https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

Cybersecurity

Security-by-Design Principles Are Vital in Crisis Mode

It’s easy to lose sight of security-by-design principles when in a near panic, but the long-term costs of doing so can be severe.  
  • Written by Brian Buntz
  • 7th April 2020

“If you fail to plan, you are planning to fail.”  —Modern proverb

With so much focus on the short-term COVID-19 disruptions, there has been less discussion about its long-term ramifications for technology adoption.

One likely scenario is that the pandemic drives a long-term increase in automation and remote management of assets ranging from industrial machines to heating ventilation and air-conditioning (HVAC) systems to supply chains. In health care, a long-term uptick in virtual care and telehealth is likely. While many organizations with budget pressures have suspended operations, the pandemic will pave the way for better-positioned organizations to automate processes.

In early March, companies began to rethink business processes and other operations after the World Health Organization classified COVID-19 as a pandemic. Most obviously, there has been a “huge uptick in reported users of Slack and Microsoft Teams for collaboration,” said Chris Kocher, managing director of Grey Heron, a management consulting firm. Teleconferencing vendors have also seen rapid gains. “Teladoc for telehealth has also seen huge growth,” Kocher added.

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

Remote access to industrial control systems (ICS) has also increased recently, following a dropoff during the past few years, according to Shodan data. In the U.S. alone, there are now nearly 50,000 ICS devices connected to the internet. The use of remote desktop protocol, which allows Windows users to manage workstations or servers remotely, has also ticked up, after the protocol began to fall out of favor in late 2019 as a result of security vulnerabilities. 

Many industrial organizations already have “basic-level remote monitoring in place,” said Yasser Khan, CEO of One Tech. Such relatively simple capabilities sufficed when workers could still inspect machines in person. But because many facilities have been pared down to skeleton crews, their priorities have shifted. Plant managers are increasingly looking to “determine how they can gain further insight into the health of their machines, remotely,” Khan said. 

Many organizations are also rethinking disaster recovery planning, according to Nitin Kumar, chief executive officer at Appnomic. “Often what happens when a natural disaster or a computer virus hits an organization and its systems go down, you switch to a sort of manual mode,” Kumar said. “Business continues, but at a slower rate.” But COVID-19 is not a normal disaster. “Now, your manual and demand capacity have gotten hit and your system capacity is choked or inaccessible. So you need more systems or automation — not more personnel.” Organizations that can afford to expand automation are likely to do so as they rethink their disaster recovery planning and business continuity planning.   

The spread of connectivity and automation is nothing new, of course. In 2016, security guru Bruce Schneier observed that human intervention is increasingly unnecessary. “The Internet now senses, thinks, and acts,” he wrote. “We’re building a world-sized robot, and we don’t even realize it.” Schneier concluded that it is vital to consider what he termed a “new world-spanning robot.” 

Although software’s societal role has been expanding for decades, the security ramifications of a world with widespread automated or semi-automated IoT-enabled devices could be profound. “Computers have a tremendous amount of power for helping our lives and making it better, but the more complex the system, the more things that can go wrong,” said Kate Stewart, senior director of strategic programs at the Linux Foundation. “We have to try to figure out how to understand what can go wrong, mitigate the harm and increase software dependability.”

Secure by Design

Traditional cybersecurity concepts such as security by design sometimes fall by the wayside when organizations are in crisis response mode. COVID-19 is “going to make adhering to secure-by-design principles challenging,” said John Loveland, global head of cybersecurity strategy at Verizon. “Everybody is moving very quickly.” As organizations move to expand remote working and automation capabilities during the crisis, they are more likely to make mistakes. “You can’t let either the technology or the new business processes outpace the security behind it. You need to ensure that your internal security team is a part of every decision you make regarding new technology, processes or ways of working.”

Experts recommend making security a consideration at the earliest possible stage when planning on technology deployments. “Make sure you bring in the stakeholders, the business as well as the operators into security discussions,” recommended Bob Martin, co-chair of the Software Trustworthiness Task Group at Industrial Internet Consortium. 

“You need to consider [security] as one of the primary aspects of any solution and, like the foundations of a house, everything else is built on top of that,” said Andrew Jamieson, director, security and technology at UL. Organizations that neglect to build a correct foundation risk rebuilding it or “at least spend a great deal of time and effort fixing something that could have been much more easily remedied earlier on,” Jamieson said. 

