Representative End User Clients
Representative Automation Clients
Representative Software Clients
From time to time, various technology-related trends and topics come to the fore and remain popular subjects of discussion and focus for several years. Opinions, predictions and positions emerge and develop as the subjects are further analyzed for their impact and implications. This in turn leads to the identification and development of new technology, products and services.
Two current examples of this are industrial cybersecurity and the Internet of Things (IoT). Both continue to receive considerable attention as suppliers, end users and stakeholders struggle to fully understand how they will develop, and their implications for the use of technology.
However, neither of these concepts is particularly new. The term, “Internet of Things,” has been around since at least 1999, but has become of much more interest recently, as the level of connectivity between smart devices has grown so rapidly. Since well before 1999, automation and other engineers have been working with devices of various levels of capability, using them as sensors and actuators in control systems. More recently these “intelligent devices” have become more prevalent in consumer electronics. The broad availability of various network technologies has only increased their use.
Industrial cybersecurity is also a topic that has long been of concern to automation engineers, with the relative level of attention increasing dramatically since around 2002. The increased use of commercial off the shelf (COTS) components in control systems has further amplified interest, as have the changing threats arising from the practice of connecting these systems to public or general-purpose networks.
As important as it is to understand individual topics, it is equally essential to understand their inter-relationships. Never has this been truer than in the case of these two subjects.
As IoT increasingly pervades the industrial space, the hype surrounding the Industrial IoT (IIoT) subject has ranged from wide acceptance and breathless promotion of its potential, to the more cynical view of some security experts that the IIoT abbreviation should really be short for “Industrial Internet of Threats.” In the case of cybersecurity, opinions about the seriousness of the risks involved range from potential doomsday scenarios to the position that the threats are overblown. Just as in most similar debates, the final determination will probably fall somewhere between the two extremes.
Getting to that point will require that the technical community take a hard look at the dependencies and implications between these two subjects. This community must include not only technology developers and product suppliers, but also asset owners and potential end users, across a wide range of industry sectors. In some cases, it may also be necessary for regulators to be involved in the discussion.
The first step must be a reasonable and balanced assessment of technical capabilities, both in communications and security. This will in turn lead to a better appreciation of potential opportunities and risks, as well as some fundamental questions to be addressed.
Will the pervasive use of intelligent end devices (“things”) present a major security threat to broader systems and networks? Is the level of attention being paid to the inherent security of these devices sufficient? Will the explosive number of devices give rise to fundamentally different approaches to security? Can the inherent capability of such devices be turned to nefarious purposes, such as what we have seen in the co-opting of devices into botnets?
The answers to these and many related questions can hopefully be found before major new risks and threats are seen. Finding these answers will require dialog and collaboration across a variety of disciplines, include security, networking, industrial and various types of automation.
Some of this dialog will occur at the 21st Annual ARC Industry Forum scheduled for February 6-9, 2017 in Orlando. A pre-forum workshop has been scheduled where several experts in these areas will offer their opinions on these and other questions, and take comments and questions from the audience. The findings of the workshop will in turn be used as input to ARC research on these and related subjects.