“The Industrial IoT (IIoT) provides manufacturers in all industries with greater connectivity that, in turn, generates valuable information and intelligence regarding operations,” says Alan Grau, president and co-founder of Icon Labs, a provider of security software for IoT-enabled devices. “This expanded network also opens up these newly connected devices to significant threats of cyberattack. As industrial facilities become more connected, hackers are getting more sophisticated, resulting in greater vulnerabilities and increased risk of devastating cyberattacks. Intrusion-detection—the ability to detect when hackers begin probing devices—is a critical first step to building a secure IIoT.”
Smart Industry: How is digital transformation/the IIoT changing security on the factory floor?
Alan: So far, it is not dramatically changing how we detect threats on the factory floor. And that is a real problem. Companies are starting to recognize this and beginning to implement solutions, but it is happening far too slowly. What is encouraging are the forward-looking companies that are beginning to deploy security solutions designed for the factory floor. These solutions recognize the protocols typically seen in these environments and can detect threats aimed at factory and industrial devices.
Smart Industry: Are hackers aware of the new vulnerabilities resulting from IT/OT convergence?
Alan: There have been several high profile cyberattacks against industrial control systems in the past two years. These include an attack against the Ukrainian power grid and an attack against a steel mill in Germany, so I think it is clear to say that hackers are aware of these vulnerabilities. They are actively working to exploit them, and in some cases are succeeding.
Smart Industry: Should intrusion-detection solutions be customized for each environment?
Alan: As new protocols and platforms are developed, the intrusion-detection solutions must be customized for the new protocols and potential new threats. Over time, standardized solutions will emerge. But getting there will take time and effort. Educating the market and getting buy-in is always a challenge for new solutions, but executives are much more aware of emerging threats than they previously were. They may not understand all the details, but they know they need to invest in security.
Smart Industry: What is encouraging about the IIoT in relation to cybersecurity?
Alan: Any time new solutions are designed there is the opportunity to address cybersecurity from the ground up. The explosive growth in IoT is generating new devices, new platforms, new protocols and new solutions. In many cases security is being addressed during the initial design phases. This provides a fundamental advantage over trying to “bolt on” security after a product is deployed. In the near term, many of the gains in cybersecurity are going to be from broader adoption of known technologies. There is a lot of great security technology available from things like hardware TPMs, TrustZone, secure boot, secure protocols, etc. But they have been inconsistently applied in the past. New products that take full advantage of these solutions will be far more secure than current solutions.