IIoT security a major concern, according to survey

Companies see the enormous upside the Industrial Internet of Things (IIoT) has to offer, but they are united in their concern about a major security breach.

By Gregory Hale, ISSSource April 25, 2017

The Industrial Internet of Things (IIoT) has an incredible amount of upside as a productivity enhancer and quality business improvement vehicle, but it is almost unanimous the movement is a security disaster waiting to happen, a new survey found.

With the rise of IIoT deployment in organizations, survey respondents expect it to cause security problems this year, according to a Dimensional Research survey.

IIoT are connected devices in critical infrastructure segments such as energy, utilities, government, healthcare and finance. The study found:

  • 96 percent of those surveyed expect to see an increase in security attacks on IIoT in 2017
  • 51 percent said they do not feel prepared for security attacks that abuse, exploit or maliciously leverage insecure IIoT devices
  • 64 percent said they already recognize the need to protect against IIoT attacks, as they continue to gain popularity among hackers.

"Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyberattacks against IIoT," said David Meltzer, chief technology officer at Tripwire. "There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyberattacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations."

"As Industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes," said Robert Westervelt, security research manager at IDC. "The concern for a cyber attack is no longer focused on loss of data, but safety and availability."

The study’s respondents ended up asked how they expect their organizations’ deployment of IIoT devices to change, and how it will affect their level of vulnerability. It found:

  • 90 percent expect IIoT deployment to increase
  • 94 percent expect IIoT to increase risk and vulnerability in their organizations
  • When respondents were broken down by company size, both larger companies (96%) and smaller companies (93%) expect a significant increase in risk caused by the use of IIoT

"The Industrial Internet of Things ultimately delivers value to organizations, and that’s why we’re seeing an increase in deployments," Meltzer said. "Security can’t be an industry of ‘no’ in the face of innovation, and businesses can’t be effective without addressing risks. The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to coordinate on these issues. Organizations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See related stories from ISSSourced linked below.

Original content can be found at www.isssource.com.