Steady adoption of the internet of things continues to dramatically influence industrial architectures. Organizations can now gather and draw insight from a greater volume and variety of data across more diverse sets of applications. And as the movement of information between disparate hardware and software grows, so does the need for data security.
We’ve seen the repercussions of security breaches in recent months with the Mirai malware attacks, a series of sophisticated, highly distributed hacks involving tens of millions of IP addresses. Now more than ever, IoT experts share warnings about the threat of unsecured devices connecting to the internet. It’s not surprising that many companies believe IoT is fundamentally insecure, or consider security infrastructure investments to be too complex. But the benefits of IoT outweigh the possible risks — and delaying the appropriate measures needed to safeguard against malicious data exploitation is doing more harm than good. If industrial organizations are serious about IoT, they must become serious about industrial IoT security.
Here are three key steps you can take to ensure robust IoT security while enabling connectivity to thousands of devices and other data sources.
1. Educate and communicate
The first step is developing a company-wide defense strategy that sets clear corporate standards and goals. Most large industrial companies are concerned about security, but do not have a clear view of their own operational shortcomings. Operations and IT departments must break their silos and come together to determine the criticality and vulnerability of site operations. By distinguishing areas of operational disruption and potential vulnerability, employees can then develop standards around cybersecurity and establish what the company defines as “trustworthiness” for a secure IoT effort.
2. Find the right partner(s)
Finding the right partner is key to creating a strong defense infrastructure for your IoT. Implementing a scalable security solution requires a partnership with software vendors who are open with their designs and work as a team with their customers. Proactive partners will monitor the domestic and international development of cybersecurity rules to ensure their solutions stay ahead of hackers changing attacks. They also recognize that the data they protect is vital to businesses’ success, and can integrate effective IoT security strategies without causing downtime.
3. Use proven technologies and standards
When evaluating industrial automation vendors, look for offerings that consider both security and innovation. A product with centralized security architecture (built into the core) and remote programming configuration is a good example of balanced best-in-breed technology and data protection. With these features, users can organize security permissions on channels, devices and tags based on the role of the user. By defining authorized users and assigning them to appropriate user groups, administrators can focus on roles rather than setting permissions for each individual. This ensures a secure solution with a smart communications layer that enables access only where it is absolutely necessary. For example, a manager must be allowed to monitor the system, but should not be allowed to control it.
Most importantly, IoT security solutions must be built on open standards and offer secure data tunneling capabilities. The OPC Unified Architecture open standard was developed to help streamline the movement of high volumes of data between the device and application layers. Solutions that have these protocols embedded at both the interface and user levels can help organizations better configure trusted relationships with various clients and servers across the industry.
More data, more problems … more options for control
We’re currently in the midst of a catch-22 agreement with IoT: as data becomes increasingly available, it also becomes increasingly vulnerable. With every new connection, there is a new potential point of failure or malicious breach. Honing your company’s ability to securely move information between software applications and hardware appliances is critical to any automated process. Operations, IT developers and IoT vendors have an important role to play in promoting best practices that ensure the industry becomes smarter about IoT security.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.