Industrial Internet of Things (IIoT) Data security and shop floor … · 2020-06-29 · Data...

Industrial Internet of Things (IIoT)

Data security and shop floor integration

DATA SECURITY AND SHOP FLOOR INTEGRATION/IIOT

Introductions

Peter Pearce

Principal – Enterprise Solutions & Services

[email protected]

+1 (313) 979-5232

Brian Nichols

Director – Risk, Internal Audit, and Cybersecurity

[email protected]

+1 (972) 748-0496

IIOT - DATA SECURITY AND SHOP FLOOR INTEGRATION

Agenda

― Intro to Baker Tilly― Industry 4.0 maturity model―7 layer security model for IIoT―Roadmap to leveraging IIoT

About Baker Tilly

WHO WE ARE

Baker Tilly

− Established in 1931

− More than 4,000 team members in the U.S.

− Baker Tilly is the 12th largest accounting and advisory firm in the U.S.

− Largest member of Baker Tilly International

− Tenth largest accountancy and business advisory network

− Offices in 146 countries

− More than 36,000 professionals

− $3.9 billion in worldwide revenue

WHO WE ARE

Baker Tilly Consulting

− Established in 2002 as an alternative to the “Big 4”

− Six specialized teams

− Over 600 consultants

− Flexible engagement model that fits our client’s needs and culture

− Focus on strategy, execution and transformational projects

− Deep functional, industry and technical experience

BAKER TILLY CONSULTING

We compete by

− Providing a wide range of functional, technical and industry expertise to assist our clients in solving their toughest challenges

− Bringing innovative and pragmatic approaches for solutions, business practices, and strategies to our clients

− Equipping our clients to scan, assess, and rapidly adapt to changes – thus positioning them to compete effectively at the speed of business today

Enterprise Transformation

& Digital Solutions

Government Contractor Advisory Services

Business Information

Systems

Enterprise Solutions &

Services

Healthcare Consulting

Global Forensic & Litigation

Services

BAKER TILLY CONSULTING

Industry specialization

Aerospace andDefense

Automotive Banking and Financial Services

Construction

Consumer Packaged Goods

Food and Beverage Government Healthcare

Higher Education Insurance Manufacturing Retail

Supply Chain & Manufacturing PracticeContext Diagram

Demand Production Inventory andDistribution TransportationPlanningPlanning

Enabling TechnologiesEnabling Technologies Advanced

Analytics

Intelligent Automation

Blockchain

Shop FloorIntegration

AI &

Learning

AI & Machine Learning

APS Solutions

Smart Factory

ExecutionExecution

Sourcing and Procurement

Manufacturing Operations

Distribution & Warehousing

Customer Order Management

Global Trade Management & Compliance

StrategyStrategyNetwork Design

Sourcing Strategy

Manufacturing Strategy

Product Portfolio

Cost to Serve

Inventory & Working Capital

Labor

Channel Strategy

Material

Logistics and Transportation

9

Industry 4.0 Maturity Model


Adoption of Industry 4.0 is not a one size fits all approach

Companies need help navigating this uncharted territory. Start by gauging your readiness.

― Maturity model provides a roadmap to achieving Industry 4.0 advantage

― Identify areas for improvement and manufacturing agility

―Based on a compliance and process controls framework


Industry 4.0 maturity model – 8 key functional areas

Software Integration - Connecting systems of information to pass data without manual effort.

Business Strategy - Planning and allocating resources to adopt new manufacturing technology.

Data Management - Collecting, storing, and accessing data.

Big Data Analytics - Driving timely insights from vast amounts of information.

Production Technology Integration - Connecting shop floor machinery to collect better data.

Mobility - Accessing shop floor information from off-site via portable devices.

Product Development - Creating and launching new products to meet customer requirements.

Robotic Automation - Using robots to automate repetitive manual and digital processes, increasing efficiency.


Industry 4.0 maturity model – 5 levels of maturity

Essentially a summary of the current state of 8 key functional areas of an organization not yet started.

Start ‘dipping your toes’ into these technologies and practices; fragmented, segmented, not core to the way the organization naturally runs its business.

Starting to embrace a strategy for integration, data management and analytics.

