Critical Security Challenges Facing IIoT

Kymera Systems

December 19, 2017

By: Will Mapp, Kymera Systems

The Industrial Internet of Things (IIoT), also known as the Industrial Internet, is transforming the way innovative businesses collect and share data. IIoT combines machine-to-machine (M2M) communication, industrial big data analytics, human machine interface and data acquisition to drive smarter, faster business decisions and powerful outcomes for enterprises of any size.

From the looks of it, this digital transformation is here to stay. According a recent report by IDC, worldwide spending on IIoT is forecast to reach $1.29 trillion in 2020.

As the scope of connectivity between devices continues to expand in industries such as oil, gas, power generation and healthcare, so does the potential for cyber security events that can carry serious risks. In safety-critical environments, any system failure or unplanned downtime can result in a high-risk situation or life-threatening emergency.

While several measures are being taken to prevent security breaches at the device level and beyond, there is still work to be done to educate consumers and ensure the security of embedded devices. Here we outline the top security concerns organizations should consider when building out their IIoT infrastructure:

Network Security

With a wider range of communication protocols, standards and device capabilities, IIoT network security is more challenging than traditional network security. To best protect assets and communication links, IT organizations should implement a flexible security framework that allows them to closely monitor network growth and quickly allocate security tools needed to ensure the proper functioning of their systems should they come under attack. No new devices should be allowed on the network until hardware, manufacturer details and platform security have been thoroughly assessed for compliance.

Authentication

Businesses cannot protect sensitive data that is being shared or transactions being conducted if they can’t be sure (or at least reasonably confident) of the IIoT entity they are communicating with. Therefore, offering every “thing” a unique identity should be the foundation of any security strategy. IIoT authentication requires a layered, standards-based security approach that constantly changes as new challenges arise. One security technology that meets those requirements is Public Key Infrastructure (PKI). PKI has been securing network connected devices by delivering trust and high assurance for decades already – making it ideal for managing IIoT device identities.


Outdated Device Software

Consumers are at risk anytime they are using software that has not been updated to fight off security attacks. Companies that are serious about the safety of their customers must ensure the devices they design have the IO and storage needed for firmware updates and commit to running all necessary updates throughout the device lifecycle.

Consumer Agreements

A Deloitte survey found that over 90% of consumers accept legal terms and conditions without reading them. When thinking about IIoT security, it is important to remember that the first line of defense is your organization. To ensure the safety of your network, do not allow employees to experiment with random new devices within the network and thoroughly read through any agreement before receiving a device to understand how data will be shared and kept safe.

Data Security

The sheer amount of data that IoT devices can generate is staggering. A Federal Trade Commission report entitled “Internet of Things: Privacy & Security in a Connected World” found that fewer than 10,000 households can generate 150 million discrete data points every day. Planet Technology estimates that 25 billion IoT devices will generate 1.6 billion terabytes of data by 2020.

With this onslaught of information comes a new and increasingly complex challenge to corporations to ensure data is securely collected and integrity is maintained as data moves from device sensors, over the company gateway, through servers/applications, into the data center and, eventually, into storage. Insecurity at any point in this process can lead to erroneous or altered streams that can compromise the validity of the data coming over the gateway.

When you are mapping out your IIoT strategy, it is important to think through the real aspects of what you are trying to accomplish and how you plan to use the data you are collecting. How will you ensure the accuracy of the data you are measuring? What steps will you take to maintain the security and integrity of data as it flows throughout your system? What data will you save and for how long?

A well thought out strategy will keep your handling and retention policies aligned to the new reality this type of data presents while keeping your customers information protected.

Summary

Any business that wants in on a bigger piece of IIoT real estate must understand the critical security risks and implications presented in this space and use that knowledge to adapt solutions to their specific needs.

Depending on the level of data security and compliance your organization requires, it may be appropriate to consider hiring a security consultant or cyber security expert to develop a comprehensive security strategy for your IIoT infrastructure.

Source:

http://kymerasystems.com/2017/11/22/critical-security-challenges-facing-iiot/

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Automated Test Equipment (ATE) Revival: Repurposing and Extending the Life of Aging ATE Systems

    Automated Test Equipment (ATE) Revival: Repurposing and Extending the Life of Aging ATE Systems

    Automated Test Equipment (ATE) and Automated Test Systems (ATS) serve the critical purpose of ensuring that electronic devices operate according to specifications in the field. As such, these systems are widely utilized for testing automotive electronics, batteries, telecom infrastructure, renewable energy systems, and consumer electronics. The aerospace and defense sectors also make substantial investments in… Read More…

  • Partner Country Canada at HANNOVER MESSE 2025: The Future’s Here

    Partner Country Canada at HANNOVER MESSE 2025: The Future’s Here

    Canada is Partner Country of HANNOVER MESSE 2025, underscoring the strong economic and political ties between “The True North” and Germany. Canada announced its Partner Country commitment in August 2022 when Canadian Prime Minister Justin Trudeau hosted German Chancellor Olaf Scholz in Canada. Canada’s starring role from 31 March to 4 April 2025 at HANNOVER… Read More…

This project is funded [in part] by the Government of Canada.

Ce projet est financé [en partie] par le gouvernement du Canada.

Subscribe to our Free Twice Monthly Digest