Industrial IoT presents huge opportunities for makers of industrial equipment and providers of related systems. By connecting machines to the cloud revolutionary new approaches to customer service and process automation can be realised; predictive maintenance being one of the fastest growing business lines.
Critical to the success of disciplines such as predictive maintenance or process automation is the ability to connect these machines to the cloud. The majority of machines are not designed with native internet connectivity built in, certainly not wireless connectivity. They are typically designed to be securely connected to control systems (such as SCADA) which monitor and manage them via fixed cable connectivity.
For machines and devices which could benefit from being remotely connected, via a wireless network, the issue of securely bridging the ‘air gap’ between an operational technology (OT (machine) and an IT systems (the cloud) is a major challenge holding back progress.
Interestingly, a recent study by Accenture highlights that security is the biggest obstacle to industrial digitalisation via Internet of Things (IoT) devices. These concerns have been echoed by a recent poll taken by Cisco at their recent IoT World Forum.
There is a wide assumption, often true, that many firms overlook security when designing industrial internet of things solutions. Connectivity products are often sold with old software and glaring holes in their operating systems, which ultimately make it easier for hackers to get hold of data and sometimes take control of devices. On top of this customers often fail to implement the proper safeguards that come with technology. As many as half of employees use the same two or three passwords to access confidential information. The result of these issues is inevitable breaches, which in turn make customers sceptical when they examine integrating IoT as part of efforts to automate key business applications. Research by Forrester argues that for this reason, amongst others, that 2017 is likely to see a widescale IoT breach.
As a result, it is critical for organisations to find a new framework to deliver secure IoT. The security sector has an important role to play. The high levels of coverage and potentially damaging results of breaches has helped to make ‘cyber’ into a negatively perceived term. The moment someone questions the cyber security credentials of a product, panic ensues. Equally, when someone else says they can ‘fix’ cyber issues, claims are heavily scrutinised by penetration testers from around the globe.
If progress is going to be made, we need to shift this stigma whilst introducing a better more secure means for connectivity. Part of this challenge is in complexity; for example, a core application of Industrial IoT is predictive maintenance. In order to protect whether a mobile piece of machinery is going to break down the IoT device must transfer data via the internet back to the customer who can then resolve the issue. The problem with this however is the data has to go through multiple layers and will ultimately require the aid of a network provider. This type of solution includes multiple levels that need to be secured, making it both expensive and difficult to guarantee safety. As a result, any effort to reduce cost of devices in this example could leave them more susceptible to interception by DDOS or BOTNET attacks.
Simpler connectivity could, therefore, reduce the threat and likelihood of breaches. The common view is that the cloud is the problem, however, it is in fact, the transmission to the cloud where the majority of breaches happen and the information is stolen.
Many of the existing solutions have looked to prevent breaches by wrapping existing communication means with security technology. In the home for example, consumers can purchase network access solutions that restrict who and what can access devices. The problem these pose in industrial environments is firstly that they can be hacked and secondly they add complexity. What is required is a means of connection that doesn’t require heavy security products. As a result, a connection that moves directly between device and server, that does not allow for interception is the ideal happy medium.
A potential solution could be USSD (Unstructured Supplementary Service Data). The technology present in all mobile GSM networks can be leveraged to provide unprecedented security as there is effectively no ‘internet’ present when connecting a machine/IoT device to a cloud system. It is therefore impervious to internet related security threats such as Botnet, DDOS and more recently WannaCry.
Removing security as a barrier to applications of IIoT is crucial to ensuring future growth and evolution of the sector. IoT arguably has enormous potential to transform how industry operates, from improving monitoring to simplifying processes. It also presents a significant opportunity for the security sector to innovate and develop simple and secure processes rather than simply secure existing ones. In short, adopting safe and secure technologies is essential to the future growth of the entire IoT sector. Between IoT and security professionals, we should make sure to talk about why these are safe; but don’t mention ‘cyber’.
[su_box title=”About Neil Hamilton” style=”noise” box_color=”#336588″][short_info id=’102537′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.