7 minute read
Internet of Things
Industry must protect IoT controls
Industrial systems are moving into hackers’ focus worldwide and pose enormous risks. With the increasing use of intelligent machines integrated into an entire manufacturing network, the risk of hacker attacks is rising enormously. An IT study reveals that many industrial companies are barely aware of this risk and therefore have not implemented compliance rules for the acquisition and operation of IoT equipment. Just over half of the more than 300 business representatives surveyed said they dispose of compliance rules for IoT security at their companies, while 35% have no rules at all. The fi gures were obtained by the IT company ONEKEY as part of its “IoT Security Report 2022.” (ONEKEY specializes in IT security.) “Connected manufacturing is as e cient as it is dangerous. Plants have many hardware devices that use their own fi rmware and are more than ever the focus of hackers,” warned Jan Wendenburg, CEO of ONEKEY.
The majority of companies rely on threat analyses (50%) and contractual requirements for suppliers (42%) to secure IoT in astructures. “This settles the question of liability in case of doubt – but companies do not realize that a determined attack on manufacturing equipment can threaten a company’s existence within a few days,” said Wendenburg.
Role model process industry The confi dence of the more than 300 business representatives surveyed as part of the study in their own IT security measures shows the uncertainty: only 26% consider their own IoT security to be fully su cient, 49% only partially su cient. Almost 15%, on the other hand, consider their own measures to be insu cient or defi cient. Even penetration testing is not fully trusted — only 14% see it as an e cient way to test the security of an in astructure; 68% see it as partially e cient. “The problem needs to be addressed at the root, right during the production of devices, machines and endpoints. The IT industry could take a cue om the process industry — the pharmaceutical industry, for example. There, it is a legal requirement to provide complete traceability and transparency for every component of a product. This should equally be standard in the IT sector to eliminate the risks posed by easily hackable fi rmware in production equipment and other endpoints. Every piece of unknown so ware on a device or a simple component of a device is a black hole with full risk of being attacked by a hacker or entire groups,” said Wendenburg. This so ware bill of materials, also called “SBOM,” is also supported by 75% of the respondents.
Study reinforces demand for proof of origin Meanwhile, the damage can quickly run into the millions: 35% of the IT managers and decision-makers surveyed for the study consider an annual damage of up to 100 million euros to be realistic, another 24% even up to 500 million, and 17% more than 500 million euros. “Since the fi gures were requested between January and February 2022, a far more dramatic picture can be painted now. Since we know that IT attacks are also part of warfare, we must protect ourselves even better. Especially, since we can expect a further increase in industrial espionage as a result of sanctions. Here, too, weaknesses in fi rmware can favor the intrusion of hackers and can even make them almost invisible, because classic security measures o en fail when hacked via industrial systems or devices,” explained Wendenburg. DW
ONEKEY | www.onekey.com
Internet of Things
Prevent power drop during switch fi rmware upgrades
When deploying managed PoE switches in an industrial
network, upgrading fi rmware is an inevitable action to enhance switch performance. However, upgrading typically requires devices powered by a switch’s PoE to be shutdown for up to 15 minutes or more. As a result, data om these Powered Devices (PDs) that businesses rely upon to make informed decisions cannot be captured. PoE-powered PDs at risk include IP cameras, sensors, PLCs, VoIP phones, PoE lighting, and non-PoE switches. A solution to this issue involves integrating Persistent PoE technology into 802.3bt PoE managed switches. This patented technology ensures power is continuously carried to PDs during fi rmware upgrades so data collection is not terminated, plus it prevents connected PDs om rebooting once power is restored. Uninterrupted PD availability is mission critical in IP video surveillance, Intelligent Tra c Systems, Smart Factories, remote kiosks, and automated parking — all applications that would benefi t om Persistent PoE. As enterprises modernize, they’re increasingly adopting PD devices and facing greater exposure to the danger of lost PoE power that will compromise data collection and video monitoring. This Persistent PoE technology mitigates the risk. Customers can opt for LMP-1204G-SFP-bt, LMP-0702G-SFP-bt, or LMP-C602G-SFP-bt series managed switches, featuring a mix of 6 to 12 Ethernet and SFP fi ber ports combined with 802.3bt PoE++ delivering up to 90 W per port with the reliability of Persistent PoE. DW
Antaira www.antaira.com
WHAT DO YOU THINK?
Connect and discuss this and other engineering design issues with thousands of professionals online
NEWS
Consortium to develop power consumption management standard
A key objective of the future
mechanical and plant engineering sectors is to achieve climate-neutral production. This is backed by the European Union’s “European Green Deal,” which aims to make Europe climateneutral by 2050. To achieve this goal, and to implement many other use cases, energy consumption data in production is an important prerequisite. ODVA, OPC Foundation, PI, and VDMA founded the “Power Consumption Management” group in May 2022. In this group, the OPC UA interface standard for energy consumption data is being developed. Karsten Schneider, Chairman of PI, is looking forward to cooperation with the ODVA, the OPC Foundation, and VDMA: “The acquisition and analysis of energy consumption in machines and plants is an immensely important topic for the future.” “The four organizations are working at full speed to harmonize and standardize energy consumption information on the shop fl oor,” says Andreas Faath, head of VDMA Machine Information Interoperability Department. “With this, a crucial building block, supporting the goal of global climate-neutral production in all sectors of the machinery and plant engineering industry, is under development.” “Rapid transition to environmentallysustainable energy use is the greatest challenge of our time and, as such, I am glad that we are proceeding together: PI and ODVA contributing their in-depth know-how on energy interfaces at the fi eld level, with the internationally recognized OPC UA data modelling standard defi ning semantics and secure data transport, serving as the foundation of the Global Production Language developed by the VDMA,” said Stefan Hoppe, President OPC Foundation. “ODVA is pleased to be an active contributor to this key initiative to
optimize energy usage and thereby reduce the detrimental impact on the environment om waste,” said Dr. Al Beydoun, President and Executive Director of ODVA. “This Power Consumption Management collaboration will help ensure end users have a highly standardized and interoperable means to reach their environmental, social, and corporate governance (ESG) goals.” The results of the working group will be published as a new OPC UA specifi cation. Future releases of the OPC UA for Machinery specifi cation will leverage these results, ensuring that energy information om all machines and components on the shop fl oor can be provided in a standard way as part of the Global Production Language. “The activity is based, in particular, on the existing standards of the participating organizations; but also on other standards om the OPC Foundation, the VDMA, and external research,” said Heiko Herden, VDMA and elected chairperson of the new joint working group. “In combination with other OPC UA for Machinery use cases, such as status monitoring or job management, the calculation of the product and production-specifi c carbon footprint will be possible.” Within the VDMA, over 600 member companies develop the Global Production Language. OPC UA Companion Specifi cations, for numerous sectors of the mechanical and plant engineering industry, are being created by an additional 40 working groups. The basic specifi cation, “OPC UA for Machinery,” is a special case. Here, important building blocks are defi ned across all domains. Other specifi cations can be based on these building blocks.
