Industrial control systems are the beating heart and soul of today’s world. Traffic lights, building management systems, food production, agriculture, energy, manufacturing. The humble HMI, SCADA, PLC make the world go round. They will also be the reason the world stops going round in some dystopian cyber-warefare future. Easy come, easy go. Smoke Stacks to Smartscapes, we’ll evolve.
Industrial control systems live and evolve as part of the broader processes they run. Old motors get new Variable Frequency Drives. Simple set-and-forget thermostats get PLC’s bolted to the side for more fine-grained control. Walk up, inspect, monitor, write-down on clipboard systems get live real time measurements to big data for predictive maintenance. The static system of a whole, built and deployed once, has become a constantly evolving system, and, along with it, the risk surface has expanded dramatically.
Most critical infrastructure systems have a simplistic security model: the air gap. Keep the bad out, so the inside can do its job untroubled by modern concepts like defence in depth or authentication (first-factor or second-factor). However, the relentless beat of progress demands greater output, greater efficiency, and with it, remote operations, remote data, turning the invincible air gap security model into the the crumbly swiss cheese risk model.
The ingredients of the problem are simple, fundamental:
Do we have the false choice of “evolve or die” vs “evolve and die”?
The Iron Horses of Industry
Industry does not stop. Equipment is designed to stay in service without scheduled downtime. The factory you are in today has equipment installed many years ago that has been piece-meail updated, greased, serviced. It was never designed for “Microsoft Patch Tuesday” type outages, let alone ‘0 day’ vulnerabilities.
Over the years, these steam engines became electric motors, mechanical timers became transistor, became PLC. These digital bolt-ons where added on, rather than redesigned. Sensors were added, control systems to the sensors, and then remote monitoring followed by remote decision making.
The analog manufacturing plant of the post-war era slowly and inexorably became a distributed control system supercomputer.
The Iron horse of industry and merged with the trojan horse of mythology, pulling IT technology in one piece at a time until the manufacturing floor resembles a data centre.
Beyond Ownership: Subscription Service Revolution
As the digital revolution has progressed, manufacturers have discovered their cost structure has changed. Its no longer design once, build forever. Instead, there is a cloud service, developers, bandwidth costs, customer support. Faced with this, the business model shifted. Rather than sell and support, the manufactures have shifted to subscription service. PLC as a service, HMI as a service, these are in our future.
The benefits (decreased mean time to repair, predictive maintenance, just-in-time everything) all align with the general beat of the drum of increased efficiency. Change is not evil, just unpredictable.
In turn, this has caused the plant operations to need to disrupt the holy of holies, the airgrap. Create some cracks in it.
Where once standards drove the world, we now face vendor lock-in on even simple things. And, that vendor lock in brings its own risks. Their operations becomes our operations, their shift in business direction becomes ours. Their staff work as an extension of ours.
What was once a capex world of RFP->select->design->build->operate, has become much more continuous. Todays state of the art industrial control system is a continuous operation partnership with the owner, the operator, the designer, the builder, the manufacturer. The network must keep up.
The Rise of the AI-Powered Factory Floor
The industry of the future makes faster decisions based on larger data sets. Spreadsheets became Datawarehouse and Business Intelligence. Data warehouses now feed real time decision making with no human involved.
Cyber physical systems driven by AI, faulty data can drive terrible outcomes. Temporary loss of connectivity becomes much more dangerous from a downtime, a cost standpoint.
As the efficiency goes up, the risk goes up. A small error in predictive maintenance can mean damaged or destroyed machines. The “grease it weekly” of yore is now timed to the microsecond.
AI and big data are not effective (either for cost or accuracy) as edge systems. They are tightly intermingled with the hyperscaler cloud systems.
The air gap security that worked for the smoke stack era, that held on by sheer perspicacity and doggedness during the subscription service revolution, will be well and truly no longer effective in the AI-powered factory floor era of the future. Plant operations will need to deeply understand cybersecurity and risk in order to reap the rewards.
Conclusion: Farewell, Airgap – Hello, Hyperconnected Zero Trust Future
As the industrial control systems have evolved, so too has the ecosystem as a whole. The beloved (and believed) airgap, on life support through the subscription service era, must be replaced. The mindset of ‘outside bad, inside good’ must be replaced by defence-in-depth.
Smoke stacks to smartscapes, the installations that evolve, the people that evolve, will remain, stronger, faster, better. The installations that fight the future will die. The air gap is not a sacred institution, it is an element of its time, a best practice of the past. Implement today a safe way to enable the subscription revolution, the big data, the AI, rather than delaying it.
There is no singular tool or technology, no panacea, that will one-stop “fix it all”. Instead, the same dogged determination on goal, the same evolution, coupled with the key components of defence-in-depth and zero trust, will yield new solutions, stronger, better.
Embrace the future because you are its past.