https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

IIoT/Manufacturing


Getty Images

Industrial IoT projects require a solid infrastructure

Securing the Industrial Internet of Things

  • Written by Linda Rosencrance
  • 26th February 2021

While organizations design and deploy Industrial Internet of Things efforts, the term is meaningless for security practitioners because Industrial Internet of Things (IIoT) is a concept. It’s difficult for security leaders to protect concepts.

That’s according to Katell Thielemann, VP analyst at Gartner Inc.

“[Security practitioners] need to approach the problem with specifics, understanding that they are dealing with cyber-physical systems that have very specific characteristics and understanding those characteristics is key to defining how to craft a security approach,” she said.

Too often, speed of initial deployment takes precedence over a security strategy that should encompass the entire lifecycle of systems, Thielemann said. Too many organizations bring an IT-centric view to security to industrial environments when it comes to IIoT efforts.

While security operational technology (OT) is gaining executive-level attention and visibility to regulatory authorities, the ability to bring them under full cybervisibility and protection as well as ensuring ongoing vigilance is challenging at multiple levels, said Santha Subramoni, is global head, cybersecurity services at Tata Consultancy Services.

At the foundation level, the threat surface (or area that can be attacked) itself is complex and varied, making asset discovery and integration an enterprise security architecture challenge, Subramoni said. Sensor, edge devices, connectivity along with related data, applications and hosting ecosystems are the core of distributed IIoT ecosystem.

There is a significant prevalence of legacy technologies and proliferation of self-contained networks, outside of enterprise network perimeters, Subramoni said. And the lack of endpoint visibility limits the ability to take preventive measures.

“Organizations need to detect and keep a catalog of vulnerabilities at multiple levels and maintain knowledge and the technology required for the same within the industrial ecosystem, which typically has yet to mature to a manageable scale and reliability,” Subramoni said.

How a Building Materials Maker Is Securing the IIoT

Building materials maker HIL Ltd. took the first step in its digitalization journey and implementing IIoT when it launched digital shop floor technology in four of its manufacturing plants in India, said Murali Raj, HIL’s chief information officer. The digital shop floor connects all machines to one network, optimizing efficiency and quality.

“Now we are moving to the next phase of predictive maintenance,” Raj said. “So we are doing POCs [proofs of concepts] on predictive maintenance and we’re doing POCs on predictive quality as well. So we also need to take care of the security measures.”

On the shop floor, real-time machine parameters are captured through sensors, programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems. The data is then transferred to the cloud through HIL’s IT network where it is analyzed in real time, Raj said. Additionally, the system generates instant alerts that the operations team can use to take corrective action.

“Previously the SCADA systems were existing as an island, not connected to the Internet,” Raj said. “So when you have your manufacturing machines and you have your PLCs on top of that, they acted together in the control room where the supervisor controlled the entire manufacturing [process]. Now, this data has to go outside the network.”

Consequently, HIL had to implement firewalls on the IT side to securely connect to the Internet. To connect its edge devices and sensors to the Internet to transfer data, the company made sure that these devices adhered to appropriate security standards, Raj said. And HIL also had to ensure that its software and firmware were patched and upgraded regularly.

After dealing with the technology, HIL also looked at people and processes.

“Previously, the maintenance engineers, electrical engineers who control the SCADA and PLC and plant didn’t even interact with any of our IT engineers, network engineers, or the leader who was looking at security for the organization,” Raj said.

Now these teams have to come together and understand one another and put a process in place to keep updated on what’s happening in their areas, he said. HIL also trained some of its IT engineers on OT and OT security and asked the plant team to have at least an awareness of cybersecurity.

“We also brought in an outside perspective where EY and Deloitte helped us to put a framework of understanding IT and OT together,” Raj said. “Since this capability was not existing internally within the organization, sometimes bringing in an outside perspective helps.”

On the process front, HIL ensured that IT security measures, such as role permissions, password resets, user access, were also being followed on the OT side.

“So the plant team, which was not used to those kinds of strong procedures, needed to accept them,” he said.

Ensure Critical Devices/Assets Are Tightly Protected

Although attacks on IIoT are less common than IT attacks, their consequences can still be tremendous, including loss of production, revenue impact, data theft, significant equipment damage, industrial espionage and even bodily harm, said Asaf Karas, co-founder and chief technology officer at Vdoo, a provider of automated cybersecurity for connected devices and IIoT.

Therefore, it’s not enough to statistically reduce the number of attacks but to ensure critical devices and assets are tightly protected as soon as they enter production, he said.

Karas offered a few approaches to help organizations improve their IIoT security:

  • Adopt risk and threat management processes specific to their industry environments.
  • Before deploying new devices, ensure they’re secured by design and that no exploitable first- or third-party weaknesses are found in the device code or configuration.
  • Post-deployment, use asset management tools to discover and identify relevant industrial assets
  • Implement endpoint runtime application agents designed uniquely for these devices to ensure ongoing monitoring and protection.

