Start driving decisions with machine data.
Categories:

    With 2020 firmly underway, the exponential growth of Industrial IoT is on track with recent predictions.  And as we head toward a world with over 75 billion connected devices by 2025, almost a third will be utilized in industrial applications within manufacturing.  But as the opportunities within this market- particularly in cloud-based, third-party service providers - continue to expand, one issue stands out less as a barrier to growth than it is a red flag not to be ignored.  That red flag is the ever-present requirement of security.

    With each passing week, there’s a new story covering breaches of data in much larger databases than before and at companies thought secure from such intrusions.  Equally distressing are the cases where companies have stored or used the data collected in ways never intended by the people and businesses who entrusted them with the data to begin with.  And with device proliferation gaining speed, the problem may get worse before it improves.

     

    How We Got Here

    There are two basic reasons to explain how Industrial IoT arrived at this dilemma.  One is based on simple math.  With the number of deployed devices increasing exponentially, and pressure on service providers to get both the devices and the platforms out for deployment, the industry has been at risk of getting ahead of itself and doing more than security initiatives and protocols could absorb and respond to.

    The second reason is an issue that has plagued other new and wildly successful technologies in the past.  Namely, the issue of security had never had to be addressed at the machine level before.  Therefore, no standards or protocols had been developed.  In many ways this meant that providers either addressed them ad hoc as they encountered them, used the third-party security provider chosen by the client, or even relied solely on the client’s internal security measures (often inadequate in their own right).  Adding to the problem is that many service providers are slow or intermittent at deploying firmware upgrades as the push for new and improved core functionality often takes precedence.  Regardless of how the problem has arisen, it is one of the hottest issues in the industry today and one that many are struggling to address.

     

    Locations of Security Concerns

    As hackers become more sophisticated in the use of the same data tools and AI technology as those building out IoT systems, the risk of a data breach grows. Within a factory and its connected systems, there are a number of locations where a breach can occur:

    • Insecure Web Interfaces – The location where users interface with IoT devices suffers from issues such as inadequate default passwords, lockout and session management issues and credential exposure within the network.
    • Insecure Network Services – This is where hackers may be able to gain access to the network itself as through open ports, buffer overflows and Denial-of Service attacks.
    • Weak Encryption – Weak encryption, or in some cases no encryption, can allow intruders the ability to gather data during exchange between devices.
    • Insecure Mobile Interfaces – As many companies offer field service as an extension of their manufacturing operation for repair and maintenance, mobile interfaces suffer from the same issue of encryption and authentication.

     

    Challenges of IIoT Security

    Many businesses already have weak or improper security in place to begin with, which places a strain on IoT providers supplying both services and devices.  More than 50% of all critical infrastructure operations utilize outdated Microsoft software and a full 40% of all industrial sites are using the public internet.  This puts machine infiltration as a key risk as devices proliferate, meaning that sophisticated hackers could conceivably gain access to an entire factory and either severely disrupt or damage the production capabilities for a lengthy period.  It could also pose physically dangerous conditions as a direct or indirect result of an intrusion.

    Legacy security is also a concern.  One of the key value propositions for Industrial IoT deployment is that legacy equipment can be retrofitted with IoT devices.  This allows longer equipment lifecycles and full integration for building out a smart factory without triggering expensive capital equipment purchases.  But the choice must be made alongside a careful consideration of which devices can be properly secured for use within the system, a skillset that a company may not have and one it may not realize it needs.

    Lack of standards and protocols in an industry still in its infancy, but growing astronomically, are also hampering coherent security progress.  The feeling is that IoT service providers as a business community will come together and self-regulate to develop standards and protocols for all development.  This would eliminate the chance of competing or overlapping “local” protocols and would be most cost effective for the client.  Until then, the lack of standard makes ad hoc security a norm and stresses the capabilities of the client’s existing security system, which may already have its own weaknesses.

     

    Industrial IoT Security Solutions

    Over 40% of all breaches consist of either malware or brute force attacks.  But there are numerous other forms of intrusion as well.  Because of the number of ways a company’s devices and systems could be accessed, security is viewed as consisting of four tiers; device, communication, cloud and lifecycle management.  Because of the speed at which the industry has grown, this complicates security solutions as there is no end-to-end out of the box security solution.

