IIoT is Here, but Learn to Secure

Monday, June 25, 2018 @ 01:06 PM gHale

By Patrick Grossetete
It’s a fact: Most people are worried about data breaches.

While 42 percent of respondents appreciate the value that can be delivered with Internet of Things (IoT) data, only 9 percent consider their data secure, according to a Cisco IoT Value/Trust Paradox report, based on a survey of 3,000 consumers.

What many may not be aware of are the greater security challenges in 2018 and beyond to current Industrial Internet of Things (IIoT) environments and the need to protect critical infrastructures and data in the IT and OT world. The pressure to plan and build end-to-end efficiency and processes are driving the adoption of connected technologies, notably IIoT.

RELATED STORIES
Reliance Beyond Your System
Security, Connectivity: A Tight Balancing Act
Manufacturers Still Behind Security Curve
More OT, IoT Attacks Coming: Report

Industrial environments are reaching a unique time in their history where the evolution of information and automation is changing all business processes. This means a couple of things. It’s easier for hackers to steal data, and in an era of mass targeted attacks, those attacks will only get worse.

Yet, this evolution of information and automation must be promoted but protected as well. This new way of doing business, combined with advanced technologies, touches everything we see and do not see with an IP address, such as distributed computing, cloud-based services, artificial intelligence, machine learning, predictive maintenance, blockchain, and industrial 3D printing.
 
Protection Plan
What can you do to protect users?

Industries are in the midst of new data paradigms where machines and people generate and receive more and more real-time information, which is leveraged for decision making.  

In fact, the adoption of IIoT networks impacts nearly every type of organization, ranging from:
• Manufacturing plants where robotics and human interactions have shifted from the historical repetitive operations to more localized and complex processes
• Complex power grid systems architecture where generation, control, and distribution are impacted by new grid schemes, such as renewable energies and synchrophasor applications in transmission systems
• Transportation companies developing intelligent vehicles and intelligent infrastructure systems to automate and optimize traffic flow 
• Cities controlling and optimizing their environmental conditions, remote health services, and more

Across these and other industries, IIoT networks extend outside traditional IT environments, expanding the concept of “Extended Enterprise Network” architecture.

Within extended enterprise IoT networks, engineers have to cope with a rapid increase of smart objects getting connected, growing data exchanges, the convergence between Information Technology (IT) and Operational Technology (OT) applications and services, and breaking conventional silos and field network locations generally considered unprotected.
 
Mission Critical
Technologies, products, and solutions are constantly evolving, driving innovation but also creating an unintended opportunity for new security flaws.

External (or even internal) attackers are always looking for ways to leverage any technical or non-technical methods of attacks. “Meltdown and Spectre” on CPU chipsets or “KRACK” on Wi-Fi WPA2 security are just two visible examples.

A survey of security professionals revealed 96 percent said they expect an increase in IoT breaches this year. And, as reported by Cisco Talos, vulnerabilities are monthly identified across Industrial Control Systems solution — so don’t think you or your customers are immune. 
 
Yet, despite these challenges, people overall support the benefits of IoT data. That’s why bringing all devices, operations, and processes under a trustworthy umbrella that reinforces security and safety have never been more important. 
 
Does your vendor care about delivering security patches or firmware updates? Do they understand the constraints of an IoT architecture? Do they communicate important actions you need to take and are committed to conducting business at the highest standards?

If you have not asked your technology vendor(s) these questions … you should.

Patrick Grossetete is a distinguished engineer for technical marketing at Cisco.



Leave a Reply

You must be logged in to post a comment.