https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

IIoT/Manufacturing


Getty Images

Industrial IoT projects require a solid infrastructure

Securing the Industrial Internet of Things

  • Written by Linda Rosencrance
  • 26th February 2021

While organizations design and deploy Industrial Internet of Things efforts, the term is meaningless for security practitioners because Industrial Internet of Things (IIoT) is a concept. It’s difficult for security leaders to protect concepts.

That’s according to Katell Thielemann, VP analyst at Gartner Inc.

“[Security practitioners] need to approach the problem with specifics, understanding that they are dealing with cyber-physical systems that have very specific characteristics and understanding those characteristics is key to defining how to craft a security approach,” she said.

Too often, speed of initial deployment takes precedence over a security strategy that should encompass the entire lifecycle of systems, Thielemann said. Too many organizations bring an IT-centric view to security to industrial environments when it comes to IIoT efforts.

While security operational technology (OT) is gaining executive-level attention and visibility to regulatory authorities, the ability to bring them under full cybervisibility and protection as well as ensuring ongoing vigilance is challenging at multiple levels, said Santha Subramoni, is global head, cybersecurity services at Tata Consultancy Services.

At the foundation level, the threat surface (or area that can be attacked) itself is complex and varied, making asset discovery and integration an enterprise security architecture challenge, Subramoni said. Sensor, edge devices, connectivity along with related data, applications and hosting ecosystems are the core of distributed IIoT ecosystem.

There is a significant prevalence of legacy technologies and proliferation of self-contained networks, outside of enterprise network perimeters, Subramoni said. And the lack of endpoint visibility limits the ability to take preventive measures.

“Organizations need to detect and keep a catalog of vulnerabilities at multiple levels and maintain knowledge and the technology required for the same within the industrial ecosystem, which typically has yet to mature to a manageable scale and reliability,” Subramoni said.

How a Building Materials Maker Is Securing the IIoT

Building materials maker HIL Ltd. took the first step in its digitalization journey and implementing IIoT when it launched digital shop floor technology in four of its manufacturing plants in India, said Murali Raj, HIL’s chief information officer. The digital shop floor connects all machines to one network, optimizing efficiency and quality.

“Now we are moving to the next phase of predictive maintenance,” Raj said. “So we are doing POCs [proofs of concepts] on predictive maintenance and we’re doing POCs on predictive quality as well. So we also need to take care of the security measures.”

On the shop floor, real-time machine parameters are captured through sensors, programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems. The data is then transferred to the cloud through HIL’s IT network where it is analyzed in real time, Raj said. Additionally, the system generates instant alerts that the operations team can use to take corrective action.

“Previously the SCADA systems were existing as an island, not connected to the Internet,” Raj said. “So when you have your manufacturing machines and you have your PLCs on top of that, they acted together in the control room where the supervisor controlled the entire manufacturing [process]. Now, this data has to go outside the network.”

Consequently, HIL had to implement firewalls on the IT side to securely connect to the Internet. To connect its edge devices and sensors to the Internet to transfer data, the company made sure that these devices adhered to appropriate security standards, Raj said. And HIL also had to ensure that its software and firmware were patched and upgraded regularly.

After dealing with the technology, HIL also looked at people and processes.

“Previously, the maintenance engineers, electrical engineers who control the SCADA and PLC and plant didn’t even interact with any of our IT engineers, network engineers, or the leader who was looking at security for the organization,” Raj said.

Now these teams have to come together and understand one another and put a process in place to keep updated on what’s happening in their areas, he said. HIL also trained some of its IT engineers on OT and OT security and asked the plant team to have at least an awareness of cybersecurity.

“We also brought in an outside perspective where EY and Deloitte helped us to put a framework of understanding IT and OT together,” Raj said. “Since this capability was not existing internally within the organization, sometimes bringing in an outside perspective helps.”

On the process front, HIL ensured that IT security measures, such as role permissions, password resets, user access, were also being followed on the OT side.

“So the plant team, which was not used to those kinds of strong procedures, needed to accept them,” he said.

Ensure Critical Devices/Assets Are Tightly Protected

Although attacks on IIoT are less common than IT attacks, their consequences can still be tremendous, including loss of production, revenue impact, data theft, significant equipment damage, industrial espionage and even bodily harm, said Asaf Karas, co-founder and chief technology officer at Vdoo, a provider of automated cybersecurity for connected devices and IIoT.

Therefore, it’s not enough to statistically reduce the number of attacks but to ensure critical devices and assets are tightly protected as soon as they enter production, he said.

Karas offered a few approaches to help organizations improve their IIoT security:

  • Adopt risk and threat management processes specific to their industry environments.
  • Before deploying new devices, ensure they’re secured by design and that no exploitable first- or third-party weaknesses are found in the device code or configuration.
  • Post-deployment, use asset management tools to discover and identify relevant industrial assets
  • Implement endpoint runtime application agents designed uniquely for these devices to ensure ongoing monitoring and protection.

Manage Hyper-Connectivity

The biggest challenge of a lot of the devices today is that they weren’t built with cybersecurity in mind, said Kyle Miller, principal/director, Booz Allen Hamilton. They frequently run off simplified real-time legacy operating systems that don’t support the same level of security protections as traditional IT systems. As a result, they have the potential to increase an organization’s attack surface pretty greatly, he said.

Now these devices are being asked to connect directly from the industrial networks to the enterprise network to the Internet and the cloud, in a lot of cases, Miller said.

“[It’s important] to really manage that hyper-connectivity, the data flows and building out . . . a zero-trust environment where you are really managing what that device can talk to, what it can’t talk to, and in the event of a compromise, to be able to really limit its blast radius,” he said.

