Industrial Internet of Things (IIoT) Data security and shop floor … · 2020-06-29 · Data...
Transcript of Industrial Internet of Things (IIoT) Data security and shop floor … · 2020-06-29 · Data...
Industrial Internet of Things (IIoT)
Data security and shop floor integration
DATA SECURITY AND SHOP FLOOR INTEGRATION/IIOT
Introductions
Peter Pearce
Principal – Enterprise Solutions & Services
+1 (313) 979-5232
Brian Nichols
Director – Risk, Internal Audit, and Cybersecurity
+1 (972) 748-0496
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Agenda
― Intro to Baker Tilly― Industry 4.0 maturity model―7 layer security model for IIoT―Roadmap to leveraging IIoT
About Baker Tilly
WHO WE ARE
Baker Tilly
− Established in 1931
− More than 4,000 team members in the U.S.
− Baker Tilly is the 12th largest accounting and advisory firm in the U.S.
− Largest member of Baker Tilly International
− Tenth largest accountancy and business advisory network
− Offices in 146 countries
− More than 36,000 professionals
− $3.9 billion in worldwide revenue
WHO WE ARE
Baker Tilly Consulting
− Established in 2002 as an alternative to the “Big 4”
− Six specialized teams
− Over 600 consultants
− Flexible engagement model that fits our client’s needs and culture
− Focus on strategy, execution and transformational projects
− Deep functional, industry and technical experience
BAKER TILLY CONSULTING
We compete by
− Providing a wide range of functional, technical and industry expertise to assist our clients in solving their toughest challenges
− Bringing innovative and pragmatic approaches for solutions, business practices, and strategies to our clients
− Equipping our clients to scan, assess, and rapidly adapt to changes – thus positioning them to compete effectively at the speed of business today
Enterprise Transformation
& Digital Solutions
Government Contractor Advisory Services
Business Information
Systems
Enterprise Solutions &
Services
Healthcare Consulting
Global Forensic & Litigation
Services
BAKER TILLY CONSULTING
Industry specialization
Aerospace andDefense
Automotive Banking and Financial Services
Construction
Consumer Packaged Goods
Food and Beverage Government Healthcare
Higher Education Insurance Manufacturing Retail
Supply Chain & Manufacturing PracticeContext Diagram
Demand Production Inventory andDistribution TransportationPlanningPlanning
Enabling TechnologiesEnabling Technologies Advanced
Analytics
Intelligent Automation
Blockchain
Shop FloorIntegration
AI &
Learning
AI & Machine Learning
APS Solutions
Smart Factory
ExecutionExecution
Sourcing and Procurement
Manufacturing Operations
Distribution & Warehousing
Customer Order Management
Global Trade Management & Compliance
StrategyStrategyNetwork Design
Sourcing Strategy
Manufacturing Strategy
Product Portfolio
Cost to Serve
Inventory & Working Capital
Labor
Channel Strategy
Material
Logistics and Transportation
9
Industry 4.0 Maturity Model
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Adoption of Industry 4.0 is not a one size fits all approach
Companies need help navigating this uncharted territory. Start by gauging your readiness.
― Maturity model provides a roadmap to achieving Industry 4.0 advantage
― Identify areas for improvement and manufacturing agility
―Based on a compliance and process controls framework
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Industry 4.0 maturity model – 8 key functional areas
Software Integration - Connecting systems of information to pass data without manual effort.
Business Strategy - Planning and allocating resources to adopt new manufacturing technology.
Data Management - Collecting, storing, and accessing data.
Big Data Analytics - Driving timely insights from vast amounts of information.
Production Technology Integration - Connecting shop floor machinery to collect better data.
Mobility - Accessing shop floor information from off-site via portable devices.
Product Development - Creating and launching new products to meet customer requirements.
Robotic Automation - Using robots to automate repetitive manual and digital processes, increasing efficiency.
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Industry 4.0 maturity model – 5 levels of maturity
Essentially a summary of the current state of 8 key functional areas of an organization not yet started.
Start ‘dipping your toes’ into these technologies and practices; fragmented, segmented, not core to the way the organization naturally runs its business.
Starting to embrace a strategy for integration, data management and analytics.
