How to Overcome the Network Airgap for Predictive Maintenance

09.11.2022
guide-image

Why is air-gapping widely used today?

When you deploy your smart machines across factories, you will notice that there are IT security barriers to communicate with your predictive maintenance application via the public internet. While air-gapping certainly helps industrial engineers and IT managers protect their networks against cybersecurity threats, this presents a barrier for machines to send data to the cloud.

In this article, let’s discuss how machine OEMs can overcome common connectivity objections to predictive maintenance communication from their customers with over-the-air communication and secure encryption of factory equipment data.

Air-gapping is insufficient for modern cybersecurity

Picture 2-1-1

But first, let’s define what air-gapping is and why it’s not a secure method to protect machines performing predictive maintenance. Industrial engineers and IT managers at manufacturing facilities often separate their factory networks from the public Internet for security purposes. Manufacturers call this common practice “air-gapping” your factory network.

Air gapping reduces the risk of cyber-attacks over the public Internet; however, air-gapping doesn’t protect against cyberattacks from inside the factory network such as employees attaching USB sticks with malicious software to machines or local PCs. These attacks are not prevented by air-gapping and can bring factory networks offline, costing tens of thousands of dollars in downtime and lost productivity that manufacturers could avoid.

Below are some of the most common threats to factory and enterprise networks:

  1. Phishing: By far one of the most common cyberattacks, phishing is when a cybercriminal sends a company an email that looks official or business related, but prompt employees to click on a link that will give hackers access to their firm’s network.
  2. Ransomware: These attacks involve a hacker encrypting an enterprise’s files on their network and preventing access to critical business intelligence unless a ransom is paid. Many manufacturers who are victims of ransomware pay the ransom because downtime is so costly.
  3. Internal Attacks: According to market research, internal employees account for 30% of cyberattacks at manufacturing facilities. A simple act like plugging a USB drive containing a virus or ransomware into a factory or enterprise network is a common cybersecurity risk. For these risks outlined above, OT and IT managers have physically separated factory networks from enterprise networks.

The problem with air-gapped factory networks for predictive maintenance

Picture 3-1

Air gapping is an imperfect solution to protect against cybersecurity threats and presents a problem for predictive maintenance. Factory operators need to get data to the cloud over the Internet to analyze it, perform predictive maintenance, and prevent expensive downtime.

How can machine OEMs send data to the cloud securely?

The solution: over-the-air, end-to-end data encryption regardless of your device

Picture 4-1-1

First, adopting cellular IoT allows machine OEMs to have a direct line of communication to a machine regardless of the factory network infrastructure. After cellular connectivity is available in your machines, you can secure the machines with data encryption.

Encrypting machine diagnostic data ensures hackers can’t read it or modify it. Data encryption works by taking plain text data and scrambling it into an unreadable format, called a cipher text.

When the cloud application receives the machine data, the data is translated back to its original form through a process called decryption. Decryption works by taking a secret encryption key only available to the sending machine and receiving application, then using the key to unscramble the data into an understandable format.

Through this encryption and decryption process, data is sent securely from machines to a cloud-based predictive maintenance application over the public Internet. Two common technologies where data encryption can be leveraged for secure factory equipment communications over the air are open virtual private network (VPN) and IPsec technology.

How does OpenVPN protect machine data?

OpenVPN is an open-source networking service that allows you to establish on-demand access to any devices in the field or at customer sites over an encrypted virtual private network. This private OpenVPN “tunnel” ensures that anyone outside of the networked devices can’t see them on the Internet.Open VPN-04-2

How does IPsec differ from OpenVPN for factory networks?

An alternative secure communication technology is IPsec. IPsec encrypts data before its transmitted and verifies data’s integrity before it’s received by a cloud server, guaranteeing the device and application data are not exposed to hackers over the public internet.

Picture 5-1

 

Final recommendation: adopt a secure cellular IoT platform

To overcome the issues associated with air gapped networks, we recommend adopting a secure cellular IoT platform like emnify. emnify secures your machine’s diagnostic data with data encryption features like OpenVPN and IPsec that ensure data is protected in transit between predictive maintenance-enabled factory equipment and cloud applications – even over the public Internet.

Want to learn more about how you can secure your data for predictive maintenance with emnify? Request a free consultation.

About emnify 

From reliable connectivity and secure remote access to machines to powerful APIs, automated cloud integration and advanced security features, emnify provides you with all the tools you need to deploy and operate your smart machines for predictive maintenance anywhere and at any scale.

Learn more about how we can help your predictive maintenance application or contact our cellular IoT expert to book a free consultation today.

Get in touch with our IoT experts

Discover how emnify can help you grow your business and talk to one of our IoT consultants today!