Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How to build secure IIoT networks to support aging critical infrastructure

The country’s critical infrastructure is made up of massive and sprawling elements of concrete, wood, metal and other man-made and natural materials, many of which were engineered to withstand a wide range of threats, from severe natural disasters to nuclear war. However, over time, with increased usage, deferred maintenance and the threat of even greater man-made and natural disasters, much of the country’s infrastructure is at a breaking point. This includes dams, bridges, roads, highways, electric grids and pipelines. The industrial internet of things now offers a near-term solution to manage these assets as the country and policymakers debate how and when to invest in upgrading and improving our infrastructure. Yet, these new technologies used to manage stressed infrastructure, if not secured properly and in the wrong hands, have the potential to turn the critical infrastructure against its human users.

Advances in industrial wireless data communications have created an enormous opportunity to expand operator reach to even the most remote location with immediate response times. However, the adoption of these new technologies, applications and cloud-based services comes at a potentially steep price if they require sacrificing quality and security of the applications and networks they are controlling. These sacrifices could cost us more than just a minor inconvenience, as a security breach of our critical infrastructure communications systems could be devastating to the health and well-being of the general public.

Consider, for example, the automated sensor controls surrounding a nuclear power facility, used to ensure the security of individuals both in and surrounding a specified radius around the reactors. Or consider the power grid, which provides critical electricity — the lifeblood of the modern economy — to the country’s 323 million residents. Hacker activity directed towards these sectors doesn’t need to be outstanding to have a significant impact. Even a minor distributed denial-of-service attack aimed at disrupting communications to and from a single utility substation could have devastating consequences on health and safety.

The good news is that automating critical infrastructure doesn’t necessarily have to directly correlate to substantially greater security risks. When automating any network for critical infrastructure operations, one should consider the following aspects to ensure security and quality is not compromised:

Off the shelf is easier, but that doesn’t make it better

Surprisingly, “off the shelf” Wi-Fi and cellular networks are becoming more prevalent for data communications supporting critical infrastructure — often based on short-term expediency. These technologies may work for your home automation camera or front door lock, but when it comes to the security and quality of service required for real-time industrial data communications, they don’t pass muster. These products are designed for mass adoption and purposely lack the security and quality of service features required for industrial networks. Industrial networks require unbreakable wireless connectivity often over remote areas in challenging radio frequency environments. This requires using specialized licensed radio frequencies designed for coverage over capacity.

VPN operations over public networks are too close to hacker reach

If you’re working over public networks, even if it’s a virtual private internet, the likelihood is your communications aren’t completely private and are still exposed to security and quality of service disruptions. One solution is for the industrial operator to deploy their own private wireless data network using licensed radio frequencies in specialized bands that are available on an exclusive basis. This is an excellent option for an operator (for example, an electric utility company) that has scaled operations over a large area (either multiple counties or a state level). For industrial customers that do not have the necessary scale, working with a private network operator dedicated to mission-critical operations is another option. These types of networks are now emerging in order to address the significant need.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.