The improvement of IIoT in industrial environments

Posted date 12/09/2019
Author
INCIBE (INCIBE)
IoT

The industrial environment is becoming increasingly more digital, and this is demonstrated by the connectivity of its devices. The idea of this concept is to optimize industrial production through the connection between equipment and a data centre in order to obtain statistics in real time or carry out constant and predictive maintenance of machinery, in addition to controlling industrial production in a more straightforward and secure manner. When referring to these industrial equipment connections, the term Industrial Internet of Things (IIoT) is being used more and more, which comes from the well-known IoT in order to be adapted to control systems.

When discussing IIoT equipment and connectivity we are talking about smart devices that, within a monitored and interconnected network, make it possible to see the values of different parameters in real time, thus being able to see if these have any type of problem. Among them are sensors, actuators and other controlling devices such as PLC (Programmable Logic Controller), RTU (Remote Terminal Unit) or IED (Intelligent End Device), which have evolved over time.

Characteristics of IIoT devices

IIoT devices may be necessary in a wide range of places, regardless of the sector. Due to this, the main physical features of these types of devices are typically:

  • More rugged devices, for operating in extreme conditions without breaking down, in other words, to withstand high or below-zero temperatures, wear and water resistant.
  • Devices with greater autonomy by including large capacity batteries and lower energy consumption, due to the cost of sending an operator to perform maintenance or the complexity of physically accessing the device. Having the equipment connected to the network allows them to be monitored, thus being able to remotely observe and control the life of the device, check logs, make changes to the configuration or update them.
  • Own security system of IIoT devices and with a greater degree of sturdiness, as a cyberattack could be fatal in a critical infrastructure due to the interconnectivity of its networks.

IIoT application in industrial environments

The increase in devices to provide greater intelligence to industrial processes and the use of specific data processing techniques have led to a serie of advantages over more traditional industry. Some of these advantages are discussed below:

  • Improved energy efficiency and predictive and preventive maintenance of the machines, where we can obtain, more quickly, data from sensors and other IIoT devices in order to constantly monitor their operation and, thus, be able to prevent a possible failure.
  • Improved connectivity regarding communications networks, which are essential between the device and the IIoT system within which it operates. In this point there are various parts:
    • Apply appropriate segmentation for the IIoT use, as indicated in the good practices. Network security by means of a good model is imperative. The Purdue Model for the hierarchy of control is a well-recognised model in the industrial environment, since it segments devices and equipment in a hierarchical manner. This model has been used by international standards organisations, to specify a zones and conduits with which to increase cybersecurity of the Industrial Control Systems (ICS). It is also used in a wide variety of security guide materials. The model uses zones to subdivide the corporate networks of ICS in modules that operate in a similar way.
    • Communications in real time, which involves a need to have continuous connectivity, in addition to having the ability to store the data obtained in order to review them again, if necessary.
    • Secure initiation of communications so that there is no possible intrusion by a third party.
    • Link security: focuses on the security level and trust involved in establishing and operating connectivity.
    • Use of the cloud to store data and easy access through other devices to access data.

ENISA model

- High level reference model. Source: Good Practices for Security of Internet of Things in the context of Smart Manufacturing (ENISA). -

Security requirements

These devices should provide greater security, given that they are used in the industrial environment, where a security breach could represent a large-scale risk. For this reason, it is vital to improve security in order to prevent attackers from being able to access information or to prevent problems in critical infrastructures. These improvements are done by taking steps such as:

  • Authorize all IIoT devices, within the OT network, using appropriate methods such as digital certificates/PKI.
  • Define communication channels for data transfer between IIoT devices. Only use secure channels whenever possible and implement white lists.
  • Develop dedicated security requirements for service providers. Audits must be carried out prior to choosing an applicable solution to IIoT and periodically throughout the life cycle of the system.
  • Implement multi-factor authentication, such as security tokens. As a user of such solutions, use multi-factor system authentication.
  • Ensure the security of communication channels related to IIoT solutions. Encrypt communications in cases of important data (configuration, personal data, data for control purposes, etc.), where it is possible to do so without affecting security, availability and performance.
  • For IIoT solutions, it is important to implement protocols with known security capabilities, based on standards and technical recommendations. Use solutions that implement protocols that have proven to be secure or that address previous security problems (for example, TLS 1.3) and avoid those with known vulnerabilities (for example, Telnet, SNMP v1 or v2).
  • Awareness for IIoT devices users in the use of the same, explaining all the technologies implemented for protecting the devices and the ecosystem where they are implemented.

IIoT connectivity

- IIoT connectivity. Fuente: ScienceDirect. -

MQTT and CoAP communications

It is important, when it comes to IIoT, to know what communications protocols are most commonly used. These are MQTT (Message Queuing Telemetry Transport) and CoAP (Constrained Application Protocol).

The MQTT protocol is used for data sharing by one or more brokers. Clients may publish messages on the broker or turn to this in order to receive messages. Furthermore, all of the messages published must have an identification or tag.

These brokers, also called agents or traders, are those in charge of allowing data to be transmitted between the clients that publish and those that are subscribed. When a client publishes a message, the client that is already subscribed to that tag will receive the message with the data through the broker. Therefore, there will be no mistake when it comes to correctly delivering the data, as we can see below:

Broker

CoAP is a client-server protocol, which means that data exchange is initiated by a client sending a request to a server, which will respond with another packet. At any time, a client can send a CoAP packet to a server. Each request has some options, the most important being the Uniform Resource Identifier (URI), which indicates the route to the requested resource.

Post-Ack

As they are very commonly used protocols in IIoT networks, both have been targeted for cyberattacks in order to obtain information and it is one of the reasons why they have received security improvements quickly. The problem is that these communication protocols were not focused on the OT environment or on high security. But with the growth of IIoT and the use of these protocols in industrial control systems, the need to improve MQTT and CoAP security has increased, with the use of some measures such as those below:

  • Apply the TLS encryption.
  • Mutual authentication based on TLS with certificates by devices. Each time there is a new node, it must have a certificate to authenticate with the server. If this node is compromised, the administrator can revoke its certificate.
  • Disable QoS 2 (Quality of Service) and, furthermore, the held messages in order to reduce the risk of suffering DoS (Denial of Service) attacks.

Conclusions

The Internet of Things in the industrial world represents a great advance that brings with it all the connectivity of critical infrastructures within plants or industries, mainly due to more automated, autonomous and rugged devices. This change means, in turn, both an improvement in the companies that are incorporating them, and a risk in their security. Therefore, at the same time that IIoT devices are implemented, they must increase their cybersecurity through the use of more secure protocols, digital certificates or multiple authentication. In addition to having a regulation with which to ensure a better way to interact with these critical devices. These security requirements that must be met require a greater effort by the OT team, which will have to periodically improve security.

Etiquetas