Back to Blog
Data Protection at the Industrial Edge

data edge blog

Edge computing is not necessarily a new concept. In fact, the invention of edge computing dates back to 1997 when Akamai introduced its content delivery network, or CDN. 

Since then, edge computing has secured a foothold as an essential component of Industry 4.0, where there is a particular need for high speed data processing with lower latency. In general, there are three different types of edge computing. There are regional data centers that provide robust data storage and analyze and process data closer to the source than a cloud data center that could be across the country, or even across the globe. However, they have higher latency than the other two types of edge computing because the data still needs to travel to an off-premise location. 

Second, there are localized data centers which many enterprises take advantage of for their faster data processing—the processing is done locally, onsite. However, localized data centers have a reduced storage capacity when compared to regional data centers. 

Lastly are local devices, like routers, gateways, and  smart sensors, that have the functionality to collect, analyze, and process data right at the source. These devices have the least amount of storage and only handle the data necessary to make decisions, but as a result they have the lowest latency. It is with these types of edge devices where Industry 4.0 can see the greatest amount of benefit.

IIoT brings edge computing to the next level

Industry 4.0 has already seen many advancements in automation thanks to the IIoT, ranging from the proliferation of manufacturing robots to autonomous industrial vehicles like self-driving forklifts on the factory floor. With the addition of edge computing in local devices, these automation gains can be further optimized for extra efficiency and productivity. 

Because industrial edge devices like sensors, controllers, and gateways are extremely close to the industrial processes they collect and analyze data for, they are able to achieve that data collection and analysis in real-time. This handling of large amounts of data in real-time data is incredibly valuable in industrial environments. It means smart factories are equipped with further optimized predictive maintenance of manufacturing robots, extending their lifetime and mitigating unplanned downtime. 

With edge computing at the local-level, heavy-duty and expensive machinery is equipped with highly accurate AI decision-making made possible by the faster data collection  and processing by edge devices. 

This can do anything from optimizing production to immediately raising the alarm should a machine malfunction so that a human can intervene. For example, a smart camera being used as an inspection tool in a food production factory collects images of the product, and then the processor on that camera analyzes the images, processes the data to ensure quality, and detects any anomalies. If anomalies are detected—say caps on bottles of soda that are not sealed properly—the smart camera can then send a signal to the machine to automatically halt the bottling process until the issue is resolved.

This anomaly detection and decision making all happens in real-time because the data does not need to be sent over the network and to the cloud for processing. The typical bottling machine fills over 10,000 bottles an hour, or 175 per minute, so an immediate halt of production when an issue is detected can mean the difference between a small fraction of wasted inventory and thousands of dollars worth of defective bottles.

The smart camera in a bottling plant is just one player in the network of connected devices that form the IIoT and provide the edge computing a smart factory needs. While the camera checks for anomalies in the bottling process, a smart sensor monitors environmental factors like temperature to ensure the product is stored safely and prevents spoilage, and self-driving forklifts use LIDAR readings to transport the product from storage to the loading dock for shipping. All of the data collected by these sensors—images of bottle caps, temperature readings of storage facilities, and distance readings on the factory floor, just to name a few—form a network of devices collecting and processing millions of bytes of data that optimizes and automates productivity and drives Industry 4.0.

How edge computing helps—and hinders—cybersecurity

Real-time response and better automation aren’t the only benefits that edge computing brings to the factory floor. Edge computing can actually increase cybersecurity as well. If you’re computing your data in a cloud—rather than at the edge—the centralized location is a prime target for attack. In this case, attackers would only need to execute an attack at one location. On the edge, however, data is spread out across multiple devices, meaning that a single device, if hacked, would have significantly less data compromised than a centralized cloud data center. It’s not dissimilar to the practice of compartmentalization, a common cybersecurity defense mechanism. This defense, at the most basic level, is separated “public” and “private” information and controlling who gets access to each. 

Although beneficial, edge computing doesn’t solve the many cybersecurity risks associated with Industry 4.0. With a fleet of localized edge devices acting in tandem with regional and local data centers and even the cloud, no one cybersecurity solution is sufficient in protecting against cyberattacks. Not only are edge devices handling what is often confidential data, an insecure edge device could give an attacker entry into the larger network to conduct a much more damaging/dangerous attack. The Sartori botnet, which operated similarly to the Mirai botnet that was used in the Dyn attack in October 2016, infected edge devices in 2017 by exploiting two vulnerabilities in Huawei and RealTek devices. Once installed, the Satori malware was able to propagate itself from one edge device to the next without user action.