Noticeable improvement across your business; integrated data and KPIs; trends starting to drive business decisions, investment strategy, reduction of human error on shop floor.

World class integration; data collection and analysis is essential across the business; state of the art manufacturing and warehousing is in place to eliminate human error and optimize efficiencies.

Level 1: Undefined/Undeveloped

Level 2: Repeatable

Level 3: Defined and Integrated

Level 4: Measured and Managed

Level 5: Optimized

INDUSTRY 4.0 MATURITY MODEL

No automated exchange of data between machines. Minimal use of innovative products. Many occurrences of human error.

Trial size of innovative products integrated. Minimal Machine-to-Machine interactions occur. Human error a problem.

Intermediate amount of devices integrated. M2M communication established. Sensors, wearable devices in some areas. Noticeable reduction in human error.

Innovative technology in many areas; sensors, wearables. M2M communication covers most of shop floor. Greatly improved efficiency. Large reduction in human error.

Smart Factory status. Interoperability across all machines. No human error. Optimized efficiency.

Level 1: Undefined/Undeveloped

Level 2: Repeatable

Level 3: Defined and Integrated

Level 4: Measured and Managed

Level 5: Optimized

People

Integration

Machines


INDUSTRY 4.0

Maturity Model Overview1

Undefined2

Repeatable3

Defined and Integrated4

Measured and Managed5

Optimized

Software Integration

Incompatible software systems. No data transfers between systems. Heavy reliance on

manual labor.

Some basic systems are integrated. Plans in place to invest further integration. Mostly

relies on manual data transfers.

Most software systems integrated. Integration plans are being put into action.

Data flowing throughout most area is the enterprise. Investments are beginning to show

returns.

Complete software integration throughoutentire enterprise. Optimal level of

compatibility between systems in all areas of business.

BusinessStrategy

No plans/motivation to invest and adapt to advanced production techniques. Unclear on

requirements and direction.

Benefits of digitalization being realized. Motivation to adapt is being cultivated.

Digitalization requirements are being realized.

Vision of future state beginning to take form. Management establish goals and determine enterprise requirements. Culture shifting to

accommodate changes.

Management has established and is aware of digitalization strategy. Investments are

budgeted. Progress benchmarks are established.

Culture adjusted for digital shift. Requirements are clear and defined.

Timetables and budget are established.

Data Management

Minimal capture and storage of large data. Unorganized data storage, hard to access and

utilize.

Some data captured in effective ways. Plans to expand data capture and storage becoming an area of interest. Cloud technology starting

to be utilized. Less manual labor required.

Implementing advanced data capture systems. Expanding scale of implementation

of cloud storage and integrated technology on shop floor. Employees utilizing new data.

Integrated technology systems have spread throughout most of the enterprise. Cloud data is accessible to relevant users. Data is being

applied to improve operating systems.

Complete integration of data capture systems. Cloud data is organized and easy to access firm-wide. No manual labor required. Data is

shaping decision making.

Big Data Analytics

Data analytics have minimal use in the value chain. Do not impact processes and offer no value to decision-makers. Limited visibility

through KPIs.

Big Data analytic packages beginning to impact decision making, more employees

trained to use. Goals to further utilize analytics in production set. KPIs tracking

efficiency.

Analytics important to decision modelling. Large understanding of usage. Moderate

range of KPIs, efficiency problems highlighted and trends noticed.

Accessible and easy to compile data analytics nearly firm-wide. KPIs are essential to

production decisions. Trends become large points of reference.

Data analytics are essential through-out value-chain. Historical trends captured and

displayed. Wide-range of KPIs available. Clear, concise diagrams accessible.

Production Technology Integration

No automated exchange of data between machines. Minimal use of innovative products.

Many occurrences of human error.

Trial size of innovative products integrated. Minimal Machine-to-Machine interactions

occur. Human error a problem.

Intermediate amount of devices integrated. M2M communication established. Sensors, wearable devices in some areas. Noticeable

reduction in human error.

Innovative technology in many areas; sensors, wearables. M2M communication covers most

of shop floor. Greatly improved efficiency. Large reduction in human error.

Smart Factory status. Interoperability across all machines. No human error. Optimized

efficiency.

MobilityNo investments to allow production data to be

visible in the mobile world. Must be at the source to gain visibility.

