Safeguarding Industrial IoT: A rising security challenge – Part 1

Trevor Daughney, VP of Product Marketing at Exabeam

The Fourth industrial revolution has unleashed a myriad of opportunities for organisations eager to leverage a new generation of connected Industrial Internet of Things (IIoT) devices and reap the rewards of enhanced data sharing, operational efficiencies, and productivity, says Trevor Daughney, vice president of product marketing at Exabeam

Around the globe, cities are deploying innovative ‘smart’ technologies to connect everything from power grids to transport infrastructures in a bid to improve the quality of citizens’ lives. Healthcare is another sector that’s quickly adopting IoT technology to streamline care delivery and give patients more control over their treatment. Meanwhile, manufacturers are rapidly upscaling their smart factory investments, utilising everything from programmable logic controllers (PLCs) and embedded systems to IIoT devices in their production facilities.

As a result, connected operational technologies (OT) are rapidly becoming the backbone of modern commercial automation solutions, business operations and critical infrastructure. However, the rapid proliferation of such devices has opened the door to external security threats.

Indeed, a recent 2019 study by the Ponemon Institute reveals how OT environments used to run critical utilities like electricity and water are now top targets for cyber attackers looking to cause “severe” damage. With 54% of utility companies saying they expect an attack in 2020, the digitalisation of OT assets represents a clear and present danger when it comes to protecting critical infrastructure and initiating cyber resilience that works.

Similarly, according to a recent smart factory report by Deloitte and MAPI (Manufacturers Alliance for Productivity and Innovation) cyber threats now represent a growing menace for manufacturing companies looking to converge IT and OT across their operations.

The trouble with digital transformation

Until recently, the risk posed by the adoption of IP-based connectivity in industrial environments was largely overlooked. In the past, legacy control systems had specific functions and were often unconnected to other systems, which made attacks unlikely and difficult to achieve. This complacency resulted in the rise of the notion that industrial assets are immune to cyber attack if they are isolated from the Internet or other vulnerable corporate networks.

However, the infamous Stuxnet worm attack carried out on an Iranian nuclear facility proved a major wakeup call for industrial enterprises across a range of industries. Designed to bypass standard network security programmes, Stuxnet reprogrammed nuclear centrifuges to perform cycles that resulted in them disintegrating.

It was an attack that demonstrated how adopting IP-based connectivity between industrial systems also results in increased exposure to highly complex and sophisticated cyberattacks. Simply put, IIoT devices often have native integration with IP networks. While this helps to streamline operational tasks, it also means that everything else that’s connected is now a vulnerable soft target for global cyberthreats – in much the same way as standard IT devices.

Mind the security gap: the IT and OT disconnect

It’s not just IIoT devices that are being exploited within OT systems. Historically, cyberattacks have targeted IT assets that enable business operations, like computers and mobile devices, for data theft. However, cyberattacks against IT devices – including networks and systems that transmit or distribute power to an OT system – can be triggered to hijack the control systems that operate critical infrastructure. The result of such hacks will be physical damage, widespread outages, and the loss of operational data.

This poses a significant challenge for organisations where IT and OT leaders have, until now, operated in independent silos. A less than ideal scenario if organisations are leveraging IoT devices that need to be integrated to – and then managed – using existing IT network infrastructures.

The growing convergence of IT and OT security means every organisation needs to gain an integrated overview of global security aspects and vulnerabilities in a bid to prevent infiltration that could result in the destruction of critical infrastructure or data loss.

It’s time to apply industrial cyber security

From the automotive industry to smart cities and big pharma, organisations with IIoT and IT devices within their OT systems need to evaluate exposure and maximise their ability to quickly detect, respond to and mitigate attacks. However, providing device security can be challenging – especially since IIoT and IT devices are inherently different, and IIoT devices were never designed to integrate with security management tools. In my next article, I’ll explore these challenges together with the frameworks and solutions that organisations can apply to achieve industrial cyber security that works.

The author is Trevor Daughney, vice president of product marketing at Exabeam

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Workz debuts unrestricted IoT device management

Posted on: May 3, 2024

Workz, a cloud-based eSIM vendor, has launched its new remote device management solution designed for the Internet of Things (IoT) industry. The platform eliminates the restrictions associated with traditional technologies

Read more

Itron improves Temetra platform for water utilities in Australia and New Zealand

Posted on: May 2, 2024

Itron expands the capabilities of its Temetra platform in Australia and New Zealand to include NB-IoT communications, enabling digital transformation for water utilities. Temetra’s comprehensive offering includes metre data processing,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more