Noticeable improvement across your business; integrated data and KPIs; trends starting to drive business decisions, investment strategy, reduction of human error on shop floor.
World class integration; data collection and analysis is essential across the business; state of the art manufacturing and warehousing is in place to eliminate human error and optimize efficiencies.
Level 1: Undefined/Undeveloped
Level 2: Repeatable
Level 3: Defined and Integrated
Level 4: Measured and Managed
Level 5: Optimized
INDUSTRY 4.0 MATURITY MODEL
No automated exchange of data between machines. Minimal use of innovative products. Many occurrences of human error.
Trial size of innovative products integrated. Minimal Machine-to-Machine interactions occur. Human error a problem.
Intermediate amount of devices integrated. M2M communication established. Sensors, wearable devices in some areas. Noticeable reduction in human error.
Innovative technology in many areas; sensors, wearables. M2M communication covers most of shop floor. Greatly improved efficiency. Large reduction in human error.
Smart Factory status. Interoperability across all machines. No human error. Optimized efficiency.
Level 1: Undefined/Undeveloped
Level 2: Repeatable
Level 3: Defined and Integrated
Level 4: Measured and Managed
Level 5: Optimized
People
Integration
Machines
Production Technology Integration - Connecting shop floor machinery to collect better data.
INDUSTRY 4.0
Maturity Model Overview1
Undefined2
Repeatable3
Defined and Integrated4
Measured and Managed5
Optimized
Software Integration
Incompatible software systems. No data transfers between systems. Heavy reliance on
manual labor.
Some basic systems are integrated. Plans in place to invest further integration. Mostly
relies on manual data transfers.
Most software systems integrated. Integration plans are being put into action.
Data flowing throughout most area is the enterprise. Investments are beginning to show
returns.
Complete software integration throughoutentire enterprise. Optimal level of
compatibility between systems in all areas of business.
BusinessStrategy
No plans/motivation to invest and adapt to advanced production techniques. Unclear on
requirements and direction.
Benefits of digitalization being realized. Motivation to adapt is being cultivated.
Digitalization requirements are being realized.
Vision of future state beginning to take form. Management establish goals and determine enterprise requirements. Culture shifting to
accommodate changes.
Management has established and is aware of digitalization strategy. Investments are
budgeted. Progress benchmarks are established.
Culture adjusted for digital shift. Requirements are clear and defined.
Timetables and budget are established.
Data Management
Minimal capture and storage of large data. Unorganized data storage, hard to access and
utilize.
Some data captured in effective ways. Plans to expand data capture and storage becoming an area of interest. Cloud technology starting
to be utilized. Less manual labor required.
Implementing advanced data capture systems. Expanding scale of implementation
of cloud storage and integrated technology on shop floor. Employees utilizing new data.
Integrated technology systems have spread throughout most of the enterprise. Cloud data is accessible to relevant users. Data is being
applied to improve operating systems.
Complete integration of data capture systems. Cloud data is organized and easy to access firm-wide. No manual labor required. Data is
shaping decision making.
Big Data Analytics
Data analytics have minimal use in the value chain. Do not impact processes and offer no value to decision-makers. Limited visibility
through KPIs.
Big Data analytic packages beginning to impact decision making, more employees
trained to use. Goals to further utilize analytics in production set. KPIs tracking
efficiency.
Analytics important to decision modelling. Large understanding of usage. Moderate
range of KPIs, efficiency problems highlighted and trends noticed.
Accessible and easy to compile data analytics nearly firm-wide. KPIs are essential to
production decisions. Trends become large points of reference.
Data analytics are essential through-out value-chain. Historical trends captured and
displayed. Wide-range of KPIs available. Clear, concise diagrams accessible.
Production Technology Integration
No automated exchange of data between machines. Minimal use of innovative products.
Many occurrences of human error.
Trial size of innovative products integrated. Minimal Machine-to-Machine interactions
occur. Human error a problem.
Intermediate amount of devices integrated. M2M communication established. Sensors, wearable devices in some areas. Noticeable
reduction in human error.
Innovative technology in many areas; sensors, wearables. M2M communication covers most
of shop floor. Greatly improved efficiency. Large reduction in human error.
Smart Factory status. Interoperability across all machines. No human error. Optimized
efficiency.