    But there are steps that can be taken by providers and companies in the interim as end-to-end solutions are developed.  One such step would be to segment the IT network so that anything that controls equipment is maintained in a separate network than the rest of a company’s IT infrastructure.  

    A second step that service providers can take is to ensure the “basics”.  Basic structures such as credential lockout after a small number of tries and default credentials that must be changed upon activation will help secure access at the web interface.  Likewise, mandating strong password rules and two factor authentication can limit unauthorized access.  At the IT level, making sure that services are not vulnerable to buffer overflow and ports are closed when not used will shut off avenues of intrusion as well.  The same precautions can be built into mobile device interfaces for password, lockout and default password rules.  And of course, better discipline in producing and deploying firmware upgrades will help reduce system degradation.

    Perhaps the biggest step that could be undertaken to get ahead of security concerns would be for the industry to collaborate toward self-regulation in the development of industry standards and protocols.  By defining a base architecture for many of the issues above and standardizing and mandating their inclusion, service providers and their programming teams would be freed from the smaller security concerns and left to concentrate on larger and more intensive security issues as they evolve.  The setting of basic standards would put a minimum security “floor” under all systems to protect both the companies that purchase the services as well as the providers when deploying systems in companies with inadequate or weak security systems.

     

    The security challenges facing Industrial IoT service providers and their client companies are growing.  Many do not emphasize the security side of the equation strongly, but by not doing so, opportunity is missed.  Many executives have indicated that they would be willing to pay more for IoT devices and services if security solutions were part of the package.  But as the industry continues to grow, new services including security as part of the platform, or strong partnerships with third-party security providers, will gain stronger footing in the market.

     

    eBook Download: The Cloud Advantage

    Comments

    Leave a comment

    Subscribe to our mailing list

    Related posts

    Finding the Payback for Smart Manufacturing

    Finding the Payback for Smart Manufacturing

    Industry 4.0 is defined by smart manufacturing processes such as data-driven plant optimization, industrial automation, and predictive maintenance. Since these processes rely on shop floor data, confi...

    MachineMetrics security
    What is Equipment-as-a-Service? The Benefits of EaaS

    What is Equipment-as-a-Service? The Benefits of EaaS

    Paradigm shifts define the world as we know it. One example is IT services and how they were managed in the earlier days of the digital transformation. Two decades ago, enterprises who intended to use...

    MachineMetrics security
    Actionability: You Have the Data, What Now?

    Actionability: You Have the Data, What Now?

    Machine monitoring surfaces data to you. Do you know what to do with it?   

    MachineMetrics security
    The Inaugural MachineMetrics 8-Track 🎶

    The Inaugural MachineMetrics 8-Track 🎶

    In a recent article from the MachineMetrics Tech Blog, the data science team likened high-frequency data to being able to hear the complete symphony of notes from the machines. The metaphor wasn’t far...

    MachineMetrics security
    People and Machines: The Perfect Combination for Industry 4.0 Success

    People and Machines: The Perfect Combination for Industry 4.0 Success

    Someone recently asked this question of us: “Will this pandemic bring the future sooner?”. 

    MachineMetrics security
    Edge Computing vs. Cloud Computing in Manufacturing

    Edge Computing vs. Cloud Computing in Manufacturing

    We get a lot of questions from manufacturers around the difference between the edge and the cloud. Edge and cloud computing are often misunderstood to be mutually exclusive but, while they may functio...

    MachineMetrics security
    Leveraging Data: A Proven Strategy in Uncertain Times

    Leveraging Data: A Proven Strategy in Uncertain Times

    In this difficult time, while some manufacturers have been forced to change strategies temporarily, others have a need to double down on what you do best. By enabling mobile workers, industrial compan...

    MachineMetrics security
    The Impact of COVID-19 on Manufacturing - An Update from MachineMetrics Data Science

    The Impact of COVID-19 on Manufacturing - An Update from MachineMetrics Data Science

    An Update on What MachineMetrics is Doing As the full impact of the coronavirus sets in, our daily updates to manufacturing utilization have become an ever more useful item in the toolkit of manufactu...

    MachineMetrics security
    Maintaining Factory Efficiency in a Crisis through Remote Monitoring

    Maintaining Factory Efficiency in a Crisis through Remote Monitoring

    The World Health Organization’s (WHO) announcement about Covid – 19 reaching pandemic levels triggered responses across the industrial world. In industrial manufacturing, shop floor activity hit its l...

    MachineMetrics security