Avoiding a descent into dystopia
A recent report from Japan’s Cyber Security Research Institute warns against a “predictable descent into a dystopian future” caused by a failure to secure the Internet of Things (IoT). Strong words, but not entirely overstated, in my view.
UK manufacturing is increasingly being automated. It’s about time: there are huge benefits to this. Productivity can be improved (after lagging behind much of the G7 since the start of the financial crisis). And labour shortages, likely to increase after Brexit, can be mitigated.
But there is also a very real risk from automation that we need to be aware of: cyber breaches. “Traditional” automation has involved the use of fairly dumb programmable machines, operated by simple Programmable Logic Controllers (PLCs) with little or no cyber security built in to them. When these machines are connected to the internet there are risks that hackers can find a way in to those machines.
We have already seen some examples of machinery being affected. A German steel mill was damaged in a cyber attack in late 2014. And there were reports of attacks on Ukrainian power plants in late 2015. (My company Beckhoff Automation has written about this here)
Perhaps even more worrying is the thought that hackers could use online automated machinery as weak entry points into wider corporate IT systems.
We saw an instance of this last year with WannaCry when several NHS trusts experienced ransomware attacks. Much of the problem then was caused by a failure to patch Windows operating systems, but at least some breaches were caused by malware penetrating NHS machines that were running outdated and unsupported operating systems.
This isn’t a reason to avoid automation. There are ways to airgap or sandbox vulnerable factory systems. But perhaps a more logical method is to use smarter robots. When robots are controlled by smart PCs, as opposed to dumb PLCs, they are far easier to defend against cyber criminals.
Of course there are other advantages to PC-based automation: flexibility, better data collection, easier programming, more effective analysis, the ability to use machine vision. And of course lower cost.
But increased cyber security is an important reason too. And as GDPR is now in effect perhaps it is a reason that needs more emphasis.