When designing automation systems, it is essential to remember the importance of cybersecurity. Therefore, automation systems should be designed to be secure from the outset – a principle referred to as Secure by Design.
Automation systems utilize a variety of technologies, including artificial intelligence, robotics, different sensors, and software. These systems are often controlled remotely to achieve optimal efficiency. Modern industrial automation technology collect, process, and utilize data to optimize their operations, often using artificial intelligence.
As automation systems are frequently connected to networks and handle a lot of internal company information, such as production processes, they can be vulnerable to external parties seeking to infiltrate and take control of the system if not designed and implemented carefully.
Common cybersecurity threats to production facilities and their automation systems include intrusions, malware, and denial-of-service attacks. The motivation behind these attacks can be to access competitors' systems and copy their code or features, to gain financial profit by selling the obtained information, or to find weaknesses and cause reputational damage.
An attack on a vulnerable system can interrupt production, damage production equipment, and result in significant costs and reputational harm. If a critical infrastructure facility is targeted, the consequences can be severe for the surrounding society. For instance, an attack on a nuclear power plant could pose a danger to a wide area.
The purpose of the Secure by Design principle is to ensure that the automation system is prepared to respond to various threats from the design phase onwards. It is most cost-effective and secure to design the system to be secure from the beginning, rather than fixing vulnerabilities as they are discovered, potentially after an attack has already occurred.
The Secure by Design principle encompasses several practices to ensure maximum security in system design. The design process considers various potential and previously observed threats and makes decisions to avoid these threats from the outset.
According to the Secure by Design principle, the design process of an automation system must always include a risk assessment. A system where different devices and technologies are connected through a network should always be designed with potential cybersecurity threats in mind.
At Mectalent, the design process progresses from the completion of the mechanical design to the risk assessment of the automation system, involving Mectalent's designers, the client's representative, and, if necessary, an external expert. The client usually defines the cybersecurity standards their system must adhere to, determining the primary risks to be assessed.
Sometimes, risks that were not anticipated and are not included in the client's cybersecurity standard are identified during the assessment. In such cases, Mectalent's designers always highlight these risks and describe them to the client with concrete examples.
The next phase in ensuring system security involves designing the chosen technologies, their operating instructions (protocols), and communication. The technologies must be appropriate, and the communication between different software and devices must occur securely.
An example of a secure protocol is the so-called zero trust policy. This built-in feature in the automation system requires all traffic to be verified, allowing the system to detect suspicious activity.
At Mectalent, secure practices are implemented during the system construction: for example, the software used to work on code is recognized as reliable and widely used, employing two-factor authentication from the start. The system also logs information on every user who views or modifies data.
Segmenting and isolating different parts of the system can slow down potential attackers or the spread of malware. Tools for segmentation and isolation include internal and user-specific firewalls and security software.
Different parts of the automation system can also be separated physically or virtually. For instance, different parts of the system can operate in separate VLANs or subnets, preventing an attacker or malware from automatically accessing other parts of the system.
System maintenance should be planned before its deployment, including scheduling updates, tests, and patches in advance. The system can be monitored continuously or through regular checks. Integration and emission tests can reveal potential vulnerabilities, and a plan for fixing these vulnerabilities should be prepared beforehand.
The deployment of an automation system does not happen all at once. Therefore, Mectalent remains closely involved in the deployment and provides support even after the system is in use.
Industrial production facilities often lag in cybersecurity development. Typically, cybersecurity advances first in devices and systems handling business secrets, financial transactions, or personal data, with these practices gradually extending to other systems, eventually reaching industrial production facilities.
Generally, industrial production facilities' cybersecurity is not yet at an adequate level. Therefore, at Mectalent, we ensure that our customers always receive the most secure systems, considering cybersecurity from the design phase through to system usage.
The AI-powered autonomous store technology provider Grab2Go in Estonia utilizes automation technology developed by Mectalent. Their pharmacy unit operates without staff, with artificial intelligence and robotics preparing orders for the customers.
One cybersecurity challenge for the autonomous pharmacy was that it was the first of its kind. A completely new system can attract competitors' interest, with attempts to hack into the system to obtain its details.
The system involves Mectalent's devices and systems working together with other operational technology, communicating with each other. This increases the system's vulnerability and was taken into account during design. The system now uses the OPC protocol, a highly secure solution for such automation systems.
>> Contact us for more information about our automation design services