To help its users, developers and colleagues get a handle on today's fast-digitalizing technologies, Phoenix Contact staged a Technology Conference on Aug. 8 that educated several dozen attendees on the latest developments in infrastructure, building automation and cybersecurity.
"The main driver now is digitalization in the form of fully automated smart devices and communications that make up the Industrial Internet of Things (IIoT) and Industrie 4.0," said Jack Nehlig, president of Phoenix Contact USA, in his opening keynote address. "The IoT is already running on 25-30 billion connected devices, and it's headed toward 50-100 billion, which will form a supervisory control and automation pyramid in which all IoT devices will be interconnected."
Jim Bland, vice president and general manager of Tridium at Honeywell Building Technologies, reported, "We're creating and consuming data at a phenomenal rate, but big data isn't just greater volume because the stream is also faster and its variety of data is greater, including structured data, unstructured data, text and images. Computing costs have fallen through the floor, which has allowed big data to increase, but many business are dying of thirst in an ocean of data because they can't make use of it."
Bland added that Tridium is good at handling structured data, but much of what coming in now is unstructured, and so blockchain and other digital ledger methods are being adopted to verify what form this new data is in to make more of it useful.
To get beyond the informed stage and reach the insight stage—and do it securely—Kevin Smith, chief architect at Tridium, reported, "The cybersecurity landscape is more challenging than ever because the threats are pervasive and persistent. The average cost of one data breach is $4 million. The IoT provides a new frontier for hackers because many IoT devices can be hacked and repurposed to attack others and steal data. Your smart device could be the Trojan horse in your organization. We're seeing more edge devices enabled with Internet protocol (IP), but the question is: are they cyber-aware, and are they getting patches and security fixes?"
Smith recommends routinely changing default passwords, not just for routers, but for building controls, too. He also advises users to conduct inventories of their entire networks, and identify everything to which they're connected.
"Because ransomware is now a $1 billion industry, and it's typically initiated by users clicking on links in email attachments, it's especially important to not use mission-critical or supervisory systems to check email or go on the Internet," added Smith. "Cybersecurity policies and procedures are critical. However, people must also be reached to understand and respect cyber-threats, and taught how to follow correct cybersecurity procedures, and that good cybersecurity behavior must be enforced. There's a lot of great security policies and technologies out there, but they don't work because people don't enforce them, or they ignore them because they don't understand how important they are."
Smith added that Tridium's Niagara 4 software makes security easier by using a "security by default" principle, which requires default credentialing changes immediately upon commissioning, strongest authentication mechanism by default, enforcement of strong passwords, and encrypted communications.
Smith added that Tridium's 10 best practices for cybersecurity include:
- Never expose building control systems directly to the Internet;
- Use a defense-in-depth network security strategy;
- Always change factory default credentials on devices in your building networks;
- Execute a patch management plan;
- Protect from ramsomware by educating staff, deploying antivirus software, performing periodic system backups, and treating supervisory systems as mission-critical by not using them to check email or access the Internet;
- Use encrypted communications;
- Follow security best practices for configuring products;
- Don't forget physical security;
- Do periodic risk assessments; and
- Address the fact that people are the weakest link and most critical aspect in building system security.