” ransomware that affected companies the world over in May, including the automotive and metalworking sectors. Even with measures in place, IoT security should include a unified approach from both information technology and operations technology departments. A lack of alignment between the two could leave vulnerable network security gaps that could potentially play into the hands of potential hackers.