DX with Cybersecurity to Protect Smart Factories from Security Threats

CPS

Smart Factory Configuration Example

Figure 2 shows the production management system in the production line of the Omika Works of Hitachi, Ltd. as an example of a smart factory⁽⁴⁾. Omika Works has built a progress and operation monitoring system that collects data on the progress of workers and the flow of goods in physical space and provides a real-time overview of the dynamics of the entire production site in cyberspace. It has also established a highly efficient production model by improving the efficiency of the design process and the accuracy of production planning using a factory simulator.

Figure 2 — Example of a Smart FactoryHitachi has established a highly efficient production model that utilizes people, goods, and equipment information between cyberspace and physical space by linking RFID production monitoring, work improvement support, modular design, and factory simulators.

Challenges of Smart Factories

The goals of the control system in the manufacturing industry are to produce and supply products ensuring the planned safety, quality, delivery, and cost (SQDC) from the standpoint of business continuity (BC). However, security incidents could pose a threat to these goals because they could cause business disruptions, thereby adversely impacting BC+SQDC.

Even if a device or system has maintained BC+SQDC up to now, the scope of assumed reliability must be reviewed when changing the configuration to a smart factory. In other words, the range of control the manufacturer can have will change. For example, the specifications of a conventional control system are fixed at the time of design, and the configuration and forms of use are rarely changed even after the system is installed. However, the following new forms of use are expected to expand in smart factories (see Figure 3).

Figure 3 — Expanding Usage Patterns for DXWhen examining security for DX, it is important to consider not only the traditional fixed linkages, but also IT system linkage, external system linkage, and urban use. Measures must be taken that anticipate these expanding usage patterns.

1. IT system linkage
   For example, to streamline production, the control system is linked to business systems and engineering systems as needed.
2. External system linkage
   The control system is connected to external systems such as cloud systems in order to flexibly use server assets and off-the-shelf services.
3. Use in urban environments (terminals)
   For remote maintenance and similar operations, tablet terminals are used to monitor on-site conditions from locations other than the factory.

In a smart factory, it is necessary to review the conventional concept of perimeter defense, where communication partners within a boundary are uniformly trusted, and to configure control systems and implement security measures that assume various environmental changes.

Mindset Needed for Securing Smart Factories

The future of smart factories, which will be digitally transformed by utilizing open technologies while ensuring business continuity, safety, and quality (BC+SQDC), is expected to incorporate new forms of use such as IT system linkage, external system linkage, and urban use. In addition to the traditional security concepts of confidentiality, integrity, and availability and also health, safety, and environmental protection, the following characteristics will likely need to be protected.

1. Authenticity
   Authenticity ensures that the communication partner is the intended partner, and the communicated content is correct. For example, measures must be implemented to protect against the threat of spoofing when using external services.
2. Reliability
   Reliability ensures that the communication partner consistently performs as intended (does not perform unintended actions). For example, the service content provided by an external service must maintain the expected quality.
3. Protectiveness
   Protectiveness ensures that measures are taken to address security threats to the devices and communication information of communication partners. For example, this can be performed by implementing defenses and detection measures that have been identified as necessary by risk analysis.

It is important to implement and maintain these characteristics of authenticity, reliability, and protectiveness (ARP) in order to ensure future-proof security in a DX-enabled smart factory.

Examples of Security Measures for Smart Factories

Use of authentication techniques that prevent spoofing is one possible solution for ensuring authenticity. For example, multi-factor authentication using two or more of the following methods is effective: knowledge-based authentication, possession-based authentication, and biometric authentication. Another possible solution for ensuring reliability is standards certification, which indicates that a device conforms to a standard. For protectiveness, possible solutions include encryption of information and physical protection of devices. However, it is necessary to take into account the requirements of the control system.

Strategic Planning

DX must be used to develop systems that support these solutions in conjunction with business and production reforms. Because these business and production reforms are wide-ranging and continuous, the implemented measures may have excesses or deficiencies when examined on an individual system basis.

Strategic planning solutions efficiently organize the requirements to be met for security and control systems to develop DX-enabled control systems, and provide the necessary security strategies for the realization of smart factories.

Situation Assessment and Countermeasure Planning

The solution for situation assessment and countermeasure planning is to investigate the current situation from a management perspective, and identify the risks and issues for the current system, its operation, and its response to problems that may occur, in conjunction with the elements to be realized as a smart factory (see Figure 3). Based on the results, the necessary security measures are formulated for the elements to be realized as the smart factory from the standpoint of the control system.

To ensure security for DX, at this stage, it is important to consider authenticity, reliability, and protectiveness against threats such as spoofing.

Building a System

Hitachi supports the entire process from design to implementation of control systems to ensure the security of DX-enabled smart factories.

A DX-enabled smart factory will use a wide variety of devices that are dynamically connected to the network. Hitachi uses its NX net monitor series to provide functions to control and manage the authenticity of these connections, as well as functions to support reliability and protectiveness (see Table 2).

Table 2 — NX Net Monitor Series FunctionsThis table shows the functions for ensuring security in DX-enabled smart factories.

Operational Support

Security incidents that occur in control systems are often detected as anomalies (alarms) in devices or functions. Operational support provides solutions that help to determine whether the cause of the alarm is a security-related anomaly or a normal anomaly such as a device failure.

Human Capital Development

Hitachi is conducting a security human capital development program called “NX Security Training Arena” using cyber-security training facilities. To develop the “plus security” human capital that will be needed to implement DX going forward, Hitachi provides education and training for human capital development from the standpoint of DX-enabled control systems combined with security.