In the industry, the maintenance of devices and machines have always been a very important activity, because this maintenance has been focussed in the mechanical or electrical fields, but due to new technologies the maintenance has evolved. The principals cause for this evolution are:
- Increase in the amount of data being transmitted between devices.
- Increase in the number of devices connected to Internet.
- Increase in the number of cyberattacks have suffered this sector in the last years.
This maintenance is related with the informatic world because currently in the industries are using devices managed the remote form, connections in real time or the data upload a server in the cloud.
This section mainly consists of having the devices as up to date as possible (firmware, software, etc.), that the architecture continues to meet cyber security needs after some modification and many more aspects that will be discussed in this article.
Importance of maintenance
The new maintenance is gaining more and more weight in the industry, because the cyberattacks are increasing in the industrial sector and the increasing of industrial devices that are connected to internet.
Below, we can see some consequences related to cybersecurity and the industrial sector:
- In 2022, INCIBE registered 338 warnings related to the industrial sector.
- The identification of many vulnerabilities related to the various devices found in the industrial sector, such as PLCs, HMIs, sensors, etc.
Currently, the technologies have enabled that there are different types of maintenance. The most uses are local and remote:
- Local: this mode is the most used because many devices must be updated by connecting directly. The advantages are:
- The device may be connected in a net without internet connexion.
- You are not dependent on any connection to another device on the network.
- Savings in the use of management tools.
- Remote: this method is growing because the new technologies and the benefits that offer to employees. Remote access allows for easier access to the industrial device, because normally these devices are in a remote location or difficult access. The advantages of this methods are:
- Cost reduction.
- It allows to work in a comfortable place, for example the office.
- Increased employee safety.
As has been seen, each of the forms has its own advantages, but the maintenance of the devices is tending towards a mixed method, because this method can reduce cost in the time and in the displacements or the devices most critical are an isolated area and that are not exposed in internet.
The following, as has could see the most important activities for a correct maintenance of devices and to avoid cyberattacks.
- Know the devices: the most important it is known the devices and resources that the company has it. Because without knowledge of the devices deployed, it is impossible to do this correctly. In this section it is necessary to check all the hardware (computer, PLC, HMI, etc), software and applications.
- Create password: initially it must be checked that the installed assets mustn´t default password, because people would be able to know this password through the datasheet of manufacturer and they would be able to introduce in the asset. The password introduced due to comply with certain requirements, even if some industrial devices do not require it:
- At least 15 characters in length.
- Do not use personal information.
- Combine capital letters, small letters, symbols and numbers.
- Do not use the same password in different devices.
- Use programs of management password for example KeePass, One Locker or Dashlane.
- Update of passwords: it is advisable that device password do not remain static and are changed over time. It is advisable to change them every three to six months. This activity is growing, so much so, in the same devices are installing for that is obligate.
- Roles manage: permissions management is essential, because if a user has too many permissions on the asset, he can make some modification and prevent the correct functioning of the asset. For this purpose, it is recommendated follow the principle of minium privileges.This principle states that the user and applications must have access to the data and operations necessary to function properly. In addition, is very important update these roles because there are employees that may be dismissed or that change the company and continue to have access to assets.
- Device update: it is essential to keep assets up to date, as vulnerabilities may emerge over time. One of the best examples is the firmware update as most of the time operators do not want to modify it in case there is a bug in the operation of the device, which makes it a very attractive device to be attacked.
- Access management: It is essential to keep track of who is accessing the assets, because if outsiders gain access, they can cause serious operational problems. For this, there are several solutions: one of them is to have a record of the logs that are produced when accessing the devices.
As you have read in the article, taking proper care of industrial devices is very important to extend their useful life and to avoid any problems in the proper functioning of the company.
In this case, we have emphasised the importance of IT maintenance, due to the tendency of assets in the industry to be interconnected or connected to the Internet and the high growth of cyber-attacks that this sector is suffering.
Because of these consequences, it is vital to follow the good practices discussed in this article, as this can prevent cyber-attacks or that the cyber-attacks suffered are lower risk and easier to solve.