Industrial IoT Security: How to Protect Connected Machines – ReadWrite
Digital transformations are taking place across countless businesses and industries. Big data platforms in the supply chain and fintech; automation in warehouses; AR and VR in corporate training; and the Industrial Internet of Things (IIoT) everywhere else — are just a few hotspots of innovation and investment throughout Industry 4.0.
Industrial IoT security is an ongoing concern for any professional involved in vetting, deploying, and using connected machines and devices. IT budgets are only expected to grow throughout 2022 and beyond as the cyber-physical overlap grows, but cybersecurity incidents do not discriminate. As a result, businesses large and small put themselves at risk when they fail to secure their growing networks of IIoT devices.
What’s Wrong With Industrial IoT Security?
The IIoT has expanded tremendously in a few short years, and the scale of the security problems becomes obvious with the proper perspective.
A company’s digital transformation may begin with installing connected sensors on in-house machinery. Unfortunately, these are possible attack vectors under the right circumstances and without proper protection.
When companies deploy connected IoT technologies adjacent to sensitive customer records, company IP, or networks trafficking other sensitive data, the problem scales. With the benefit of hindsight, it seems quaint that nobody foresaw the Target customer-data breach involving internet-connected air conditioners. However, it was going to happen to somebody sometime — and now that it has, it should be clear what the stakes are.
Today, this is business as usual. Companies know to vet HVAC companies touting the robustness of the security protocols aboard their internet-connected A/C products.
Early stages of digital transformations may facilitate data mobility in-house. Later upgrades may involve continuous connections with remote servers. What happens when the risk vectors expand from one retail chain’s patrons? In the United States, public utilities are typically owned and overseen by private, somewhat opaque entities.
There are excellent reasons for utility companies — water, internet, electricity, natural gas — to deploy IoT devices to pursue better service and reliability. However, this rapidly expanding web of connectivity introduces many potential points of failure regarding cybersecurity.
The crux of the industrial IoT security problem is that every connected CNC machine and lathe — and every sensor across every mile of water or gas pipeline — could give hackers a way in. Telemetry may not be valuable, but an unsecured IoT sensor may provide a route to a more valuable prize, such as financial data or intellectual property (IP).
The IIoT Security Situation in Numbers
The problem of industrial IoT security is writ large and small.
A March 2019 report from the Ponemon Institute and Tenable observed that 90% of organizations actively deploying operational technologies — including transportation and manufacturing — had sustained one or more data breaches in the previous two years.
Companies that provide critical public services represent some of the most consequential possible targets for IIoT-based attacks.
CNA Financial Corp. and Colonial Pipeline proved that most financial institutions, including some of the most significant attacks — and most public or quasi-public utility companies may not have taken adequate measures to protect their digital systems. At least one of these attacks involved a single compromised connected workstation.
IBM found that manufacturers were the most frequently targeted industry for cyberattacks in 2021. This is not especially surprising. Manufacturing companies are among the most prolific adopters of IIoT products.
Combining the physical and the cyber — by collecting abundant data and studying or modeling it — is tremendously …….