| | JULY-SEPTEMBER 20219Managing this new dimension requires a technical and mental convergence of information technology and operational technology. This is because remote services typically use information technologies, while data and signals are connected to operational technology domain. We must define use cases of remote services in order to map requirements for the data and controls and security requirements for data management and data flow. We must emphasize security awareness amongst both personnel and partners to address, for example, risk of attacks via social engineering alongside other common practices and policies like accepted devices, internet connections, and data access and storage. One way to control field device data is to use edge devices to manage controls to data and enable a secure channel to the connected world, if the field device does not natively support such measures for remote services. Remote services may very well increase people safety, but we must design and execute with both safety and security aspects considered. Otherwise, we risk increasing the attack surface or minimizing people's safety. This speaks to the industry need for more focus on both functional safety and industrial security in combination. So, when we design new products and services, we design them both safe and secure. Remote services during the current global pandemic has pushed us to learn new ways of managing business continuity. Remote use of data and data-driven decision making is enabling faster reactions in operation, encouraging the development of new competences, and impacting the future of businesses for the better.Managing it all in a safe and secure way is an ongoing journey for everyone. IACS security programs, policies, and procedures must be developed. Remote services request to share device level operational and maintenance data with OEMs and operators. Preferred solutions are business dependent and can vary from device or edge connectivity via cloud to cloud systems to fully integrated enterprise systems with role-based access control to partners.The first steps to ensure business continuity, even in these extraordinary times, can be implemented quite fast, safely, and securely by using well-proven technologies and best practices. While doing so, it is important to keep focus on the use cases. It will be interesting to see how many of these changes remain when we get to the other side of this. What do you think? on infrastructure services using industrial fieldbuses for communication. System integrators and component providers are gradually adopting guidance and requirements while standardization is proceeding, and new products and services are launched. This gives basis for asset owners for IACS security strategy roadmap to guide future investments.It's worth noting that industrial security is not only about making secure devices based on secure coding practices, crypto chips, etc. It is also about physical segregation by limiting who has access to the devices. Before Covid-19, security segregation referred primarily to networking segmentation and physical segregation of infrastructure and devices to minimize security risks. In these times, we have adapted these methods within the manufacturing space to limit contact between shifts of workers to minimize health risks, keep production running, and ultimately ensure business continuity. And when we combine physical segregation with digital technologies that allow for remote work, it opens the door to new ways of working, both within companies and how companies are working together. More specifically, there is a trend towards procedure-based services. This typically consists of remote operations and maintenance, but also includes services in the earlier phases, such as remote commissioning and remote audits.
< Page 8 | Page 10 >