Put Cybersecurity In Your Reliability Toolkit
Klaus M. Blache | August 15, 2018
Reliability and maintainability is a balance between mitigating risks and needed results to provide customer satisfaction (operations and persons buying your product).
As maintenance becomes more digital, especially at the enterprise level, there will be cloud interfaces, remote users, smart factories, MRO parts integrators, and additional players. These challenges and transitions are tough enough without having to be concerned with things such as ransomware, phishing, pharming, Internet bots (software that runs tasks automatically on the Internet) and other cyber attacks. The influx of the digital arena on predictive technologies and condition-based maintenance also opens the door to more:
• attacks on software (such as data collection and management)
• algorithms getting hacked, which may lead to loss of intellectual property or liability
• indirect /less-controlled access with more mobile devices
• stealing competitive and confidential knowledge by breaking into digital twins
• attacks on condition-based maintenance hardware tied to ultrasound, vibration, infrared, temperature, pressure, and other sensors
• threats from dissatisfied employees or third-party suppliers.
A 2017 Breach Level Index report by security giant Gemalto Inc., Austin, TX (gemalto.com), showed 1,765 breach incidents totaling 2.6-billion records. That’s more than 7-million records every day. This was a 164% increase in stolen, lost, or compromised records from one year earlier. Noteworthy is that in 55.9% of the breaches, the exact number of compromised records was unknown. The best protection is encryption and it was used only 3.1% of the time. Key learnings included were:
• Security incidents are getting faster and larger in scope.
• Organizations need to better protect against data breaches (use encryption and control access points).
• Prepare your response plan. It will happen.
• What else can you do?
• Know your data. Set priorities for security and recovery, just like asset criticality.
• Do an FMEA (failure mode and effects analysis) on your data risks. Assess your cybersecurity risk throughout your value stream.
• Malware can come in many forms. Have a control plan for issues:
• imbedded in new software
• attached to a downloaded application
• imbedded in hardware
• a malicious act by a person.
• Encrypt your data if it matters.
• Make sure your data is protected in the cloud. Don’t assume it is.
• Use artificial intelligence and machine learning to guard against hackers (although they will be doing the same to breach your defenses).
I don’t believe condition-based maintenance and predictive-maintenance software are currently a huge threat relative to cybersecurity. Though, as systems are further networked at the enterprise level with more machine learning, the risk level will quickly rise. This can be viewed like reactive versus proactive maintenance. Seventy-five percent of North America is still too reactive, even though reactive maintenance is 15-to 20-times more expensive. The same is true of proactive cybersecurity. The only difference is that being reactive in cybersecurity will cost you immensely. Most companies aren’t prepared enough in addressing cybersecurity risks. What are you doing to get ready? EP
Based in Knoxville, Klaus M. Blache is director of the Reliability & Maintainability Center at the Univ. of Tennessee, and a research professor in the College of Engineering. Contact him at kblache@utk.edu.
View Comments