Businesses should be very concerned with industrial IoT security. Cybercrime is on the rise and could cost businesses upwards of $6 trillion annually by 2021, according to research firm Cybersecurity Ventures. This threat to IIoT is sizable, but it doesn’t have to be.
IIoT presents huge opportunities for makers and providers of industrial equipment and related systems. By connecting machines to the cloud, revolutionary new approaches to customer service and process automation can begin to thrive, predictive maintenance being one of the fastest-growing business lines.
Critical to the success of disciplines such as predictive maintenance or process automation is the ability to connect these machines to the cloud. The majority of machines are not designed with native internet connectivity built in, and certainly not wireless connectivity. They are typically designed to be securely connected to control systems (such as SCADA) which monitor and manage them via fixed cable connectivity.
For machines and devices which could benefit from being remotely connected via a wireless network, the issue of securely bridging the air gap between an operational technology (the machine) and an IT systems (the cloud) is a major challenge holding back progress.
There is a wide assumption, often true, that many firms overlook security when designing industrial internet of things products. Connectivity products are often sold with old software and glaring holes in their operating systems, which ultimately makes it easier for hackers to get ahold of data and sometimes take control of devices. On top of this, customers often fail to implement the proper safeguards that come with technology. As many as half of employees use the same two or three passwords to access confidential information. The result of these issues is inevitably breaches, which in turn makes customers skeptical when they examine integrating IoT as part of efforts to automate key business applications. Research by Forrester argued that for this reason, among others, 2017 is likely to see a wide-scale IoT breach.
As a result, it is critical for organizations to find a new framework to deliver secure industrial IoT. The security sector has an important role to play. The high levels of coverage and potentially damaging results of breaches has helped to turn “cyber” into a negatively perceived term. The moment someone questions the cybersecurity credentials of a product, panic ensues. Equally, when someone else says they can “fix” cyber-issues, claims are heavily scrutinized by penetration testers from around the globe.
If progress is going to be made, we need to shift this stigma while introducing a better, more secure means for connectivity. Part of this challenge is in complexity; for example, a core application of IIoT is predictive maintenance. In order to predict whether a mobile piece of machinery is going to break down, the IoT device must transfer data via the internet back to the customer who can then resolve the issue. The problem with this, however, is that the data has to go through multiple layers and will ultimately require the aid of a network provider. This type of solution includes multiple levels that need to be secured, making it both expensive and difficult to guarantee safety. As a result, any effort to reduce cost of devices in this example could leave them more susceptible to interception by distributed denial-of-service or botnet attacks.
Simpler connectivity could therefore reduce the threat and likelihood of breaches. The common view is that the cloud is the problem, however, it is in fact the transmission to the cloud where the majority of breaches happen and information is stolen.
Many of the existing technologies have looked to prevent breaches by wrapping existing communication means with security technology. In the home, for example, consumers can purchase network access products that restrict who and what can access devices. The problem these pose in industrial environments is firstly, they can be hacked and secondly, they add complexity. What is required is a means of connection that doesn’t require heavy security products. As a result, a connection that moves directly between device and server that does not allow for interception is the ideal happy medium.
A potential solution could be USSD (Unstructured Supplementary Service Data). This technology, present in all mobile GSM networks, can be used to provide unprecedented security as there is effectively no “internet” present when connecting a machine or IoT device to a cloud system. It is therefore impervious to internet-related security threats such as botnets, distributed denial-of-service attacks and, more recently, WannaCry.
To ensure future growth and evolution of the sector, removing security as a barrier to applications of industrial IoT is crucial. Arguably, IoT has enormous potential to transform how industry operates, from improving monitoring to simplifying processes. It also presents a significant opportunity for the security sector to innovate and develop simple and secure processes rather than simply securing existing ones. In short, hacking is draining businesses of trillions of dollars, but adopting safe and secure technologies can ensure the future growth of the entire IoT sector.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.