IoT, Security and a Digital Emergency Stop Button
18. August 2015
In the September issue, Plastics Technology will address the potential impact of the so-called Internet of Things (IoT) on the plastics industry. Interviews with analysts, equipment suppliers and processors revealed that the question of securing data and networks, whilst simultaneously making them accessible, remains an issue for IoT in plastics, and elsewhere, going forward.
One version of IoT, which is favored in North America, prominently features the Cloud, leveraging its powerful storage and computing capabilities, while another version is built on local networks and a common language, with its adherents including Europe, where many plastics machinery OEMs reside.
A European Thing
Sonny Morneault, VP of Sales for the North American operations of injection molding machine, automation and auxiliary supplier Wittmann Battenfeld, noted that opposition to the Cloud at his company, which is headquartered in Austria. “Maybe it’s a European thing,” Morneault said. “They’re much more protective of their private information and their data and they don’t have the confidence level that the Cloud is a secure place…and as we see in the news all the time, it really isn’t.”
High-profile hacks of Cloud-based servers are regularly in the news, but whether or not that reflects empirical evidence of an increase in attacks or their sensationalistic appeal to media organizations could be debated.
In a bid for clarity, internet security company CloudPassage, which certainly has a dog in this particular fight, undertook an experiment in 2013 to try to determine Cloud security. Setting up six servers running Microsoft and Linux systems, it posted a $5000 challenge to hackers to break in. Ultimately, it took the winner only four hours to hack in, according to Bloomberg, a less-than-reassuring result for IoT security skeptics. Industry experts, however, point out that many of the high-profile cloud hacks, like the Apple iCloud attack of celebrity accounts, aren’t actually cloud hacks.
Conrad Bessemer, president of auxiliary equipment supplier Novatec, acknowledged customer concerns around security as his company launches a predictive maintenance program that partially relies on the Cloud, but insisted the network infrastructure is secure and regardless, the data his company collects, would be of no interest/use to a hacker, assuming they could make any sense of it.
“Security is an issue when you connect anything to the Internet,” Bessemer allowed. “Now, a lot of people are highly concerned about someone else seeing their production data, and quite frankly, I think that that's silly. We all have different ways of measuring, and if somebody saw someone else's production data, I doubt they could come to any rational conclusion with it.” In any case, Novatec’s technology records machine metrics like vibrations, versus production metrics like throughput, nullifying any potential security concerns.
Biplab Pal, CTO of Prophecy Sensorlytics, which is partnering with Novatec to bring the “machine wearable” technology to plastics, likewise does not see a risk. “Let’s assume the worst case, there is data breach in our server, which is also very unlikely, since we’re using only Rackspace or Amazon, the most protected Cloud servers,” Pal said. “It’s nearly impossible that someone breaks into a Rackspace or Amazon server; but even if they do, they’re not going to control your process, they’re not going to steal process secrets, because there is no control and there are no process secrets to have.”
Despite such assurances from industry, Paul Grekowicz, VP of marketing and product development at auxiliary equipment supplier ACS Group, noted that convincing a company to make its machines accessible, even via a one-to-one secure port, can be difficult.
“Convincing the IT people to actually let you through your firewall, is usually the biggest challenge,” Grekowicz said. “Typically the gatekeeper is going to be IT, and it’s just having an agreement up front with them that this is exactly what we’re going to do.”
Phil Dunn, molding supervisor at automotive supplier ITW Seat Components, admitted he had to have some “discussions” with his IT team when he proposed bringing in Wittmann Battenfeld’s fully networked machines, which allow remote access by technicians, but any concerns were addressed as the company is currently adding its eighth web-enabled cell.
“Our plant manager didn’t seem to think that it would be an issue because you actually have to approve the connection,” Dunn said, “they can’t just come on and connect. You have to actually prompt it on the screen itself, click yes or no, in order for them to access the software inside the system; they can’t just go on and automatically start messing around.”
Remote Access Versus Remote Control
Remote access of machines—using connectivity to check in on production, machine settings—is altogether different from remote control—logging into a machine and directly controlling production—and while the latter is technically feasible, it may never be a reality, according to IoT consultant Ralph Rio.
“There are some evangelists that advocate [remote control], who say you can do it,” Rio said, “but in my head, I visualize that big red emergency “stop” button. You aren’t going to put that on the Internet, and if that's not going on the Internet, there are a whole lot of other things that you might as well not put on the Internet, too, while you're at it.”
Formerly a control engineer, Rio sees no scenario where he’d be OK with full control being web enabled, and not just over security concerns.
“It boils down to not just the possibility of potential security issues but also a service interruption,” Rio said, noting that an interruption in web service could have catastrophic consequences. “Take it to a refinery; you're dealing with boiling oil and when something goes bad it shows up on the nightly news, so you have to be really careful with this stuff.”