Opportunities and challenges for the North East’s chemical processing industry underpinned the NEPIC Digitalisation and Cyber Security Conference in December 2022.

The conference focused on how digital solutions can accelerate growth and create business opportunities within the region’s chemical, process and pharmaceutical sectors and ways in which the North East is embracing digitisation and protecting itself from cyber-attacks.

A range of topics were discussed alongside cyber-security, including automation and robotics, artificial intelligence and machine learning, through to immersive technology, digitalisation and workplace culture, all in a bid to contextualise the opportunities, benefits and challenges digitalisation presents the sector.

With the energy crisis, skills shortage and race to net zero all placing additional pressures upon the industry, the adoption of innovative, digital technologies can help companies stay ahead of the curve.

Paul Armstrong, UK managing associate at international law firm Womble Bond Dickinson (WBD) led a discussion around the regulating the Internet of Things (IoT) in the manufacturing space, setting the scene against the wider backdrop of cyber-security risk. With manufacturing and technology comprising some of WBD’s most active client sectors, in relation to advising on cyber safety, IT, privacy and data issues; Paul was well placed to share insights in his talk titled: Regulating the Internet of ‘vulnerable’ Things. The discussion considered what regulation means for the wider manufacturing industry currently, the benefits, challenges and what the UK and other countries are doing to mitigate risks associated with The Internet of Things.

The benefits

Paul opened the session with an overview on the Industrial Internet of Things (IIOT), commenting: “Essentially the IIOT are SMART devices used to create business efficiencies. The benefits to using smart devices in industry are considerable; they can provide hugely valuable insights from logistics, supply chain management, human resource, and production. These devices tend to be far better than humans at capturing and analysing real time data, they are also better at communicating important information to help drive business decisions faster and more accurately. IIOT holds great potential for quality control, for sustainability and green practices, supply chain traceability and overall supply chain efficiency and is often key to processes such as predictive maintenance, enhanced field service, energy management and asset tracking.”

Paul went on to provide examples of the IIOT's real world applications, with a particular focus on manufacturing, automotive and logistics. For instance, in manufacturing, IIOT devices can predict machine failure before it happens, reducing production overtime. Elsewhere in logistics, IIOT can assist with supply chain management enabling, for example, shipping companies using devices to track assets and optimise fuel consumption. In automotive, sensor-driven analytics and robotics increase efficiency in manufacturing meaning diagnostics can be carried out more rapidly while replacement parts are ordered automatically.

Considering the risks – security first

Paul explained: “Despite the considerable positives deploying SMART devices in an industrial setting can bring, risks remain. Systems failures can result in high risk or even life-threatening situations.

“Despite their sophistication, one of the biggest risks associated with IIOT devices is their security vulnerabilities. For example, it’s relatively common for IIOT devices to continue using default passwords even after they have been placed in production and many devices transmit data as clear text. It is also relatively easy for an attacker to intercept the data coming from an IIOT device and take over to use it to launch an attack against other network resources."

Whether the associated risks will put SMEs and manufacturing businesses off implementing IIOT devices was a talking point amongst delegates, to which Paul commented: “Most definitely this will have an impact on decision making, this forms part of a broader issue facing manufacturers looking to do any form of digitisation. It can be costly and time intensive to implement a digital solution, and that’s before factoring in the associated risks. It is crucial business owners have trust in the vendors they are working with to bring this process to fruition.”

Regulation – what’s in place currently?

Paul expanded: “Regulation isn’t the only way to mitigate risk, but it can be helpful. The IIOT isn’t currently regulated in the UK but we’re beginning to see standards put in place.

“Here in the UK, a Product Security & Telecoms Infrastructure Bill exists, although it is limited in scope with the emphasis being more on the IOT in the consumer sphere. So, from an industrial perspective, it isn’t hugely helpful, but the measures are indicative of what might come further down the line in an industrial setting.”

Product security

The EU – a broader scope for regulation

Paul went on to explain how the EU and US are currently approaching regulation.

“The EU is at a proposal stage with a draft proposal for a Cyber Resilience Act, which will potentially be more beneficial than the current UK offer as the scope is broader, extending protection to consumers and businesses."

“Users of IIOT devices would be provided with a lot more documentation, giving more transparency between them and the vendor. The Act also requires more external reporting from device developers and end users, including notifying ENISA of any actively exploited vulnerability contained in, or any incident having an impact on the security, of their product.”

Cyber resilience act

The US – a more fragmented picture

The picture is more fragmented over in the US, as Paul went on to discuss: “The US has no federal law regulating the IoT or privacy law generally. Instead, it has a patchwork of laws that may regulate companies using this technology. California and Oregon for example have IoT technology specific laws, but the extent to which other existing and new state privacy laws will regulate the IoT will largely depend on the nature of the data being processed by the smart devices in question.

Fragmented picture

Key takeaways

Paul summarised: “The regulatory framework is immature and fragmented with a consumer bias in the UK, few relevant global risk standards are in place, and harmonisation across the EU and US is still a work in progress.

“IIOT devices are here to stay and bring real benefits – they can decrease production costs and increase revenue streams, but the security risks associated with their use must be understood and mitigated wherever possible” he concluded.

To hear more about the current position of the region’s tech sector, recent and upcoming inward investment opportunities and how the North East is leading the way by using digital for good, join WBD and other hosts for a panel event at The Catalyst, Newcastle Helix on Wednesday 8 February 2023 to discuss the North East digital sector: 2023 outlook.

This article is for general information only and reflects the position at the date of publication. It does not constitute legal advice.