Advice on securing the Industrial Internet of Things

Industry and utility companies need to develop new strategies to mitigate and manage cyber risks according to an IBM report, which has set recommendations for securing the Industrial Internet of Things (IIoT).

03/25/2018


Image courtesy: Ilya Pavlov/UnsplashSecurity has been an afterthought for many Internet of Things (IoT) applications, but the Internet of Things cannot simply be left to become the "Internet of Threats," according to an IBM report: "Internet of Threats: Securing the Internet of Things for Industrial and Utility Companies."

Industry and utilities companies need to develop new strategies to mitigate and manage cyber risks, said the enterprise services giant, which has set new recommendations for securing the Industrial Internet of Things (IIoT).

IBM's Institute for Business Value (IBV) has produced a new report, Internet of Threats: Securing the Internet of Things for Industrial and Utility Companies.

The document says that there is limited awareness of the need for IoT security. "An incomplete understanding of the risks posed by IoT deployments, coupled with a lack of a formal IoT security program, contributes to the gap between IoT adoption and the capabilities in place to secure it," it says.

IT-centric security frameworks and organizational structures are often not adequate to address the reliability and predictability needs of always-on IoT equipment.

While the IIoT represents a market that could add $14 trillion to the global economy by 2030, claims IBM, underlying concerns about the security and vulnerability of sensors and other devices "are justified", says the company.

An IBM/IBV benchmarking study of 700 industrial/utilities IT and operational technology (OT) leaders found that devices and sensors, followed by IoT platforms, are the most vulnerable parts of connected deployments. By 2020, 30 billion devices will be online, generating 600 zettabytes per year, says IBM. By 2035, more than 75 billion IoT devices will be connected.

When security plays catchup

Deploying IoT technologies at a faster pace than they are being secured can "open organizations to dangers greater than negative public sentiment", warns IBM. "For industrial manufacturing, chemical, oil and gas, and utilities, security breaches can lead to large-spread contamination, environmental disasters, and even personal harm."

Operational IT has become a growing target, accounting for 30% of all cyberattacks, continues the report. In the Middle East, for example, 50% of cyberattacks are directed against the oil and gas industry, creating major impacts to safety, productivity, and efficiency.

Despite this, most industrial and utilities organizations are still in the early stages of adopting best practices and protective technologies to mitigate IoT security risks, said IBM. "Only a small percentage have fully implemented operational, technical and cognitive practices, or IoT-specific security technologies," the report added.

As a result, the IoT security capabilities of most organizations "are in their infancy", with cybersecurity risks "still being evaluated and risk assessments performed on an ad hoc basis".

Part of this is down to an ongoing shortage of cybersecurity skills, and the slow emergence of IoT security standards. But what can organizations actually do about the expanding threat landscape?

Actions to take

First, organizations must recognize that IoT security doesn't exist in a vacuum, says the report. "Procedures must be followed, practices and technologies adopted, and measures taken to meet key performance indicators (KPIs)."

Next, organizations should implement practices that follow an operational excellence model of people, process, and technology to build IoT security capabilities."

Increase employee visibility into IoT security operations, IT, and OT. Makers of next-generation connected devices and services may consider purchasing insurance against software malfunctions and any damage hackers might cause," suggests the report.

"Know when and how to be proactive. To prepare an effective response to cyberattacks, carry out breach simulations, regular field and plant situational awareness, and engage in security operation center monitoring."

Technologies to deploy

The IBV benchmarking study gauges the use of a number of technology solutions for delivering IoT security. These include:

  • Encryption to protect against attacks that could compromise sensitive information and lead to the destruction of property and equipment, or create personal safety issues.
  • Network security and device authentication, to secure deployments between IoT devices, edge equipment, and back-end systems and applications.
  • Security analytics, to identify potential IoT attacks and intrusions that may have bypassed traditional security controls.
  • Identity and access management, which can help enterprises and service providers manage and secure relationships between identities and IoT devices.

These are all excellent approaches, said IBM, but the overwhelming need is to look at IoT security as a strategic business issue, and not as a technology problem demanding point solutions.

Chris Middleton is the editor of Internet of Business (IoB). Internet of Business is a CFE Media content partner. This article originally appeared here. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See additional stories about the IIoT linked below.



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
March 2018
Digitalization integration, process sensors, edge computing, fog computing, condition monitoring, and motors
February 2018
DCS visibility, alarm management, motors and drives, robotic machining, Engineers' Choice winners
HMIs
Automation and controls continue to help HMI hardware and software advance. As computing capabilities progress, hardware has become more rugged with less maintenance required, with wider environmental capabilities, and integrated input/output (I/O) connections.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Machine Vision
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
December 2017
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
March 2018
Digitalization integration, process sensors, edge computing, fog computing, condition monitoring, and motors
February 2018
DCS visibility, alarm management, motors and drives, robotic machining, Engineers' Choice winners
HMIs
Automation and controls continue to help HMI hardware and software advance. As computing capabilities progress, hardware has become more rugged with less maintenance required, with wider environmental capabilities, and integrated input/output (I/O) connections.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Machine Vision
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
December 2017
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
March 2018
Digitalization integration, process sensors, edge computing, fog computing, condition monitoring, and motors
February 2018
DCS visibility, alarm management, motors and drives, robotic machining, Engineers' Choice winners
HMIs
Automation and controls continue to help HMI hardware and software advance. As computing capabilities progress, hardware has become more rugged with less maintenance required, with wider environmental capabilities, and integrated input/output (I/O) connections.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Machine Vision
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
December 2017
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me