MobilityNo investments to allow production data to be
visible in the mobile world. Must be at the source to gain visibility.
Trial size of innovative products integrated. Minimal Machine-to-Machine interactions
occur. Human error a problem.
Some systems have mobile platforms established. Intermediate amount of data accessible on mobile devices. Employees
trained in mobile platforms. Visibility increases.
Mobile software compatible with many devices. Most data is accessible on mobile
devices. Employees have a deep understanding of platforms. High level of
visibility off site.
Completely integrated mobile functions. Data accessible on all major mobile platforms.
Complete off-site visibility.
ProductDevelopment
Extended design to market timeframes. Expensive and time consuming prototyping
techniques.
Low customer responsiveness. Little experience with digital modeling.
Some systems have mobile platforms established. Intermediate amount of data accessible on mobile devices. Employees
trained in mobile platforms. Visibility increases.
Large investments in Digital-to-Physical techniques. Product to market in reasonable
timeframes.
Firm-wide digitalized prototyping technologies. Responsive to customer
requirements.
Robotic Automation
No change from traditional production processes. Manual labor intensive.
Machines capable of simple automation. High probability of human error.
Introduction of minor robotic automation. Processes/ inventory tracking require
machine-human interaction.
Robots perform most warehousing tasks. Few human errors.
Full utilization of robotics in warehousing. No human error. State of the art inventory
tracking.
GRAPHIC SLIDE – Able to Edit. Hidden from presentation
INDUSTRY 4.0
Maturity Model Overview
Industry 4.0 maturity score
0.00.5
1.0
1.5
2.5
3.5
4.0
4.5
2.0
3.0
5.0
Low
Asse
ssm
ent
High
Where does your company stand?
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Industry 4.0 maturity model – 8 key functional areas
Software Integration - Connecting systems of information to pass data without manual effort.
Business Strategy - Planning and allocating resources to adopt new manufacturing technology.
Data Management - Collecting, storing, and accessing data.
Big Data Analytics - Driving timely insights from vast amounts of information.
Production Technology Integration - Connecting shop floor machinery to collect better data.
Mobility - Accessing shop floor information from off-site via portable devices.
Product Development - Creating and launching new products to meet customer requirements.
Robotic Automation - Using robots to automate repetitive manual and digital processes, increasing efficiency.
Securing Industry 4.0
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
How a company approaches cybersecurity often reflects their view of the entire industry. Companies with well-defined OT/ICS cybersecurity processes believe that other organizations also have well-defined processes. In contrast, companies without clearly defined security processes believe that the entire industry needs to catch-up on how it approaches cybersecurity.
Based on a 2019 study by Kaspersky
60% of manufacturing companies had a security incident in the
last 12 months
Only 31% of manufacturing companies
surveyed have an incident response program
70% of companies surveyed
consider an attack on their OT/ICS infrastructure likely
Stuxnet 2010
Shamoon 2012
BlackEnergy 2015
TRITON 2017
WannaCry 2017
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Advanced persistent threats on industrial systems
Ransomware infected over 230,000 machines running on Windows operating systems in over 150 countries, forcing facilities to pay cryptocurrency ransom
Malware cut electricity from three regional electric power plants in Ukraine, affecting roughly 225,000 residentsMalware spread from USB sticks to
disrupt PLC feedback, resulting in burned out centrifuges in Iran's nuclear facilities
Source: CISA 2016, NIST 2017, McAfee 2018
Russian Grid Hacking 2018
Chinese Grid Hacking 2019
Honda Cyber-attack
2020
Target
LC Industries
FACC
Titan Manufacturing
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Advanced threats against US companies in manufacturing and distribution
For over a year from 2017‐2018, hackers used malware at the application layer to steal customer billing information
The defense manufacturer discovered a breach that impacted 3,754 of their customersnegatively impacting their relationship with the DoD
HVAC Systems running an old version of Java were breached to access Target’s network credentials compromising millions of credit cards in 2014
The Airbus supplier was breached by hackers posing as the CEO, stealing $54 million
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Exponential growth of access points
