Technology Record - Issue 34: Autumn 2024

127 INDUSTRIALS & MANUFACTURING VIEWPOINT Security from the plant floor to the cloud There are six key ways manufacturers can secure critical processes against cyberattacks while evolving their operations Critical infrastructure and manufacturing networks are currently under unprecedented attack, with cyber incidents reported daily. Yet, never before has data from industrial processes been more in demand for artificial intelligence and analytics. Everything from power plants, oil pipelines, mines and wind farms to pharmaceutical production facilities, water treatment sites, food processing plants and more, need secure access to production data to operate. For plant engineers, securing industrial systems is the top priority, with data sharing as a secondary concern. Strong, effective cybersecurity measures must be in place before they connect operations to the rest of the company or a cloud service. Here are six essential measures to implement: 1. Ensure only outbound connections from the plant to the cloud, IT department or a demilitarized zone (DMZ). Solutions should keep all inbound firewall ports closed or use a data diode to maintain a zero-attack surface. 2. Avoid using virtual private networks (VPNs) as they expand the plant security perimeter and increase the attack surface. Each client added to a VPN increases cyberattack exposure. Once inside, a hacker can access every connected node. 3. Ensure the system supports one-way or optionally bidirectional data flow, with realtime connectivity and conversion between major industrial data protocols within a unified namespace. 4. Each node should provide multifactor authentication with time-based, one-time passwords and lightweight directory access protocol support. Use secure sockets layer encryption with the latest ciphers and configure permissions based on the connection origin and data protocol. 5. Network segmentation with a DMZ is critical for securing operations data, as recommended by the European Union’s second Network and Information Security Directive. Secure-by-design software is typically required for multiple-hop data transfer. 6. For extra security, use a hardware data diode to prevent any data from entering the operational technology system. Data communication software must connect effectively through the diode, or else support data diode mode for this kind of protection. These are the main considerations for establishing secure and reliable connections to industrial networks for remote data access. The software and services provided by Skkynet meet these criteria, enabling AI and analytics for industrial data with the highest levels of security. Xavier Mesrobian is vice president of sales and marketing at Skkynet XAVIER MESROBIAN: SKKYNET

RkJQdWJsaXNoZXIy NzQ1NTk=