Do IIoT Ecosystems Make Variable Frequency Drives (VFD) Systems More Vulnerable to Cyber-attacks?

By Himanshu Shah

Technology Trends

The Industrial Internet of Things (IIoT) is one of today’s hottest topics within the automation and manufacturing industries.  Individuals and organizations that use, service, and/or supply variable frequency drives (also called VFD or AC drives) and other smart, connected devices and systems have high expectations that the IIoT ecosystem will deliver on its promises of added value through increased productivity, predictive maintenance, and reduced asset downtime.     

ARC sees clear business benefits for integrating IIoT as a key component of AC drives.  For example, the process industry applications can benefit by remote management of assets to monitor, control, and/or optimize different components of production equipment controlled by AC drives.  These applications may include: conveyors or lifts, production machinery for processes, and HVAC systems...all controlled by AC drives.

IIoT also enables remote fault detection and management, including identifying which AC drives need to be replaced and enabling remote updating of parameters.  These features save significant time for production recovery. 

While AC drives provided much data even before the IIoT revolution begun, new IIoT-enabled  connectivity, data management, and predictive analytics capabilities further increase customer value.  However, this connected environment also makes AC drives systems more vulnerable due to additional entry points for external attacks. Consequently, successful use of AC drives systems within an overall IIoT ecosystems required, robust cybersecurity.   

If you are a user, ARC would like to learn more about your specific cybersecurity concerns regarding using AC drives systems in the IIoT environment and what steps you have taken to alleviate those concerns?

If you are a supplier of AC drive systems, do you:

  1. Plan security standards for products and systems?
  2. Follow security design practices?
  3. Offer network infrastructure products to help protect access to AC drives?
  4. Ensure that connected devices and users are authentic, and authorized for the operations they are trying to execute?

I invite you to share your concerns, thoughts, and comments in this area based on your knowledge and experience.  You can reach me at


Engage with ARC Advisory Group