Data Networks: In IoT we trust

Smart Solutions

Data Networks: In IoT we trust

The Industrial Internet of Things, or Industry 4.0, not only connects machines and computers but also vendors, suppliers, and customers. Transmission and exchange of confidential data requires secure links and virtual data spaces. The Industrial Data Space initiative aims at achieving just that.

by Gerhard Kafka

The Industrial Data Space (IDS) initiative was launched by Fraunhofer-Gesellschaft in late 2014 with the backing of industry partners and government agencies. Its purpose is to establish a reference architecture for a virtual data space using standards and common governance models to facilitate the secure exchange and easy linkage of data in business ecosystems and to promote its use on a European and international scale.

We have a compelling opportunity for Germany to take the lead in the digital transformation of industry by creating a de facto standard

Reimund Neugebauer
President of Fraunhofer Gesellschaft

Prof. Reimund Neugebauer - Frauenhofer

 

The three elements that need to be upheld to provide information and industrial system asset security are confidentiality, integrity, and availability, often referred to as CIA:

Confidentiality is the principle that information is not made available or disclosed to unauthorized individuals, entities, or processes. Confidentiality in business includes encryption and access control technologies.

Integrity ensures that improper information modification or destruction is guarded against. Data integrity, a subset, ensures that unauthorized parties cannot alter data and take control of the system without detection.

Availability is the property of timely, on-demand, and reliable access to, and the use of, information by an authorized user. Availability controls usually involve redundancy and engineering change control. Sometimes security activities are included.

Standards for industrial security

The Industrial Internet Consortium (IIC) published a comprehensive document, Industrial Internet of Things Volume G4: Security Framework, to initiate the creation of a broad industry consensus on how to secure Industrial Internet of Things (IIoT) systems. These connect and integrate industrial control systems with enterprise systems, business processes, and analytics. They also enable large advances in optimizing decision-making, operations, and collaborations in numerous increasingly autonomous control systems. One section of the book gives an overview of existing standards:

  • The IEC publishes the IEC 62443 series of standards for industrial automation and control systems security. The series is comprised of four sections: General, Policies & Procedures, System, and Component.
  • The National Institute of Standards and Technology (NIST) has published NIST SP 800-82 Revision 2. This offers guidance on improving security in industrial control systems (ICSs), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCSs), and other control system configurations such as programmable logic controllers (PLCs). Performance, safety, and reliability requirements are also considered in the 2015 update.
  • NERC CIP Standards, published by the North American Electric Reliability Corporation, aim at improving the security and reliability of the electricity industry by defining auditable requirements for critical infrastructure protection (CIP).
  • The IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities (IEEE Std 1686-2013) defines functions and features to be provided in intelligent electronic devices (IEDs). The document addresses access, operation, configuration, firmware revision, and data retrieval of an IED.
Data networks in IoT we trust - IDS components

The IDS Business Layer connects data owners with defined business partners

Virtual data rooms

Historically, the term data room comes from its purpose with regard to due diligence audits for mergers and acquisitions (M&A). Originally, during an M&A, companies created actual, tightly secured rooms on neutral ground, such as within a law firm’s premises. Today, virtual data rooms have become the norm but are now located in the cloud, where they securely house all relevant and related content to be audited.

Virtual data rooms require a journal documenting all procedures within the data room:

  • who is authorized to read files
  • who has access to named files, when, and for how long
  • what files are being accessed
  • what is being done with them

There are several applications that target virtual data room security. A highly secure, platform-independent file exchange package is available from Dracoon as an on-premises or cloud version. With Europrise, ISO27001, and ULD certifcation, Dracoon complies with the highest security standards. Proprietary TripleCrypt encryption, comprehensive role administration, and white-label branding has helped to attract more than 400,000 users. The application is used by several large original equipment manufacturers (OEMs): Deutsche Telekom, Bechtle, Hutchison, and British Telecom.

Endian claims its 4i Edge products are unique in that they provide a comprehensive security layer with a simplicity that is rare within the IoT industry. The appliances provide secure remote network access through technology alliances with third parties, such as Cyren, Panda Security, and Cloud4Wi, to offer cutting-edge technology.

The Industrial data space concept has met with considerable interest in many workshops and forums held in connection with Germany’s G20 presidency

Boris Otto
Head of research for the IDS initiative and director of the Fraunhofer Institute for Software and Systems Engineering (ISST)

Boris Otto Frauenhofer

 

The Private Data Room from ITWatch protects applications, content, and printing hardware from malware inflitration and from unauthorized access by unwanted external and prohibited internal sources, including general systems administrators.


IDS in practice: How to create a really smart factory

Steel producer Thyssenkrupp Steel Europe has provided the first use case for IDS with an information system for truck logistics. The aim is to optimize the loading and unloading times of trucks and adapt them flexibly according to transport routes and traffic disruptions. The company handles around 20,000 trucks per month so, with just 30 minutes available to load and unload each truck, any delay in arrival can quickly throw the entire schedule into disarray.
Technology partner Komsa and Thyssenkrupp have developed an end-to-end combination of connected devices between the truck drivers and the weigh gates at the entrance to the loading bays. The aim is to automate rescheduling of truck arrivals based on reliable online data, by using real-time management of time slots and dynamically estimated arrival times Messaging using GS1 EDI XML allows instant and comprehensive status change notification.
Control and automation firm Festo and bearings maker Schaeffler have developed an integrated equipment platform using Object Linking and Embedding (OLE) for process control unified architecture (OPC-UA) over an IDS secure channel. The modular service-based concept can be extended to incorporate semantic technologies or other protocols and provides support for horizontal integration across value chains. System features include process optimization based on higher transparency, knowledge creation and documentation based on data correlation and analytics, and the transfer of new added value to partners.
Salzgitter, a German steel producer, with engineering and electronics company Bosch have developed an intelligent stock information system called From Ore to Refrigerator. It merges existing procurement systems to analyze the underlying supply chain and reveal possibilities of new business models for brokerage of raw materials and metals to customers. Results: automatic management of semantic description of steel quality criteria, machine interface for availability, and greater transparency and faster response times.

Regispace for the Industry Data Space by Regify is a virtual data room for IIoT/Industry 4.0. It enables the secure exchange of data and provisioning of networked services for collaboration over value networks comprising customers, suppliers, and other business partners. It protects IoT and other data against unauthorized access and enables data owners to make data available to partners at a granular level or in an end-to-end secured process.

Leave a Reply

Your email address will not be published. Required fields are marked *

*