Industrial Control Systems and the Cloud: A Match Made in Heaven?
2021-09-02 Stefan Bamberg
Are there any foreseeable boundaries for digital transformation? It doesn’t seem so, as the exponential increase of millions of connected devices and the creative IoT applications that have emerged show no signs of dissipating. And even though industry has been a bit slower to respond, the perceived benefits of smart devices, systems, and entire factories are gaining momentum and driving the convergence of IT and OT in the world of the Industrial IoT. At the heart of digital transformation are Industrial Control Systems (ICS). ICSs include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and Programmable Logic Controllers (PLC). The control systems connect with devices such as sensors, valves, pumps, and motors, via Human-Machine Interface (HMI) workstations that collect all data from these external devices, create reports, triggers alarms, and send notifications.
Until recently, technology adoption in industrial control systems lagged due to the complexity of system requirements, such as the high availability and reliability of systems coupled with significantly longer lifecycles. However, technology is rapidly advancing, and it is not surprising that ICS is moving to the cloud. According to a Darktrace blog post, “the conditions brought about by the pandemic year have brought unique challenges to the management of SCADA systems on site, causing organizations to consider secure ways to slowly transition these environments to the cloud.”
The benefits of bringing cloud capabilities to ICS are real: better and faster data communication and analysis of device performance, management of device configuration, improved diagnostics and troubleshooting, a centralized view of processes, redundancy, and scalability, among others. But the usual fears of data insecurity in the cloud persist and ICS infrastructure has become a popular target for cyberattacks. In addition to financial gain, attackers steal trade secrets and interrupt production processes. These attacks not only adversely affect the assets of the targeted organization but can endanger human lives.
Despite the risks, vendors, system integrators, and IT hosting companies are offering an array of ICS-SaaS offerings and products that provide various forms of cloud implementations for industrial control systems. Different cloud deployment models, such as private, community, public and hybrid, provide an array of configurations and implementation possibilities, and each model carries its own risks.
So, how can ICS vendors protect their cloud environment and ensure the security of their data? First, vendors can follow the guidelines set forth in security best practices documents, like the Industry IoT Consortium’s (IIC) Industrial Internet Security Framework Technical Document, which attempts to identify, explain, and position security-related architectures, designs and technologies, as well as identify procedures relevant to trustworthy Industrial Internet of Things (IIoT) systems. It describes their security characteristics, technologies, and techniques that should be applied, methods for addressing security, and how to gain assurance that the appropriate mix of issues have been addressed to meet stakeholders' expectations. Another educational document of relevance is the IIC’s IoT Security Maturity Model: (SMM), which indicates a path for Internet of Things (IoT) providers to know where they need to be and how to invest appropriately in sensible security mechanisms that meet their needs and requirements. It seeks to help organizations identify the appropriate approach for effective enhancement of these practices where needed.
ICS vendors can also rely upon the expertise of proven security technologies from industry experts like Wibu-Systems to protect their cloud implementations. Wibu-Systems has adapted its CodeMeter software protection, licensing, and security technologies for embedded devices, PLCs, IoT devices, and software operating in the cloud. CodeMeter use cases have been well documented for protection against illegal copying of software that runs on these devices and protection against disassembly and reverse engineering. CodeMeter has also proven valuable for protecting the integrity of the software running on the system as well as protecting the Intellectual Property, such as blueprints or proprietary process recipes, used by the vendor’s customer to produce products.
Another interesting use case for vendors with edge-connected devices or those residing in the cloud are novel software licensing models. With a technology like CodeMeter, vendors can go beyond traditional perpetual license models and consider new consumption based or subscription licensing that may be more attractive to their customers and generate new revenue opportunities.
You can learn how CODESYS, one of the leading hardware-independent IEC 61131-3 programing systems used to create controller applications, has fully integrated CodeMeter for their protection, authentication, and licensing solutions. Just watch the dedicated on-demand webinar.
Contributor
Stefan Bamberg
Senior Key Account & Partner Manager
After studying computer science at the Karlsruhe Institute of Technology, he worked in traffic simulation R&D before switching over to IT project management and key account management for large ICT companies. Since 2012, he is active in the Key Account Division of our Wibu-Systems sales force.