Securing the Smart Connected Kitchen - and Facility
As more and more equipment in Food Service organizations is connected to the Internet, more attention needs to be paid to security. Each piece of equipment represents a potential target of a cyberattack; as the number of connected units increases, so does the security risk.
There have been multiple reports of security breaches associated with connected equipment, covering consumers, corporations, retail stores, manufacturing facilities, and even medical facilities. The latter could be particularly frightening if hackers are able to control medical equipment.
But there should be similar concerns in Food Services as well. Hackers could potentially get into the local network by hacking a piece of connected kitchen equipment. If the hacker gains control of an oven, for example, that could have serious consequences in terms of food safety.
Powerhouse Dynamics offers the industry-leading Open Kitchen platform for connecting and managing kitchen equipment. As Powerhouse has continued to expand Open Kitchen, which today connects with more than 10,000 pieces of kitchen equipment in North America, as well as HVAC equipment, hot water heaters, irrigation systems, and more, we have continued to pay significant attention to the challenge of IoT-related security.
This began with receiving PCI Level 1-certification as far back as 2015 – the first (if not the only) company providing an IoT-based platform to Food Service and Retail to do so. This is the Data Security Standard created by the Payment Card Industry to ensure that credit card information is maintained safely. Level 1 is the highest standard available and is required, for example, for a company Point of Sales system that processes more than six million transactions a year.
In 2020 Powerhouse introduced another component to its security strategy. The Secure Access Point (SAP) consolidates network traffic of connected devices into a single point so that each piece of equipment does not need to independently connect to the local network. The SAP is the only device that connects to the local network – via Ethernet, with a segregated VLAN recommended.
The SAP is factory-provisioned with an X.509 Client Certificate, ensuring that the SAP and Cloud connections have full two-way authentication. To further ensure security, all traffic also goes through a VPN connection (OpenVPN v2.4.5) directly to the Open Kitchen Cloud. Connectivity is via a secure, hidden SSID interface which is unique to each SAP unit and the data is fully protected using SSL with both Server and Client-side SSL certificates.
Most recently, Powerhouse introduced another layer to its security strategy – ConnectWare. ConnectWare takes the burden of embedding radios inside of kitchen equipment off the plates of the OEMs by delivering a radio module – supporting multiple protocols – that can simply be plugged into ConnectWare-compatible equipment units in the field.
For the Wi-Fi radio module, Powerhouse selected the Azure Sphere chipset produced by Microsoft. The Azure Sphere Security Service supports authentication, software update, and error reporting over secured cloud-to-device and device-to-cloud channels, delivering a secure communications infrastructure. This creates added security. If a company were to decide to connect the ConnectWare module directly to the local network, then Azure Sphere provides a level of security by itself. ConnectWare can connect to any location in the cloud, not just Open Kitchen; in cases where a company decides to connect to another cloud location, Azure Sphere can contribute to the overall security.
We are beginning to see a rapid uptake of connected equipment in the Food Services industry. Giving security the attention it deserves will become even more important as this expansion continues to accelerate.