An action plan to enable unsupervised updates and distribution of software in manufacturing facilities
The number of smart devices and connectivity in our manufacturing facilities got a real boost with IoT and Industry 4.0, on top of the already available PLC’s, Industrial Control Systems, Production Data Collection and Manufacturing Execution Systems in our plants. Every system which is not actively integrated with a process can be managed and updated relatively easily and remotely. And very importantly: unsupervised!
Those systems which are integrated with the production processes form an entirely different challenge. If a control systems can be updated while a machine is active is the easiest question. Much more challenging are validation of the systems after updates or distribution of new software, and the liability for safety and availability during and after the updates. Security considerations come into play. Who is authorized to access the OT network to distribute those updates and when? And how can validation be automated? Supervised updates might be “playing it safe” but they also require an unsustainable allocation of resources from owners, operators and in most cases vendors.
Supervised manual updates also form a significant risk factor, on top of potential constrains imposed by the availability of resources and machines. No less than 1 in every 3 of every cyber security issue in manufacturing facilities was caused by unsecure updating procedures, and another 1 of every 3 cyber security incident could have been prevented by timely distribution of security patches.
When reflecting on the required resources and costs of supervised manual updating, and the established delays in distributing security patches, we can only conclude that this is not a sustainable method.
The right mix of technology, security concepts, collaboration between all parties involved, and a clear distribution of liability and responsibility offers a fast-forward path towards automated unsupervised updates and distribution of software. Unsupervised Updates in Manufacturing offers insights in the roadmap towards responsible and reliable unsupervised updates, and the means to eliminate the resource demanding manual supervised update processes.
About Dr. ir Johannes Drooghaag
Dr. ir Johannes Drooghaag, commonly known as JD, started his career in Applied Information Technology and quickly realized that the development and complexity of technology outpaces the development of our understanding of technology.
Working based on the principal that we don’t have to understand the bits and bytes to use technology, but we must understand how to use it optimal and secure, Johannes developed a wide range of consulting services, training programs, keynotes and workshops to allow people and organizations to do just that: embrace technology in the optimal and secure way. The Human Element in Cyber Security, The Human Element in Agile and Cyber Security for Road Warriors (and Couch Potatoes) are examples of these programs.
Working as consultant, trainer and speaker with clients and partners around the globe, the mission is crystal clear. Bridge the gap between what we do and what we know.
I am JD. I love what I do, and so will you!