Business View Magazine | January 2020

33 BUSINESS VIEW MAGAZINE JANUARY 2020 ASSOC I AT ION FOR PACKAGING AND PROCESS ING TECHNOLOGI ES (PMMI ) The Georgia Tech panel feels this is where operations technology (OT) and information technology (IT) professionals need to collaborate. Companies have to transform themselves around domain expertise to solve problems at a level applicable across domains. And, when it comes to sharing data, trust has always been a significant issue when talking about machine-to-machine, machine-to-human or even among humans. When assessing new control products, there are five recommended security features to look for: 1. Network interfaces: For decades, control systems used proprietary networks and protocols. Now, however, many use Ethernet and standard protocols designed to make sharing data more manageable. When trusted and untrusted networks are kept separate, a rogue actor attempting a hack on the untrusted network cannot access data on the trusted network. 2. Firewalls: Most are aware of network firewalls, but individual devices can also have firewalls. A controller for an IIoT project should have a device firewall as well. The dual-interface controllers mentioned earlier should have firewalls on both network interfaces and be configured independently.  3. Data communication options: Consider a different way of communicating data. For example, look for a controller that offers device-originated communications. In publish-subscribe communications, a controller originates a broker connection— either on the premises or in the cloud—and then publishes data and/or subscribes to broker data. Because the link originated behind the firewall, no firewall rules for open ports are necessary, and data can travel both ways securely. 4. Encryption and certificate management: A control system is as important as a bank and requires the same level of data security. Data transmitted on any untrusted network needs encryption. A controller providing data encryption and capabilities to manage security certificates establishes a more secure network. 5. User accounts: Can anyone access the controller, or does it require a username and password? User authentication is a primary network security feature, yet one that’s missing in most automation products. Also, look for the ability to set up users (people and software) with complex passwords and account levels that offer different permissions depending on the user’s needs. Limit users to the specific data and controls each requires. For example, an operator might need to control a process, while a manager just needs production data and a cloud service requires a small subset of data from a few machines.