Before incorporating security mechanisms in our industrial network, it is important to have certain knowledge of said mechanisms, as well as the advantages they offer with regards other options available in the market. In this case, we will talk about Blockchain, a technology trend that provides certain security and privacy levels thanks to its implementation; but what exactly is Blockchain? This article describes the potential advantages of the incorporation of this technology in industrial environments from a theoretical point of view.
We could understand Blockchain as a decentralised database that can be accessed by many people. This database contains various registries (blocks) that are linked and encrypted to protect the security and privacy of the exchanges of information. These registries (blocks) meet a fundamental requirement: that the people (nodes) verify the exchanges of information made for the subsequent registration of this transaction in the database. If we extend this concept to the industrial sphere, we would be talking about a decentralised database that contains information relating to numerous industrial devices that coexist on the OT network and that can be trusted, as we know that they are genuine thanks to an asset inventory that has been previously made. The aim of this technology is to incorporate an additional security layer for the authentication of devices within a network because, as many devices have to evaluate the incorporation of a new device, it is more complex to conduct attacks misleading such an amount of devices at a time in order for them to believe that the device to be incorporated is genuine.
At this point, it is important to bear in mind the difference between decentralised and distributed systems. A decentralised system has a structure of nodes where the information between the node that initiates the communication and the node that receives said information goes through intermediate nodes. Instead, distributed systems also have a node structure, but in this case, the communication between the node that initiates the communication and the node that receives it is made directly
Blockchain in industry 4.0
The main problems that industry 4.0 and IIoT have to face are related to authentication, communication and availability problems. Some examples of these problems are:
- Authentication: Malicious devices authenticated in the network.
- Communications: Non-genuine communications, with malformed packets or anomalous communications for the traffic that is normally shared.
- Availability: Loss of communications that cause a denial of service.
The use of the Blockchain technology may solve these and other problems in the interconnected world we currently live in and, specifically, within industry 4.0. These improvements include:
- Confidence: Many of the devices incorporated in the industries interact with each other. This interaction should be based on confidence when they communicate with each other. An example that best shows this confidence is that of mesh networks that use Zigbee communications. A feasible alternative would be the use of Blockchain to verify that all the devices of the network exchange information and are also genuine.
- Smart coordination: As availability plays a key role in industrial environments, the coordination – both of the devices and of the machines that make up the industrial network – is vital so the availability is not lost. Blockchain can provide an optimum coordination in M2M communications. Thanks to a smart coordination of the devices, an industrial network could be set so when a PLC is not working properly another device comes into operation without losing the availability during the process. It is noted that unavailability in an industrial process can translate into economic losses of millions.
- Auditable: To record the actions executed in an industrial network to prevent possible anomalies or detect potential exploitation of vulnerabilities is other of the greatest challenges that the industrial networks face, given the amount of devices and communications that can exist within this type of network. Thus, Blockchain can create track records of the reliable networks in which all the devices that communicate in these networks have been previously verified.
- Standardisation of communications: Another of the main applications of the incorporation of Blockchain in the industry has to do with communication standards. In the industrial environments there are numerous devices and they are rarely made by the same manufacturer. Thus, there is not a standardised format when using a certain communication protocol. There is where Blockchain prevails, as it would allow for a protocol without a proprietary and open format to be used so all the devices can communicate with each other, regardless of their manufacturer.
- Integration of devices: Adding devices to the industrial network has always been a challenge for integrators and those responsible for the network. To overcome this challenge where the devices have to trust each other and establish certain communications, Blockchain can be a great alternative to track records where information of genuine devices are kept and these records are used to monitor all the active devices in the network.
With regards distributed infrastructures, the use of Blockchain would entail a significant progress as the devices are dispersed and this security measure could help control all the devices in the network in a more secure and efficient manner, regardless of their location.
Another factor that must be taken into account when listing the benefits of Blockchain in industrial networks is the elimination of intermediaries, in this case people; one of the weakest links with regards cybersecurity. Using Blockchain could avoid this, performing transactions without human intervention.
Thanks to these benefits, we would avoid some attack vectors that could generate security incidents in industrial environments, minimising their exposure to attackers with access to the network. Some of the most showy attacks and that are relatively recent, such as Mirai, could have been avoided using Blockchain. The use of confidence nodes would not have avoided the infection of a device, but it would have shortened its capacity for propagation.
The inclusion of Blockchain in the industry can seem futuristic, but it is possible and could provide a security layer that is currently a challenge for many companies. While it is true that the devices must have the power and capacity to implement this technology, it should not be forgotten that Blockchain could be used in networks composed by devices with low power, where availability prevails over other factors.
Given the amount of devices that are currently being incorporated in industries to provide more intelligence to the processes, the use of Blockchain as a means of standardisation of the communications could also make the lives of the people in charge of the networks and devices in industrial environments much easier.
As we have seen, one of the key aspects of Blockchain is its decentralised system based on confidence between nodes. Given the p2p nature of Blockchain, this feature would allow inefficiencies in communication, scalability problems and bottlenecks towards central nodes to be reduced.
If one of the main problems in industrial environments is the monitoring of devices in a network, why not benefit from the incorporation of this technology to create a 'white list' where only reliable devices are registered?