Just because data is safer because it is spread out over the edge rather than centralized on the cloud, does not make it impenetrable.

Local devices left unsecured make the entire network vulnerable

A recent cyberattack on a water treatment facility in Florida is a great example of why industrial environments need an extremely robust level of cybersecurity. In February of 2021, an attacker attempted to poison the water supply of Oldsmar, FL, a city of about 15,000 people by increasing the concentration level of sodium hydroxide, commonly known as lye, from a safe 100 parts per million to over 11,000 parts per million. While we still don’t know for sure how this attack was executed, we do know that the attacker would have needed access to the data to know how much lye was currently in the water supply and then where to go within the system to increase the lye concentration to dangerous levels.

The attack was thwarted when an operator noticed their cursor was moving out of their control, as the attacker had tried to execute the attack by taking remote control of the desktop. What’s important to note here, in terms of cybersecurity risks associated with local edge computing, is that the water treatment facility assured the public that even if the operator had not noticed the attack, automated pH testing sensors would have caught the dangerous levels of lye before it was ever been released to the public. But, what if an attack was able to compromise those sensors as well? The cybercriminal already proved it was able to compromise one vulnerable access point, so it doesn’t seem unreasonable to say that the sensors, connected to the same network, could also be vulnerable. 

It’s very likely that a future attack could attempt to compromise the integrity of the data being sent to the pH sensors, so that the data would appear as showing a safe level of lye concentration in the water, thus allowing the dangerous, contaminated water to go undetected. While this was not the case with this specific attack, this hypothetical could easily become a reality in the future.

 

Data protection with Dover’s CoreGuard® solution

The unfortunate reality is that it is only a matter of time before attackers are able to create sophisticated attacks like the scenario just described. In order to prevent serious and potentially dangerous attacks from being executed, a defense-in-depth cybersecurity strategy must be implemented.

Download Now - The Cybersecurity Stack: Protecting Embedded Systems with a Defense-in-Depth Approach

With a defense-in-depth strategy protecting the data that is collected, analyzed, and shared amongst our local edge devices, we can prevent such an attack from occurring. Dover’s CoreGuard technology provides a necessary layer of defense with its privacy micropolicies that are designed to secure communications and prevent the exfiltration of private data. They track how information propagates through a program during execution to ensure the information is handled securely.

One privacy micropolicy that would be particularly relevant to edge devices is our Confidentiality micropolicy, also known as taint tracking. This micropolicy prevents data exfiltration attacks by defining confidential data (a.k.a. “tainted”)  and public data (a.ka. “untainted”). Then it tracks the influence of that data as it flows through the system, ensuring confidential data is never stored on disk or sent across a network without first being encrypted.

Additionally, if confidential data is combined in any way with nonconfidential data, then the resulting data must also be considered confidential—or “tainted.” Once data is tainted, CoreGuard enforces that it cannot lose it’s “tainted” or trusted label, and that no untrusted data is able to be processed. 

So, in the hypothetical attack on the pH sensors, once the manipulated, untrusted data is sent to the sensors, CoreGuard would issue a violation and the data would not be processed. Then, a number of actions can be triggered as a response, such as iniativing ASLR or switching to an alternate safe application. In this specific case, it would probably make the most sense to send a notification to the water facility operators so that they can intervene and determine next steps.

As more and more IIoT devices also become edge computing devices, the number of access points that attackers could use to gain access to the larger network has also grown exponentially. Each new device represents a new opportunity for attackers to exploit vulnerabilities within that device and execute an attack on the entire network. Cybersecurity cannot have a retroactive approach. With such a large fleet of thousands (if not millions of devices) for some organizations, the “patch and pray” approach is not going to work.  

The proactive, defense-in-depth approach provided by Dover’s CoreGuard solution is the only way to ensure security, safety, and data privacy on the industrial edge.

Tags

Privacy IIoT

Share This Post

More from Dover

PublishedDecember 27, 2021

With 2021 coming to a close, let’s look back at some of the cyberattacks we’ve seen this year, and discuss what we can expect for 2022. 

Security Communications IIoT