IoT and Industry 4.0, with the demand for digitized production environments (operational technology), are often lumped together. While they share common characteristics, such as dedicated hardware without the traditional user interface, or sensors to capture data and conditions, they are different technologies. However, one commonality is significant: the challenges of securing traffic in these modern environments.
Any Internet-enabled device and production environments that converge with IT networks are vulnerable to the same vulnerabilities, misconfigurations, and cyber threats known to IT infrastructures. Accordingly, precautions must also be taken here for secure access to prevent the entire company from being compromised.
The danger is well known because the security of IoT devices and OT systems has been neglected for a long time. For cost reasons, such systems are usually not high-performance systems with specific IP stacks and hardware. These endpoints and devices do not have the technical resources to integrate security mechanisms.
ALSO READ: How To Build A Resilient Supply Chain
On the one hand, production environments did not fall under the area of responsibility of the security team responsible for IT security, and they were not previously linked to their classic IT security infrastructure. On the other hand, production and control systems operate in much longer acquisition cycles and, accordingly, often run with outdated operating systems and software,
Nevertheless, IoT devices and OT environments represent a gateway into the company network. In the course of digitization, modern production plants can often be accessed via the Internet for maintenance purposes. The attack surfaces for intruders resulting from the convergence of OT and IT are, therefore, also on the IT team’s agenda. Attack vectors result, for example, from the connection of maintenance teams and, thus, third parties via conventional remote access mechanisms such as VPN. This is accompanied by the problem that, in principle, access to a company’s entire network can be established through remote access.
Sticking Point Network Remote Access
A classic remote access connection to production systems works via access to the network. For maintenance work on techniques or devices, the support employee relies on an administration interface to which a connection must be established either via a cable-based or wireless connection.
However, in particular, business-critical infrastructures should also have an access mechanism to their OT systems that grant access when the network infrastructure is unavailable for data traffic. In the event of a power failure or other disruption to the IT system, the classic connectivity mechanisms fail. For example, if firewalls in the network environment fail, management of the production facilities is no longer possible,
So how can remote access work when the entire IT infrastructure is paralyzed? In such a scenario, a 5G connection can provide on-demand connectivity. A 5G connection can establish the connection in the event of a particular need, comparable to an insurance policy that takes effect in an emergency.
In contrast to conventional connectivity models, this connection does not have to be permanent but only established when access is required. The rethinking begins with the fact that devices of the Internet of Things or Industry 4.0 environments do not necessarily require a permanent network connection for security reasons or maintenance purposes. In case of doubt, such a continuous connection can pose an inherent security risk.
It is crucial for a company’s security and ability to act that it can also exercise its control and security function over data streams in network-independent infrastructures. At this point, a problem seems to arise: Security has so far been oriented towards existing physical and, thus, tangible structures that are not consistent with network-agnostic connectivity. This is where Security Service Edge comes in. Security must, therefore, always be located on the way from the user to his application, an IoT device, or a production environment – independent of a network.
Security Orchestration Over 5G
For such an on-demand access model to work in the sense of the Security Service Edge, companies have to rethink and take the necessary precautions. The farewell to all network access is made possible by the principles of least privileged access based on zero trust. With a Zero Trust-based approach, no communication can occur between a service technician and the system without this being explicitly permitted.
Central to any security orchestration is how someone can only gain access to a system when that access is necessary. Such orchestration requires a mechanism that is aligned with business processes. A third party that has a maintenance contract for production facilities or IoT devices,
Connectivity on demand ensures that OT environments can be operated in isolation from network environments, thus contributing to a higher level of security for the entire infrastructure. However, such a mechanism must not be complex to process for the operators of the production facilities. There should be simple rules for access authorizations, which are processed automatically using a zero-trust approach. A cloud-based zero-trust broker takes care of authorization based on policies for access permissions.
Such a system can also be set up in a network-agnostic manner for 5G radio networks. The radio signal only requires a remote station in the form of a cheap wireless connection to the production environment, which must be able to be maintained if necessary. An intermediate security cloud regulates the automatic authorization and verification of access rights to the system.
By sealing off the entire network, such a system ensures that the OT environment can be reached, which can also be guaranteed if the network infrastructure is not accessible. This type of dynamic connection can then be activated via 5G when it is needed. This means that Industry 4.0 models can be operated efficiently by automating access control – and can also be controlled in an emergency.
When the network infrastructure is unreachable, this dynamic connection can then be activated via 5G when needed. This means that Industry 4.0 models can be operated efficiently by automating access control – and can also be controlled in an emergency. When the network infrastructure is unreachable, this dynamic connection can then be activated via 5G when needed. This means that Industry 4.0 models can be operated efficiently by automating access control – and can also be controlled in an emergency.
Farewell To The Network Connection
Companies no longer need a dedicated physical network but a universal connection to all types of data transmission, including the Internet and wireless networks such as 5G. In reality, most organizations no longer have the one wired network or wireless LAN that allows employees to access their applications and authorized groups of people to access IoT devices and production facilities.
A 5G wireless network can already be counted among the private environments, which is kept isolated from the outside world for a company and can provide the necessary security for IoT and Industry 4.0. Orchestration keeps the delivery model in a more efficient production environment, where resources are only provisioned when needed.