Still, it is unlikely that security-by-design principles will top the priority list as organizations abruptly move toward remote working, remote control of assets and possibly expand automation capabilities. “That is indeed a huge security issue, even when using secure technologies because there is no time to apply them securely,” said Frank Hißen, an independent security consultant. 

Security-by-design principles often incorporate an array of hardware and technology pieces. Assembling them can be something of a puzzle. “Sometimes vendors selling the ‘puzzle pieces’” that make up a deployment lack adequate security measures, said Chris Catterton, director of solutions engineering at One Tech. Expanding the scope of remote access capabilities of an IoT deployment heightens the need to “include security at the end points as well as at the system level, whether via the Cloud or on-premise systems accessed through VPN,” Catterton said.

Finding and Refinding Security Balance

While building security features into products and processes is vital, it isn’t possible to anticipate every possible future threat. “You can’t always make design decisions about security early on in a project and have those stay valid,” Jamieson said.

There’s often a tension between adding new features to software and ensuring it is kept safe to use and secure. “There are a lot of features that show up on our cell phones that randomly crash and the consequences, while annoying, aren’t life threatening,” Stewart said. “We’re increasingly seeing open source be used in applications where, if the software is not dependable, it could hurt someone.”  

Ultimately, securing systems boils down to resilience and agility. “If you build only for resilience, you are going to be in trouble” when new security vulnerabilities surface,” Jamieson said. “So in today’s world you also need agility: the ability to quickly change, patch, update or otherwise refactor systems when things change.” 

Agility in security also connects to security-by-design principles. “You need to bake in security from the outset, and that security approach needs to include aspects of resilience and agility,” Jamieson said. “If you don’t design for security, you are designing for failure.” 

 

Tags: IT/OT integration Security services IIoT/Manufacturing Security Internet of Things World 2020 Conference Coverage

Related


  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Drone Technology Extends Reach of Mobile IoT
    Drones are expanding the reach of mobile IoT and can be a low-cost and less dangerous way to address issues in the field.
  • Precision of Digital Twin Data Models Hold Key to Success
    As the industrial sector turns to digital twin technology for operational efficiency, digital twin data model accuracy is key to success of digital replicas.
  • IoT App Development Gets Agility Boost From Container Technologies
    IoT app development has clamored for greater agility, productivity and security. Container technologies can realize those benefits.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT World Announces In-Person 2021 Event
  • Enterprises Embrace Ecosystems for Smart Manufacturing Success
  • IoT Spending Is a Mixed Picture in 2020
  • Five Principles in a Zero-Trust Security Approach to IoT

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart and Flexible Automotive and Tire Production

20th December 2020

Unlock the Potential of Digital Transformation in Oil & Gas

15th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

The DOD turned to #kubernetes #containers for #IoTdevelopment to brace for rapid change. dlvr.it/RqzsLz https://t.co/t8W7coEdZN

20th January 2021
IoTWorldToday, IoTWorldSeries

Food for thought: Food and Beverage Industry eBook @ROKAutomation dlvr.it/Rqz00T https://t.co/Z3y18vuozF

20th January 2021
IoTWorldToday, IoTWorldSeries

Facility of the Future dlvr.it/Rqyzvm https://t.co/ytpsOUTtGP

20th January 2021
IoTWorldToday, IoTWorldSeries

A new day in automotive production #digitalmanufacturingsolutions @ROKAutomation dlvr.it/RqyrNS https://t.co/yxPFrBZGVg

20th January 2021
IoTWorldToday, IoTWorldSeries

Unlock the potential of digital transformation in Oil & Gas @ROKAutomation dlvr.it/RqyrBV https://t.co/kzHcGjf2OK

20th January 2021
IoTWorldToday, IoTWorldSeries

.@Airbus’s #datdriven #digitaltransformation focused on getting its existing data in order rather than just gatheri… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#EdgeNLP enables devices to do much more #NLP locally that better approximates human conversation.… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#Supplychain analytics, #digitaltwins and other tools are key to predicting COVID-19-style disruption in the supply… twitter.com/i/web/status/1…

18th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X