Critical Security Challenges Facing IIoT
Mar 19, 2018
By Will Mapp, Kymera Systems
The Industrial Internet of Things (IIoT), also known as the Industrial Internet, is transforming the way innovative businesses collect and share data. IIoT combines machine-to-machine (M2M) communication, industrial big data analytics, human machine interface, and data acquisition to drive smarter, faster business decisions and powerful outcomes for enterprises of any size.
From the looks of it, this digital transformation is here to stay. According a recent report by IDC, worldwide spending on IIoT is forecast to reach US$1.29 trillion in 2020.
As the scope of connectivity between devices continues to expand in industries such as oil, gas, power generation and healthcare, so does the potential for cyber security events that can carry serious risks. In safety-critical environments, any system failure or unplanned downtime can result in a high-risk situation or life-threatening emergency.
While several measures are being taken to prevent security breaches at the device level and beyond, there is still work to be done to educate consumers and ensure the security of embedded devices. Here we outline the top security concerns organizations should consider when building out their IIoT infrastructure.
Network security
With a wider range of communication protocols, standards and device capabilities, IIoT network security is more challenging than traditional network security. To best protect assets and communication links, IT organizations should implement a flexible security framework that allows them to closely monitor network growth and quickly allocate security tools needed to ensure the proper functioning of their systems should they come under attack. No new devices should be allowed on the network until hardware, manufacturer details and platform security have been thoroughly assessed for compliance.
Authentication
Businesses cannot protect sensitive data that is being shared or transactions being conducted if they can’t be sure (or at least reasonably confident) of the IIoT entity they are communicating with. Therefore, offering every “thing” a unique identity should be the foundation of any security strategy. IIoT authentication requires a layered, standards-based security approach that constantly changes as new challenges arise. One security technology that meets those requirements is Public Key Infrastructure (PKI). PKI has been securing network connected devices by delivering trust and high assurance for decades already, making it ideal for managing IIoT device identities.
Outdated device software
Consumers are at risk anytime they are using software that has not been updated to fight off security attacks. Companies that are serious about the safety of their customers must ensure the devices they design have the IO and storage needed for firmware updates and commit to running all necessary updates throughout the device lifecycle.
Consumer agreements
A Deloitte survey found that over 90% of consumers accept legal terms and conditions without reading them. When thinking about IIoT security, it is important to remember that the first line of defence is your organization. To ensure the safety of your network, do not allow employees to experiment with random new devices within the network and thoroughly read through any agreement before receiving a device to understand how data will be shared and kept safe.
Data security
The sheer amount of data that IoT devices can generate is staggering. A Federal Trade Commission report entitled Internet of Things: Privacy & Security in a Connected World found that fewer than 10,000 households can generate 150 million discrete data points every day. Planet Technology estimates that 25 billion IoT devices will generate 1.6 billion terabytes of data by 2020.
With this onslaught of information comes a new and increasingly complex challenge to corporations to ensure data is securely collected and integrity is maintained as data moves from device sensors, over the company gateway, through servers/applications, into the data centre and, eventually, into storage. Insecurity at any point in this process can lead to erroneous or altered streams that can compromise the validity of the data coming over the gateway.
When you are mapping out your IIoT strategy, it is important to think through the real aspects of what you are trying to accomplish and how you plan to use the data you are collecting. How will you ensure the accuracy of the data you are measuring? What steps will you take to maintain the security and integrity of data as it flows throughout your system? What data will you save and for how long?
A well thought out strategy will keep your handling and retention policies aligned to the new reality this type of data presents while keeping your customers information protected.
Summary
Any business that wants in on a bigger piece of IIoT real estate must understand the critical security risks and implications presented in this space and use that knowledge to adapt solutions to their specific needs.
Depending on the level of data security and compliance your organization requires, it may be appropriate to consider hiring a security consultant or cyber security expert to develop a comprehensive security strategy for your IIoT infrastructure.
Source: http://kymerasystems.com/2017/11/22/critical-security-challenges-facing-iiot/