Manage Hyper-Connectivity

The biggest challenge of a lot of the devices today is that they weren’t built with cybersecurity in mind, said Kyle Miller, principal/director, Booz Allen Hamilton. They frequently run off simplified real-time legacy operating systems that don’t support the same level of security protections as traditional IT systems. As a result, they have the potential to increase an organization’s attack surface pretty greatly, he said.

Now these devices are being asked to connect directly from the industrial networks to the enterprise network to the Internet and the cloud, in a lot of cases, Miller said.

“[It’s important] to really manage that hyper-connectivity, the data flows and building out . . . a zero-trust environment where you are really managing what that device can talk to, what it can’t talk to, and in the event of a compromise, to be able to really limit its blast radius,” he said.

Before implementing IIoT systems, organizations should also have a good understanding of what types of risks they’re taking on, said David Forbes, principal/director, Booz Allen Hamilton.

To get this understanding, a company must get the current security posture of its vendors, the solutions and the software implementation as well as the devices that it’s implementing on its IIoT network, Forbes said.

For example, when an organization implements third-party vendor technologies, it needs to ask vendors questions such as:

  • Have they built their own software on a secure platform?
  • Are they using encrypted communications where necessary?
  • Are there access control features in place?

“That’s very important in understanding the risk and how you’re willingly changing the threat landscape of your network by taking on these IIoT systems,” Forbes said.

Enterprises have to ensure that these IIoT devices and systems are segmented off, where appropriate, from other IT and OT networks, he said. These devices should be tightly controlled to ensure that they can remain protected but also so that one attack vector can’t create access to another.

Organizational Cyber-Hygiene

“Those are organizational things,” Forbes said. “I think really what we’re seeing and when you look at the findings in some of these breaches and attacks, a lot of it traces back to organizational cyber-hygiene and discipline and protocols that may or may not have been put in place to begin with.”

Industrial environments are a new frontier for bad actors and all indications are that they are increasingly targeting these environments.

In 2020, there was a significant increase in vulnerabilities and threats targeting industrial environments, according to Thielemann. And it’s not surprising considering that enterprises create value through operations.

“Whether for industrial espionage or to attempt ransomware, these environments are the crown jewels for most companies,” she said. “[T]his is not about security compliance; it’s about business resilience.”

To address these challenges, organizations have to understand the key characteristics of the IIoT efforts under consideration, Thielemann said. For example:

  • What are the business outcomes sought by the efforts?
  • Where will the IIoT systems be deployed?
    • Who will have access to them, both in the physical and cyber worlds?
    • How will they be architected?
  • What security solutions will come embedded versus will need to be layered?
  • Will vendors need to remote in for maintenance or upgrades?
  • Will data flows go through existing networks? Wirelessly?

“Organizations have to take a lifecycle view of IIoT efforts,” she said. “From requirements design to purchasing, deployment, maintenance and retirement, security considerations must be considered at each step.”

Security leaders need to realize that industrial environments are very different from enterprise-centric IT environments, Thielemann said. For example, considerations of physical location constraints, operational resilience or even safety, need to be part of the security strategy. Companies need to alter their IT-centric security approaches to account for these environments as well as their approaches to patching, monitoring and authentication.

Typically, IIoT is under the purview of engineering and production departments rather than IT, said Subramoni.

“However, there needs to be organization and oversight of transformation along with technology modernization,” she said. “Most enterprises will need trusted technology and systems integration partners to scale on demand and manage the costs of protecting industrial systems. This is a fast-evolving need and the technology community is gearing up to the challenge.”

 

 

Tags: IT/OT integration IIoT/Manufacturing Technologies

Related


  • Volkswagen Deploys Nokia’s Private 5G Technology
    The technology is set to drive real-time IoT data uploads to Volkswagen’s production vehicles as well as intelligent robotics and wireless assembly tools
  • Image shows a smart factory and wireless communication network.
    Case Study: New Product Introduction of Cellular Connected Device
    In the smart city/connectivity and telecommunications markets, flexibility is critical. Innovation moves at the speed of light and there’s a great deal of competition to get to market first with a product that meets customer needs. That’s why more providers are turning to trusted partners like Benchmark to add speed, talent, and flexibility to their […]
  • Intel, Samsung Back $57M Funding for Landing AI
    The investment will help drive new iterations of the company’s product, which streamlines machine vision delivery for smart factory IoT networks.
  • Open Source IoT Development Tools vs. Vendor-Supported Tools
    More enterprises are exploring the development of their own Internet of Things (IoT) applications for company-specific use cases that can optimize operations, revenue gains and cost savings.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT and Drones Automate Field Operations
  • How IIoT Is Transforming Product Design and Manufacture
  • HPE Edgeline Converged Edge Systems
  • Smart Factory Technology Upgrades: 5G, Cybersecurity Dominate

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022
IoTWorldToday, IoTWorldSeries

IoT Product Roundup: PTC, Nokia, Arm and More dlvr.it/SQhNNF https://t.co/ZApdw3RHdu

19th May 2022
IoTWorldToday, IoTWorldSeries

Britain’s postal service has plans to run a fleet of autonomous #drones to make rural postal deliveries easier.… twitter.com/i/web/status/1…

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X