Trial size of innovative products integrated. Minimal Machine-to-Machine interactions

occur. Human error a problem.

Some systems have mobile platforms established. Intermediate amount of data accessible on mobile devices. Employees

trained in mobile platforms. Visibility increases.

Mobile software compatible with many devices. Most data is accessible on mobile

devices. Employees have a deep understanding of platforms. High level of

visibility off site.

Completely integrated mobile functions. Data accessible on all major mobile platforms.

Complete off-site visibility.

ProductDevelopment

Extended design to market timeframes. Expensive and time consuming prototyping

techniques.

Low customer responsiveness. Little experience with digital modeling.

Some systems have mobile platforms established. Intermediate amount of data accessible on mobile devices. Employees

trained in mobile platforms. Visibility increases.

Large investments in Digital-to-Physical techniques. Product to market in reasonable

timeframes.

Firm-wide digitalized prototyping technologies. Responsive to customer

requirements.

Robotic Automation

No change from traditional production processes. Manual labor intensive.

Machines capable of simple automation. High probability of human error.

Introduction of minor robotic automation. Processes/ inventory tracking require

machine-human interaction.

Robots perform most warehousing tasks. Few human errors.

Full utilization of robotics in warehousing. No human error. State of the art inventory

tracking.

GRAPHIC SLIDE – Able to Edit. Hidden from presentation

INDUSTRY 4.0

Maturity Model Overview

Industry 4.0 maturity score

0.00.5

1.0

1.5

2.5

3.5

4.0

4.5

2.0

3.0

5.0

Low

Asse

ssm

ent

High

Where does your company stand?



Industry 4.0 maturity model – 8 key functional areas

Software Integration - Connecting systems of information to pass data without manual effort.

Business Strategy - Planning and allocating resources to adopt new manufacturing technology.

Data Management - Collecting, storing, and accessing data.

Big Data Analytics - Driving timely insights from vast amounts of information.


Mobility - Accessing shop floor information from off-site via portable devices.

Product Development - Creating and launching new products to meet customer requirements.

Robotic Automation - Using robots to automate repetitive manual and digital processes, increasing efficiency.

Securing Industry 4.0


How a company approaches cybersecurity often reflects their view of the entire industry. Companies with well-defined OT/ICS cybersecurity processes believe that other organizations also have well-defined processes. In contrast, companies without clearly defined security processes believe that the entire industry needs to catch-up on how it approaches cybersecurity.

Based on a 2019 study by Kaspersky

60% of manufacturing companies had a security incident in the

last 12 months

Only 31% of manufacturing companies

surveyed have an incident response program

70% of companies surveyed

consider an attack on their OT/ICS infrastructure likely

Stuxnet 2010

Shamoon 2012

BlackEnergy 2015

TRITON 2017

WannaCry 2017


Advanced persistent threats on industrial systems

Ransomware infected over 230,000 machines running on Windows operating systems in over 150 countries, forcing facilities to pay cryptocurrency ransom

Malware cut electricity from three regional electric power plants in Ukraine, affecting roughly 225,000 residentsMalware spread from USB sticks to

disrupt PLC feedback, resulting in burned out centrifuges in Iran's nuclear facilities

Source: CISA 2016, NIST 2017, McAfee 2018

Russian Grid Hacking 2018

Chinese Grid Hacking 2019

Honda Cyber-attack

2020

Target

LC Industries

FACC

Titan Manufacturing


Advanced threats against US companies in manufacturing and distribution

For over a year from 2017‐2018, hackers used malware at the application layer to steal customer billing information

The defense manufacturer discovered a breach that impacted 3,754 of their customersnegatively impacting their relationship with the DoD

HVAC Systems running an old version of Java were breached to access Target’s network credentials compromising millions of credit cards in 2014

The Airbus supplier was breached by hackers posing as the CEO, stealing $54 million


Exponential growth of access points

―Manufactured for cost rather than security

―Wide-ranging security standards

―Can create gaps in networks even without an

interface or security software

0

200

400

600

800

1,000

1,200

0 10 20 30 40 50

Num

ber o

f Con

nect

ions

Number of Devices

Connections Between Nodes

Source: BI Intelligence 2016

IoT devices are projected to outnumber humans 3:1 by 2023

Characteristics of IIoT devices:


