Thursday 28 Mar 2024
By
main news image

This article first appeared in Digital Edge, The Edge Malaysia Weekly on October 10, 2022 - October 16, 2022

Industry 4.0, Industrial Internet of Things (IIoT), smart manufacturing — catchphrases we’ve been talking exhaustively about for years, with visions of factory floors filled with futuristic robots and drones like something out of Star Trek. For many companies though, these are no longer just buzzwords or something only pictured on TV.

Malaysian companies also fall in line as 77% have indicated that they are prioritising technology adoption in the near term in an effort to accelerate their business adaption to the new normal, according to EY’s 2022 Business Pulse Survey.

Almost half of them (43%) are optimistic that their businesses will recover to pre-pandemic levels in one or two years as Malaysia transitions to the endemic phase of Covid-19. With an increase in the digital adoption rate among businesses after the onset of the pandemic, the study outlined that 48% of large companies and 37% of micro, small and medium enterprises (MSMEs) have found that the adoption of digital technologies made the most positive impact during the pandemic.

On top of that, there has been increased demand for remote operations. More and more connected devices are coming online and, in turn, an increased attack surface for potential bad actors in cybersecurity.

The divide between IT and operational technology starts to fade and with that, the rise in prominence of the IT function on the factory floor. This places the chief information officer (CIO) in an even more crucial role, especially when it comes to the criticality of maintaining secure operations. People, processes and procedures will always be integral in securing network environments, including the edge. Edge data centres refer to smaller, decentralised facilities that provide computing and storage in a location closer to where the data is being generated.

Industrial edge enables resilience

A main driver of resilience in manufacturing environments has been through distributed IT environments, including edge data centres, to improve speed and lower latency with this increase in data from connected products. For industrial operators to reap the benefits of this digitalisation and automation, CIOs are deploying edge data centres in manufacturing settings to ensure they have the capacity to capture this incremental amount of data.

In Malaysia, only 27% of companies have leveraged edge computing while 38% said edge computing is new to them, according to Tech Research Asia’s 2020 survey on edge computing in Asia-Pacific. The report also found that 32% of local companies deployed edge computing solutions using their existing data centres, 11% will be building new data centres and 9% will facilitate edge computing with co-location facilities.

Local edge data centres are used to enable these connected endpoints on the network. As a distributed model, computing, aggregation and analysis occur at the physical site instead of being sent to a server sitting at a centralised site or in the cloud. This infrastructure includes IIoT devices, switches, routers, servers and virtual tools. An IT edge environment in an industrial setting includes a plethora of distributed endpoints and, in turn, increases the attack surface for cybercriminals and hackers. A challenge of edge computing for CIOs is security and how to manage the increased risk.

Cybersecurity best practices for edge computing

Managing this risk requires the proper implementation of security best practices for devices, networks and applications. IT decision-makers with a distributed IT environment will need to implement a comprehensive cybersecurity approach focused on these four tactics:

Selection criteria: Microsoft introduced the Security Development Lifecycle (SDL) to consider security and privacy concerns throughout the entire software development process. It is important to validate that vendors develop their applications, devices and systems following a well-implemented SDL. A properly integrated SDL process can reduce vulnerabilities and coding errors with the necessary mitigations to secure the application, device and system, while improving the reliability of the software and firmware.

Another popular standard, IEC 62443, is accepted worldwide in defining security standards developed by industrial control experts. This standard specifies process requirements for the secure development of products used in industrial automation and control systems as well as edge IT applications. It defines an SDL for the purpose of developing and maintaining secure products. This lifecycle includes security requirements definition, secure design, secure implementation, verification and validation, defect management, patch management and product end-of-life.

Secure network design: As edge computing evolves and grows, so will the need to design network security for the devices and systems running in the edge. Securing access to the edge should include only providing access to resources via encrypted tunnels (for example, virtual private networks or VPNs) and the proper implementation of firewalls and access control systems. Other best practices for securing networks and the edge include a defence-in-depth methodology and network segmentation.

Device configuration: Before an embedded device or software-based system is used in an edge application, a proper analysis should be done to understand how the device or system communicates and how the device or system functions within the use case that is required by the customer to operate in the edge. Best practices for device configuration include performing vulnerability assessments upon receipt of the device, verifying that the device can be configured to disable any unsecured protocols and finally, ensuring all patches and updates for the device are current before final deployment.

Operation and maintenance to reduce the risk of breaches: While there may be specific best practices for particular applications, patch management, vulnerability management and penetration testing are good practice categories that apply to operating and maintaining all edge applications.

Edge computing provides high-speed delivery of data for edge applications, essential for today’s business. It reduces network latency by providing the processing and delivery of needed information locally. Edge security must maintain integrity, availability and confidentiality to support and strengthen business needs and objectives.

In essence, while companies and MSMEs understand the importance of digitalising their businesses to sustain themselves and survive the situation, it is also vital to note that improper implementation of digital technologies may lead to security risks that may jeopardise the business. CIOs and IT decision-makers need to ensure companies have the necessary skills to mitigate the risks diligently. Thus, it is important for companies to form meaningful partnerships and work hand-in-hand with digital management and automation experts to achieve business sustainability and survive the pandemic.


Adrian Koh is head of secure power division for Malaysia and Brunei at Schneider Electric, a global energy management and automation company

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.

      Print
      Text Size
      Share