Using Engineering Principles To stay Cyber Secure
A sobering new report from MakeUK reveals that 42% of British manufacturers have been the victim of a cyber security attack over the last 12 months. The main source of risk comes from maintaining legacy systems, with limited cyber security skills amongst the workforce in second place.
Understandably, this may cause decision-makers in manufacturing businesses to hesitate before adopting new technology, but there is risk in this approach too. With increasing global competition, sky-high energy prices, and shortages in skilled labour and stock material, now is the time to adapt and overcome – standing still is off the table.
How to access the benefits of smart manufacturing technology without cyber security risks
So what can decision makers do to access the benefits of smart manufacturing technology without opening themselves up to a plethora of cyber security risks? To answer this question, we first need to address an elephant in the room…
Cybersecurity Can Be Seen As Being Scary
People view cyber security as scary because many of us have no idea what it truly is, how to defend against it, or how to assess our level of security. Even the term “Cyber Security” conjures images of a basement-dwelling hacker, typing with furious fingers as lines of code scroll across the screen.
However, there is cause for hope - and no need to inhabit your basement – the same engineering principles that govern the physical world also apply in cyber security, so manufacturers are well placed to access the benefits of digital technology, without compromising safety or security.
In the following sections, we will address each of these engineering principles one by one to enable the safe and successful adoption of productivity-boosting tech such as our machine monitoring platform.
Eliminate Before You Optimise
A golden rule of engineering is to eliminate potential problems and make them impossible, before trying any kind of optimisation. This is the heart of Poka-Yoke, a Toyota Production System principle that encourages engineers to design processes where it is simply impossible to get them wrong. A typical example of this is to make components asymmetrical so there is only one way they will fit together during assembly – the right way.
Machine Monitoring Software Designed To Eliminate Security Risks
Here at FourJaw, we have followed this rule when designing our machine monitoring software platform.
We first eliminated a direct connection to your machinery control systems. These connections provide a vulnerable route into the brains of your equipment and giving a third-party device that level of access is a genuine cause for concern.
To address this issue, the FourJaw team designed our MachineLink IoT device to use non-invasive current clamps that simply clip onto the wires in your machine’s electrical cabinet. With this read-only way of collecting data, the security of your equipment stays intact, but you get full production visibility through the day and night.
The second area of elimination is the transmission of sensitive data outside of your factory. Whilst a typical controller integration would have access to machine toolpath filenames and part geometries, the FourJaw machine monitoring platform only gathers electrical current data traces. That’s plenty to understand the productivity, utilisation and capacity of your machines, but there’s nothing sensitive being sent, meaning you can improve the productivity of your night shift, whilst still sleeping easily.
In-House What You Know
Most manufacturing businesses have a delicate balance of key competencies they deliver in-house, and other business functions they outsource to third-party specialists. We recommend the same approach to cyber security.
A common capability we see manufacturers deliver in-house is the control of their network security. Having your IT team administer access to your company network and configuring firewalls is a great way to take control of your security and keep your systems safe.
When it comes to adopting new technology, you’re then in the driving seat – no one gets access to your network unless you let them. A common approach we recommend here at FourJaw is to set up a separate, isolated network for third-party devices, which has no visibility of your main company network. When using a cloud-based manufacturing analytics platform like FourJaw, the only connectivity requirement for our machine monitoring hardware is outbound access to the internet. There’s no need to communicate with your on-premises systems or servers in any way, so you can isolate them completely, enabling your shopfloor to become cyber, whilst keeping it secure.
Outsource What You Don’t Know
After taking reasonable steps to eliminate security risks and in-housing control of your network, the final element is to partner with trusted third parties who will hold up their side of the deal when it comes to security.
Let’s be honest - there are several security details that most manufacturers lack the time and expertise to investigate further– and that’s okay. Examples would include:
- Is data encrypted when it leaves your factory and when it’s stored?
- Does the software code contain any security flaws or vulnerabilities?
To ensure we tackle these questions securely, the FourJaw team follow the outsourcing principle ourselves, bringing in external expertise to test the security of our systems. The first way we do this is through penetration testing – where we hire a professional hacker to attempt all sorts of nefarious cyber-attacks on our system. Following penetration testing of both our MachineLink hardware device and our cloud platform, we have proven that our security is top-notch.
Don’t believe me? Feel free to use this online testing tool to see our A+ results for yourself.
The other important partner we have in our approach to security is the Microsoft Azure cloud platform. Microsoft employs quite simply an army of cyber security specialists who have created automated services that scan, test and protect cloud-based applications running in Azure.
With the click of a button (well, to be truthful, quite a few buttons), we have automated protection for our whole cloud platform, lending us a level of security that would not be achievable for any standalone business.
To leave you with a final thought – and to dispel the myth that on-premises systems are safer than the cloud – did you know that the National Cyber Security Centre now entrusts Microsoft Azure with all of their data, as it is deemed the safest place to store it.
Conclusion - Manufacturers can be 'Smart' and 'Cyber Secure'
I hope that this article has dispelled some of the fear around cyber security, and has given you the confidence to adopt productivity-boosting technology by applying well-known engineering principles.
We truly believe you can raise your factory’s productivity without raising your blood pressure, comfortable knowing that your systems are safe, and your factory is cyber-secure.
Robin-hartley-Willows
Co-Founder & CTO