―Manufactured for cost rather than security
―Wide-ranging security standards
―Can create gaps in networks even without an
interface or security software
0
200
400
600
800
1,000
1,200
0 10 20 30 40 50
Num
ber o
f Con
nect
ions
Number of Devices
Connections Between Nodes
Source: BI Intelligence 2016
IoT devices are projected to outnumber humans 3:1 by 2023
Characteristics of IIoT devices:
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Cybercrime in manufacturing― “As of 2017, manufacturing was reported as the second-most attacked industry to cybercrime.” – AT&T
Cybersecurity Insights Report
― Manufacturers are eager to keep costs low to only satisfy the minimum requirements for IIoT, leaving security vulnerabilities
― IIoT strategies often fall outside of overall business security strategies leaving limited governance
― Common breaches result in losses such as:― Business disruption― Intellectual property theft― Data ransom― Financial transactions― Sensitive trust relationships
Cybercrime Costs― $15.8m per year average for
Automotive organizations who
reported cybercrime
Source: Virtual Capitalist 2019, AT&T 2018
A Roadmap to Leveraging IIoT
STEP 1Identify pain
STEP 2Determine
existing tools
STEP 3Evaluate options
STEP 4Piloting/
implementation
STEP 5Cyber threat
hunting
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Roadmap to leveraging IIoTSTEP 6
Rinse/repeat
Cybersecurity embedded throughout
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Step 1: Identify pain
―Capacity―Overwhelmed labor―OEM – expanding requirements―Mis-shipments – counts, sequence, weight―OEE – downtime, efficiency, capacity―Accuracy – inventory, downtime, setup, "real time"/dated information― Skilled trades – operators, programmers, etc. are diminishing in supply― Identify cybersecurity risks
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Step 2: Determine existing tools
―Hardware: PLCs, HMIs, barcode printers/scanners, scales, robots, calipers, torque tools, controllers, etc.
― IT: PCs, network (wired/wireless), tablets, TVs, etc.― Software: ERP, MES, SCADA, databases, 3rd party, etc.― Staff: ERP/MES/SCADA/IT/OT/PLC/maintenance―Determine vulnerabilities in existing tools―Assess security features and functionality in existing tools
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Step 3: Evaluate options
―Presently: minor gap fills, or significant missing pieces―Partner/suppliers―Open architecture― Scalable―Manageable (in house/3rd party dev, support, diagnostics)―Cost structure (users, volume, points, controllers, screens, modules, licenses,
developers, transactions)― Interview existing customers―Critical data to capture―What's the return on investment?―Consider cybersecurity risk when identifying investments
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Step 4: Piloting/implementation
― Two Primary Routes―Address biggest pains―Address lowest hanging fruit
― Explore low cost/no cost demos― Start small – don't eat the elephant―Assign a dedicated project champion―Demonstrate the benefits to team members―Communicate and open the door for feedback― Enable the security features to ensure purchased functionality stands
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Step 5: Cyber threat hunting
―Proactive approach – going on the offensive―Run with the assumption that the attacker is already in the system
undetected―Determine global attacker’s latest tactics, techniques, and procedures through
crowdsourced data― Identify if behaviors are present in current IIoT ecosystem
―Deploy advanced analytics and machine learning to sort through data to pinpoint irregularities
― Investigate irregularities with Endpoint Detection Response (EDR) solutions
IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION
Step 6: Rinse/repeat
― Evaluate best practices― Evaluate corporate standards, templates, global/local data requirements,
localization, etc.―Create/distribute standards―Quicker scaling―Normalized data, standard content, familiarity for operators, management,
executives― Easier maintenance/upgrades― Target next “pains”, deadlines, etc.―Apply same methods―Re-assess your security risks and execute on risk mitigation activities
KEY TAKEAWAYS
Prepare for the unknown
― Advanced technology must be strategically aligned and carefully approached
― Industry 4.0 security is layered into applications and integrations
― How prepared are you?
DATA SECURITY AND SHOP FLOOR INTEGRATION/IIOT
Questions?
Peter Pearce
Principal – Enterprise Solutions
+1 (313) 979-5232
Brian Nichols
Director – Risk, Internal Audit, and Cybersecurity
+1 (972) 748-0496
Baker Tilly Virchow Krause, LLP trading as Baker Tilly is a member of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. © 2018 Baker Tilly Virchow Krause, LLP