Cybercrime in manufacturing― “As of 2017, manufacturing was reported as the second-most attacked industry to cybercrime.” – AT&T

Cybersecurity Insights Report

― Manufacturers are eager to keep costs low to only satisfy the minimum requirements for IIoT, leaving security vulnerabilities

― IIoT strategies often fall outside of overall business security strategies leaving limited governance

― Common breaches result in losses such as:― Business disruption― Intellectual property theft― Data ransom― Financial transactions― Sensitive trust relationships

Cybercrime Costs― $15.8m per year average for

Automotive organizations who

reported cybercrime

Source: Virtual Capitalist 2019, AT&T 2018

A Roadmap to Leveraging IIoT

STEP 1Identify pain

STEP 2Determine

existing tools

STEP 3Evaluate options

STEP 4Piloting/

implementation

STEP 5Cyber threat

hunting


Roadmap to leveraging IIoTSTEP 6

Rinse/repeat

Cybersecurity embedded throughout


Step 1: Identify pain

―Capacity―Overwhelmed labor―OEM – expanding requirements―Mis-shipments – counts, sequence, weight―OEE – downtime, efficiency, capacity―Accuracy – inventory, downtime, setup, "real time"/dated information― Skilled trades – operators, programmers, etc. are diminishing in supply― Identify cybersecurity risks


Step 2: Determine existing tools

―Hardware: PLCs, HMIs, barcode printers/scanners, scales, robots, calipers, torque tools, controllers, etc.

― IT: PCs, network (wired/wireless), tablets, TVs, etc.― Software: ERP, MES, SCADA, databases, 3rd party, etc.― Staff: ERP/MES/SCADA/IT/OT/PLC/maintenance―Determine vulnerabilities in existing tools―Assess security features and functionality in existing tools


Step 3: Evaluate options

―Presently: minor gap fills, or significant missing pieces―Partner/suppliers―Open architecture― Scalable―Manageable (in house/3rd party dev, support, diagnostics)―Cost structure (users, volume, points, controllers, screens, modules, licenses,

developers, transactions)― Interview existing customers―Critical data to capture―What's the return on investment?―Consider cybersecurity risk when identifying investments


Step 4: Piloting/implementation

― Two Primary Routes―Address biggest pains―Address lowest hanging fruit

― Explore low cost/no cost demos― Start small – don't eat the elephant―Assign a dedicated project champion―Demonstrate the benefits to team members―Communicate and open the door for feedback― Enable the security features to ensure purchased functionality stands


Step 5: Cyber threat hunting

―Proactive approach – going on the offensive―Run with the assumption that the attacker is already in the system

undetected―Determine global attacker’s latest tactics, techniques, and procedures through

crowdsourced data― Identify if behaviors are present in current IIoT ecosystem

―Deploy advanced analytics and machine learning to sort through data to pinpoint irregularities

― Investigate irregularities with Endpoint Detection Response (EDR) solutions


Step 6: Rinse/repeat

― Evaluate best practices― Evaluate corporate standards, templates, global/local data requirements,

localization, etc.―Create/distribute standards―Quicker scaling―Normalized data, standard content, familiarity for operators, management,

executives― Easier maintenance/upgrades― Target next “pains”, deadlines, etc.―Apply same methods―Re-assess your security risks and execute on risk mitigation activities

KEY TAKEAWAYS

Prepare for the unknown

― Advanced technology must be strategically aligned and carefully approached

― Industry 4.0 security is layered into applications and integrations

― How prepared are you?

DATA SECURITY AND SHOP FLOOR INTEGRATION/IIOT

Questions?

Peter Pearce

Principal – Enterprise Solutions

[email protected]

+1 (313) 979-5232

Brian Nichols

Director – Risk, Internal Audit, and Cybersecurity

[email protected]

+1 (972) 748-0496

Baker Tilly Virchow Krause, LLP trading as Baker Tilly is a member of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. © 2018 Baker Tilly Virchow Krause, LLP

Industrial Internet of Things (IIoT) Data security and shop floor … · 2020-06-29 · Data...

Documents

Transcript of Industrial Internet of Things (IIoT) Data security and shop floor … · 2020-06-29 · Data...