Have you been using sensor data, machine to machine communication (M2M), big data, or automation technologies in your workplace? If so then congratulations you have been a part of the Industrial Internet of Things (IIoT) era. Almost every major industry is using IIoT to make their processes more efficient. While the IIoT systems are excellent for saving time, most business are unprepared to handle a cyber attack on their IIoT systems. This is bad news for the private sector considering nearly 90% of cyber security experts are expecting IIoT cyber attacks to rise significantly this year. You will need to be prepared to protect your organizations processes.
Industrial Internet of Things
The Industrial Internet Consortium defines an IIoT system as smart machines and devices that connects and integrates industrial control systems with enterprise systems, business processes and analytics. The IIoT approach is driven by the idea that data-driven machines are more effective and efficient than people at recording and communicating data consistently. With real time communications and data capture greater efficiencies are gained in terms of decision-making, among autonomous control systems. M2M communications, big data, automation, continuous sensor data, and machine learning are all integrated into IIoT systems. These data driven ecosystems are at the heart of everything in industry now, and it certainly make the lives of managers so much easier. With that luxury though, cyber criminals are increasingly becoming more attracted to IIoT systems.
The Threat Landscape
The threats that IIoT systems are vulnerable to are not necessarily new. As Robert Westervelt of International Data Corporation (IDC) has framed it:
“As Industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes.”
To emphasize, the types of attacks are not new, rather the stakes are much higher. This is because the industrial internet of things can disrupt operations and have an immediate material impact on an organization. These attacks include insider incidents, malware, ransomware, phishing and many more threats out there. The IIoT presents new opportunities for criminals to act with higher impact on organizations. This also means insider threats is one of the most significant risks to IIoT systems.
Fortunately, when it comes to IIoT it seems that business leaders and owners are well aware of the risks, as investment into security has increased with companies expanding their IIoT operations. In your organization there are a few things you can do to keep your organization safe.
IIoT Best Practices
High profile members of the Industrial Internet Consortium have put together and extensive IIoT cyber security framework on what organizations need to do to best protect themselves. Below you can find some of the high level practices to consider.
The current best practice framework for IIoT is organized into a three-tiered system consisting of four core security functions (endpoint protection, communication protection, security monitoring, and security management), data protection, and company security policy.
The four core security functions are intended to build on one another, not one can exist or excel alone or else the integrity of the system is weak. In order the four can be found below:
This is the start of IIoT security protection and it is with the devices that connect into the IIoT cloud. This includes mobile devices, portable devices, home networks, and desktops. What should be reviewed during this function is physical security, data security, and access management. Endpoint protection is a topic in itself, however for the IIoT endpoint protection is not nearly enough to ensure the security of the entire system. Endpoints communicate with one another and with the “cloud” as well.
2. Communication Protection:
Data in transit and data at rest need to be encrypted to prevent malicious attackers from seeing your data. Additionally this builds on top of the access management from your endpoints to ensure that only authorized devices can transfer data to and from your network.
3. Security Monitoring & Analysis:
With the pillars of the system established in order to maintain its integrity it is important to continuously monitor and analyze the security state of the system. This is not to be taken lightly and requires automation to be run efficiently or a very strong security suite. For monitoring you should keep watch on your endpoints, employee remote login activity, and supply chain partner activity. In order to run effective analysis there needs to be a system in place to track user behavior and adherence to system rules in established by you or the main administrator. These two are often placed on a benchmark to detect abnormal behavior and if there are any attempts to violate rules. Behavioral analysis and rules-based analysis allow you to act preemptively to stop any insider threats. If there is a security incident then you have a wealth of data for identifying the root cause of the breach.
4. Security Configuration & Management:
The final core block is security configuration and management of your system. This process is important as it ensures that any changes to the system are handled in a secure manner. This aspect will be heavily influenced by your data and security policy.
In the end what makes the IIoT so unique is how much data is generated, transferred, and used to make business processes more efficient. Data is never the same, with different sets of data having different life cycles between rest, use, motion, and deletion. When drafting a data protection policy it is important to identify what types of data you will be protecting. At a minimum you should protect endpoint data, communications data, configuration data, and monitoring data. Often if you are using a comprehensive security suite on your network then these categories of data will be protected plus more from insiders and malicious external actors.
Security Model & Policy
The most important thing you will need to do is putting together a security model and policy for your IIoT network. It is important to establish security objectives and requirements for the system, specifically accountability, confidentiality, integrity, and availability. Additionally, it is very important to have ongoing system threat analysis. This is because external and insider threats continue to grow more complex overtime. Threat analysis should identify the latest vulnerabilities your system could be exposed to. Finally a living document needs to be made which will be your security policy which identifies processes, rules, security measures, and controls that actively protect your system.
The IIoT is rapidly gaining pace across all sectors of the global economy. If not properly protected the operational, brand, and financial damage to a business could be fatal. It is for this reason that learning now how to keep your IIoT secure will protect you in both the short and long run. Be prepared and keep your company safe.