Connectivity versus security: weighing the risks
Connectivity offers machine builders many advantages, such as the ability to provide more efficient service or even to design data-driven business models. However, any form of connectivity comes with risks and not every end customer is eager for it. That’s why you have to make the right trade-offs between risks and benefits.
Increased demand for connectivity
In times of downtime, the end customer expects support as quickly as possible to prevent production stagnation. On the other side, the machine builder is struggling with scarcity of PLC skilled staff, limited expertise and increased demand from customers, while willing to organise service more efficiently. In addition, there is a rising demand for machine data to optimise production processes, offer proactive maintenance or to draw lessons for the next series of cheaper, more stable and more efficient machines. This has led to an increase in connectivity to meet both demands.
Why connect machines to the internet
There are many reasons why you may want to connect your machines to the internet. The two main reasons are:
Connected machines enable you to access your machines remotely which opens a whole new world. You can monitor and control your machines from anywhere at any time, which enables you to provide faster and more efficient service. This saves you a lot of time and money since your engineers don’t have to travel as much as before anymore. At the same time, customer satisfaction will increase significantly.
Collecting and analysing your machine data enables you to understand what happens inside your machine. It is crucial information when you want to keep innovating and optimising your machines. Gain insights about the condition, performance and productivity of your machine, analyse them and create new business models out of it to offer value to your customers and generate recurring revenue.
Sounds good, right? But be aware of the risks involved. You have to connect your machine to the outside world, which increases the risks of cyber attacks. The first step in reducing security risks is to be aware of what can happen. The second step is to know how you can keep your machine secure during its lifecycle. Besides that, you have to determine whether risks are acceptable or not.
Weighing the risks against the benefits
As a machine builder, you have to identify the security risks of connectivity so you can look at them objectively and carry out a risk analysis. There are two different risks involved here: technical security risks and business risks.
What can technically go wrong when I connect my machine to the internet? If the firewall isn’t set up strong enough for example, cyber criminals can easily access the factory network. That’s something you want to avoid. Therefore it’s important to determine how likely a risk is to happen and what the impact will be. To classify there’s a special formula which calculates the risk score based on those aspects:
Likelihood x impact = risk score
Determine how likely a risk is to occur, identify what the impact is, and give a score to both variables. Then you multiply these scores and get a value from this: the risk score. You will calculate this risk score for different scenarios that can arise when using connectivity and sort from highest to lowest score.
You are going to focus on those with the highest score and choose a strategy to deal with it:
- Avoid: we’re not connecting our machine to the internet, because the risk is too high;
- Reduce: we’re connecting our machine to the internet, but we have to adjust X to reduce the likelihood/impact;
- Insure: we’re connecting our machine to the internet, but we arrange insurance to compensate us if things go wrong.
There's also the risk of lost opportunity: what will I miss when I choose to not connect my machines to the internet? To decide if connectivity is worth the risk, try to think of the benefits it could bring you and determine whether they outweigh the risks.
Does it enable you to save costs and increase machine efficiency? Could you generate recurring revenue or will it cost you too much? Will you create added value for your customers and will customer satisfaction increase? Does it enable your company to grow?
After determining both the technical and the business risks, you can weigh the risks against the benefits and make a well-considered decision.
Reducing the risks and convincing your customer
Sometimes you take a risk because you really want to take advantage of the benefits. Think of email. It’s not properly secured by default. It brings huge risks, since you probably receive 50+ emails a day which can include phishing and spoofing. Or you can accidentally send confidential information to the wrong person. But, still we are all using email, because we want the benefits despite the risks.
This doesn’t mean you have to take the full risk. By securing your email you can at least minimise these risks by using internet security software, a secure password and training your employees to recognise phishing emails.
Unfortunately, we can’t give you general advice on how to minimise the security risks of connectivity, because every situation is different. The only advice we can give is to look at which risks are acceptable and how you want to reduce them.
Engage with your customer
Be aware that the security of connectivity becomes a recurring discussion point with your customers. Make sure you are well prepared and know everything about your machine, cloud environment, connectivity solution and-so-on. Show them you are putting effort into reducing the risks by means of the risk trade-off and tell them about the benefits, the acceptable risks and how you’ll reduce these risks if needed.
We, at IXON, are prepared to think along, to talk along and to tell you more about our point of view. Do you need help with getting your security in place or in convincing your customers? Contact our security officer to discuss how to tackle this.