Before implementing IIoT systems, organizations should also have a good understanding of what types of risks they’re taking on, said David Forbes, principal/director, Booz Allen Hamilton.

To get this understanding, a company must get the current security posture of its vendors, the solutions and the software implementation as well as the devices that it’s implementing on its IIoT network, Forbes said.

For example, when an organization implements third-party vendor technologies, it needs to ask vendors questions such as:

  • Have they built their own software on a secure platform?
  • Are they using encrypted communications where necessary?
  • Are there access control features in place?

“That’s very important in understanding the risk and how you’re willingly changing the threat landscape of your network by taking on these IIoT systems,” Forbes said.

Enterprises have to ensure that these IIoT devices and systems are segmented off, where appropriate, from other IT and OT networks, he said. These devices should be tightly controlled to ensure that they can remain protected but also so that one attack vector can’t create access to another.

Organizational Cyber-Hygiene

“Those are organizational things,” Forbes said. “I think really what we’re seeing and when you look at the findings in some of these breaches and attacks, a lot of it traces back to organizational cyber-hygiene and discipline and protocols that may or may not have been put in place to begin with.”

Industrial environments are a new frontier for bad actors and all indications are that they are increasingly targeting these environments.

In 2020, there was a significant increase in vulnerabilities and threats targeting industrial environments, according to Thielemann. And it’s not surprising considering that enterprises create value through operations.

“Whether for industrial espionage or to attempt ransomware, these environments are the crown jewels for most companies,” she said. “[T]his is not about security compliance; it’s about business resilience.”

To address these challenges, organizations have to understand the key characteristics of the IIoT efforts under consideration, Thielemann said. For example:

  • What are the business outcomes sought by the efforts?
  • Where will the IIoT systems be deployed?
    • Who will have access to them, both in the physical and cyber worlds?
    • How will they be architected?
  • What security solutions will come embedded versus will need to be layered?
  • Will vendors need to remote in for maintenance or upgrades?
  • Will data flows go through existing networks? Wirelessly?

“Organizations have to take a lifecycle view of IIoT efforts,” she said. “From requirements design to purchasing, deployment, maintenance and retirement, security considerations must be considered at each step.”

Security leaders need to realize that industrial environments are very different from enterprise-centric IT environments, Thielemann said. For example, considerations of physical location constraints, operational resilience or even safety, need to be part of the security strategy. Companies need to alter their IT-centric security approaches to account for these environments as well as their approaches to patching, monitoring and authentication.

Typically, IIoT is under the purview of engineering and production departments rather than IT, said Subramoni.

“However, there needs to be organization and oversight of transformation along with technology modernization,” she said. “Most enterprises will need trusted technology and systems integration partners to scale on demand and manage the costs of protecting industrial systems. This is a fast-evolving need and the technology community is gearing up to the challenge.”

 

 

Tags: IT/OT integration IIoT/Manufacturing Technologies

Related


  • HPE Edgeline Converged Edge Systems
    Converged OT and enterprise IT in a single rugged system for the edge
  • smart manufacturing
    Smart Factory Technology Upgrades: 5G, Cybersecurity Dominate
    Forrester's An expert says that smart factory technology investments while focusing on solving tangible problems.
  • At Microsoft Ignite: How IoT and Robotics Are Driving Industry 4.0
    Microsoft ignite laid bare the gathering steam of robotics given the reduced price of hardware and the increasing sophistication of AI.
  • Steam monitoring
    IoT Remote Monitoring Helps Enterprises Traverse COVID-19 and Beyond
    IoT remote monitoring has helped enterprises turn to remote operations and remote monitoring capabilities I the wake of social distancing requirements.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Drone Technology Extends Reach of Mobile IoT
  • Smart and Flexible Automotive and Tire Production
  • Industry 4.0 Embraces 5G As Need for Real-Time Manufacturing Data Mounts
  • Enterprises Embrace Ecosystems for Smart Manufacturing Success

News

View all

Webex Collaboration Banks on Hybrid Workplace Model at Cisco Live 2021

2nd April 2021

Cisco Enlists Networking Automation, CX Cloud in COVID-19 Response

31st March 2021

White Papers

View all

Telehealth and COVID Infographic

30th March 2021

Medical Supply Chain Management with Smart Devices and Sensors

30th March 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

Embedded IoT World 2021

28th April 2021 - 29th April 2021

The Virtual Industrial AI Summit

29th June 2021 - 30th June 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

IoT Enterprise Deployments Continue Apace, Despite COVID-19 dlvr.it/RxWwsS https://t.co/BSkxdf17vs

12th April 2021
IoTWorldToday, IoTWorldSeries

🥳Happy #IoTDay! How are you celebrating? We're giving $50 off All Access Passes to join our upcoming virtual event,… twitter.com/i/web/status/1…

9th April 2021
IoTWorldToday, IoTWorldSeries

🎉 Announcing #EIOTWORLD sponsor, @InnoPhaseinc — a fabless wireless semiconductor platform company specializing in… twitter.com/i/web/status/1…

8th April 2021
IoTWorldToday, IoTWorldSeries

Digital Health Infrastructure Benefits From Cloud-to-Edge Architecture dlvr.it/RxBwQ4 https://t.co/AILVdUVWDA

7th April 2021
IoTWorldToday, IoTWorldSeries

Meet the #EIOTWORLD keynote lineup: Google, Facebook, Linux Foundation, STMicroelectronics, Antmicro, OpenHW Group,… twitter.com/i/web/status/1…

6th April 2021
IoTWorldToday, IoTWorldSeries

Network Data Analytics Supports Back-to-Work Health and Safety dlvr.it/Rx5xlL https://t.co/VvxxpdUMJ3

6th April 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X