Protecting Industry 4.0 assets in the IoT

IoT technology is central to Industry 4.0 in applications ranging from indoor asset location awareness and consignment inventory management to retail item tracking and full, 360˚ track-and-trace processes. Hardware-based, or device, security in these and other applications is often neglected. This is particularly dangerous as the industry seeks to control processes using commercial smartphones, which may have vulnerable security mechanisms. Inadequate device security can put Industry 4.0 operations at risk in many directions, from allowing counterfeits to enter the supply chain to jeopardizing the integrity and reliability of operations.

Solving these and other IoT challenges requires a multilayered approach to protecting all communication between system elements and bringing trust and “always ON” connectivity to each.

Protecting Industry 4.0 assets in the IoT

(Source: Shutterstock)

Indoor location awareness

Many organizations need to track the precise location of assets inside their facilities in real time. These items might be robots on the factory floor, critical and high-value sub-components, or manufacturing tools on the assembly line.

Some items are needed periodically, on demand, but many items are delivered throughout the facility on a regular basis and strict schedule. Administrators need to know an asset’s location at any moment in its journey, including confirmation that it arrived safely at its destination when expected. In many instances, alerts need to be triggered if certain assets are not in an allowed zone.

Indoor location tracking systems make this possible, as long as each system element is always connected and available. The system must deliver near-perfect accuracy when providing asset location updates wherever they may be, no matter the size or configuration of the facility. They also must ensure 24/7 availability so that organizations can be confident about the location of any asset, at any time. They must accommodate items of any size; even the smallest items can be extremely valuable, and there can be hundreds of them to track. Finally, particularly in situations where the assets are in areas of public access, system security to prevent unauthorized eavesdropping is critical.

Indoor location tracking is often integrated into consignment inventory management systems to improve visibility for both the supplier and buyer.

Consignment inventory management

A common Industry 4.0 supply chain strategy is for the supplier to provide assets to a consignee to sell. The consignor still owns the product, and the consignee pays for it only after it has been sold. This consignment inventory business model offers an effective way to reduce operational costs and fuel business growth. Product ownership remains with the vendor until the product is sold.

A great example is hospital equipment tracking to improve visibility and prevent stockouts, especially for critical assets. Administrators can use Industry 4.0 IoT solutions to manage the hospital’s consignment inventory that vendors ship to the facility but invoice only when the product or equipment and associated consumables are used.

The technology automates ordering and invoicing processes. It also can improve safety so that, as an example, a surgical robot component’s lot number, serial number, and firmware revision can be monitored to ensure it is up to date and authentic before it is used. Alerts can be set so that the component is not used in case of a product recall, or the product can get real-time firmware updates while in the hospital prior to use.

For this model to work, however, both the supplier and the purchaser need maximum visibility to this consigned inventory. Additionally, they need confidence that storage, usage, ordering, and invoicing is both timely and secure. Each item of consigned inventory must be authenticated, as it is a potential counterfeit in the supply chain. The system must remove the vulnerabilities that hackers use in any IoT systems to attack connected devices or the core network, or to disrupt the reliable operation of asset-tracking systems. It also must prevent unauthorized individuals from gaining access to consigned inventory status.

Retail item tracking

Real-time asset-tracking solutions improve inventory-management visibility as products move from the shipper to the receiving dock to the retail shelf and ultimately to the cash register and into the hands of a customer.

For instance, the same wireless sensing and secure identification systems used in pharmaceutical manufacturing, food safety, and industrial control can, for instance, ensure that high-value consumer products are accurately accounted for all the way to the point of sale.

These systems can also be used to identify product that has returned from the customer or the retail shelf back into the distribution channel, or to deploy over-the-air firmware updates to electronic products while they are still on the retail shelf. They also help retailers conduct product recalls for specifically identified lots.

Solutions like these benefit suppliers as well as their retail partners, making it easier to know any item’s location status and other details, more quickly and with better accuracy. They enable product vendors to get real-time inventory status on the retail shelf and thereby help minimize stockouts.

There are many situations where additional item status awareness is required. This includes going beyond simply gathering an item’s lot and serial numbers and expiration dates to ensuring that the item has been maintained to temperature and other environmental requirements. This requires 360˚ track-and-trace capability.

360˚ track and trace

In the past, visibility across the entire cold supply chain — from refrigerated production to temperature-controlled storage to distribution and other logistics processes — has been limited. But now there are wireless sensing and secure identification solutions that enable end-to-end product journey verification, from production to consumption. As an example, these solutions enable cold-chain or environmental compliance for food or medications throughout their journey from manufacturing through transport and delivery to ensure they meet strict humidity, temperature, and other transport and storage environmental requirements.

Smartphone control is an important feature. As an example, users on the factory floor can employ a secure mobile app and cloud platform to monitor and protect individual items as they move through manufacturing and packaging to the warehouse and beyond, reducing waste while improving profitability and maintaining product integrity. These solutions also come into play later in the product journey, improving collections and customer satisfaction, accelerating the path to corrective action when needed, and accurately assigning responsibility for non-conforming shipments.

The latest solutions do not require expensive, proprietary hardware. Instead, they may be based on disposable, recyclable radio-frequency identification (RFID) or Bluetooth Low Energy tags that are placed inside the package and activated with a tap. These tags can also incorporate environmental sensors for 360˚ track and trace. Truck drivers and inspectors then place their smartphone close to the item at each step in the product’s journey to collect data, spot problems in transit, share real-time dashboards and data analytics, and create comprehensive shipment reports after delivery.

Securing Industry 4.0 systems in the IIoT

Today’s IIoT-based Industry 4.0 systems require multiple layers of protection, especially when using smartphone apps for command and control.

The first layer of protection focuses on the communications channel between the smartphone app, the product, asset or other connected device, and the cloud. Each of these elements is vulnerable to malware and wireless channel cybersecurity attacks, among other threats. Protecting the communications channel ensures the integrity and reliability of all communication between each system element and the cloud, minimizing cybersecurity risks so that rogue agents are prevented from accessing item data.

The second layer of security establishes a root of trust on each system element. It employs digital cryptographic identities and mutual authentication to validate the integrity of each user, smartphone app, product, consumable, and associated devices and the cloud. This brings trust to each element before it will work with any of the others. Options for user authentication including phone biometric identification, such as face or fingerprint.

Depending on the element, either software or hardware may be used to establish the root of trust. For example, during the manufacturing of products and their consumables, hardware security modules (HSMs) may be used to provision both these elements with cryptographic keys and digital certificates so that they behave like secure elements in the system.

The third security layer ensures the seamless connectivity that is critical for exchanging data, updating firmware over the air, issuing alerts, and ensuring that critical inventory status for all items is always available. It is also critical for ensuring continuous location awareness and often includes the use of communication gateways where needed so that each tagged item can be tracked anywhere on the premises to within a distance of no more than 5 meters, even in multistory buildings spanning thousands of feet. This combination of software, tags and gateways solves the most difficult retail inventory management problems quickly and with minimal cost.

Solutions with these multiple security layers can be implemented in a modular fashion to meet a wide range of application scenarios using third-party software development kits. The approach also makes it possible to retrofit robust security measures into legacy designs and infrastructures and continuously improve them, up to and including incorporating HSMs later in a solution’s life cycle to optimize how the application layer’s root of trust is implemented.

Organizations now have everything they need to significantly improve security and device authenticity while adding small incremental cost to a variety of automated Industry 4.0 processes, from indoor location awareness solutions to consignment inventory management, retail item tracking, and 360˚ track-and-trace solutions.