At the beginning of the first day, we had the pleasure of chatting with Sergio Martin, General Manager of ABB Robotics Spain after his intervention in “The Connected Factory: The key to efficiency”. He highlighted as main points when approaching a new connected and efficient industrial plant, the need to correctly decide the assets with which to work, and what technologies are going to be used to extract that data that is in the assets, as well such as the importance of working with a reference partner to host such data. Currently companies are dedicated to producing something very specific and are not working with that information in a secure way.
The transition of the new connected factory is being very slow in Spain, also because the industrial fabric is made up of small and medium-sized companies and the human, technical and economic resources are not always adapted to the needs of the connected factory and this prevents giving a first step and think that “a small or medium company can be one of the great ones in digitization”. Also, Sergio Martin, stressed the importance of going step by step and not wanting to win this marathon on the first day. For this reason, he recommends connecting the critical point first, to see what information it can provide that is relevant, and once that infrastructure is working, the following would be, multiply it, double it, etc. It is a strategy of going step by step and not of revolution, based on learning and evolution.
Regarding the degree of awareness or sensitization to the risks derived from connectivity and degree of exposure of equipment, components or systems within an industrial plant, Sergio Martín, affirms that this culture does not yet exist. Only when working with large servers, connections between clouds, connections between providers, or in a similar casuistry, is when companies consider where that data goes, who has access to it and how it is handled.
Only large companies that have personnel dedicated to handling this data are those that are really aware of the risks derived from external connections. From the CCI, we have seen over the years that there is still no person in charge of cybersecurity within the company itself, but that they are external agents, dedicated to security, who are in charge of protecting its assets.
The second day of Advanced Factories featured an Industrial Cybersecurity Forum. The panel was presented by the coordinator of the CCI in Catalonia, Joan Figueras (Speaker in previous editions) where cybersecurity experts, Ángel Otermin Guerrero from T-Systems, Edorta Echave from Secure & IT group LKS Next / CCI and Samuel Linares from Accenture and expert from CCI, shared their experiences with FY2020 attendees.
Ángel Otermin, sees cybersecurity as an advantage and business opportunity for companies, to be more innovative, more competitive and not necessarily as an expense. It is an opportunity in the digital transition. Companies can offer more efficient products, of better quality and, above all, safer. In the end, we are all clients – consumers and we want products such as our car or the use of banking in our day to day, which are cyber-insurance.
Another point that Otermin highlighted is that the change in mentality and the incorporation of cybersecurity measures is strongly linked to regulation and not to the initiative of the company itself as a business improvement. It is important to comply with the regulation, especially when it comes to critical infrastructure, but Ángel Otermin from T-Systems also considers other important drivers in this transition.
Edorta Echave stressed that change must occur in the departments involved in both environments, both IT and OT. Traditionally they have been oriented in opposite directions, with their own responsibilities and obligations. However, given the increasing interoperability between systems, components and equipment, a change in the way of working is necessary. If technology changes, so must the people who work, deal with it. Additionally, he highlighted the implication that the direction or management must have to provide those same work teams with the necessary resources to tackle this transformation.
He also highlighted how this technological evolution is generating an increasing degree of exposure of systems, the result of interoperability that helps to achieve improvement in processes. This in turn introduces a higher degree of complexity that did not exist before and which, added to the technological risk, makes it mandatory to implement plans to reduce such risks to a level that can be assumed by the organization.
Finally, Samuel Linares from Accenture, highlighted that as the exhibition area increases, so does the number of attacks. The incidents that occur with an impact on the business of companies, mainly in large companies, are increasingly more and more sophisticated. He highlighted the reports and studies that Accenture have carried out to know the assessments, impressions, status and considerations on the need to establish Industrial Cybersecurity plans. Doing it from the design and not as a posteriori measure makes the effectiveness, scalability and level of protection greater and better.
We also had the opportunity to talk with Mathias Nausch from the Fraunhofer Austria Research GmbH, about IT / OT / ET interoperability, who considers that the main difficulties currently encountered are the diversity of technologies in the same plant, and the multitude of connections between systems because technology companies provide their solutions and must be adapted to each client.
In the research field, they use open source software and create all custom panels. But this is not the only challenge they face today, changing people’s minds is also a challenge in itself, and the human factor must be considered in all aspects of Industry 4.0. Familiarizing workers with new technologies is key to moving forward, as well as establishing secure communications between new devices, says Nausch.
The creation of standards would help throughout the process, not only for data transmission, but also for the entire cybersecurity framework.
Mathias Nausch also highlighted the importance of addressing industrial cybersecurity, but, unfortunately, it is not being a priority for most companies, who prioritize production and not the protection of their assets to reduce exposure levels and the possibilities of cyberattacks.
David Belgoff, Senior Cyberscurity Researcher for Funditec, explained from his experience that “within the digital transformation, blockchain would be one of the last things that should be reviewed”, since many companies that seek to implement solutions still use Excel templates or are very dependent on paper, so this reveals the mental model of those who lead organizations. It is necessary to identify the areas for improvement, what are the problems to be solved and the feasibility study of the technology before doing anything. He highlighted the collaboration between the same companies to adopt these changes or technological transition.
Cloud technology offers a dynamic installation capacity, which provides flexibility to companies when choosing these technologies, but calls into question the security of the data they handle.
Depending on the criticality of the data, outsourcing this service may or may not be a better option, as long as the resources are available for it. Companies are beginning to put measures to protect the data collected, but the debate on whether industrial cybersecurity is an expense or an investment remains open.
In conclusion, David Belgoff, highlighted from his experience that “there is no company that does things perfectly in terms of industrial cybersecurity”, believes that it is a decision, “a learning process where the goal is the way”. The key is to take the measures commensurate with the business and the resources.
Without a doubt, Advanced Factories has hosted a group of high-quality and experienced professionals, large companies with innovative solutions, and a national and international audience. In the three days of FY2020, we have been able to verify that the industry is willing to change, to improve productivity, with curiosity about the implementation of the new technologies and solutions exposed, but still with a long journey in incorporating cybersecurity.
From the Industrial Cybersecurity Center we will continue working to make cybersecurity a reality and help train professionals in this field. Events such as Advanced Factories are key for those interested in the progress and growth of the industrial fabric.
CCI Communication Manager & European Coordinator