Tips on tackling cyber-risk in a new era of IoT everywhere

April 21, 2021
The future of industry will inevitably be smart. But it also needs to be secure.

By Phil Beecher, president and CEO of Wi-SUN Alliance

The Internet of Things (IoT) is making factories smarter and more productive, offering consumers countless ways to improve their digital lives, and ushering in a new era of smart cities. That’s the kind of promise that will drive double-digit market growth to reach a value in excess of $1.3 trillion in global revenue by 2026.

But with all the expectation there is accompanying cyber-risk.

IIoT stakeholders must therefore think carefully about the connectivity ecosystems with which they align. The focus throughout must be choosing open, standards-based systems that prioritize security, interoperability and robust, internet-based protocols.

Digital transformation means new risks

According to a Wi-SUN Alliance study, security and privacy (21%) was cited by IIoT stakeholders as the second\-biggest perceived challenge to smart city success, after cost. Respondents were particularly concerned about data privacy (37%), critical infrastructure attacks (28%) and network vulnerabilities (24%).

They are right to be concerned. There have been well-documented warnings in recent years about cyber-threats to Industry 4.0 organizations. As manufacturers and industrial-facility owners leverage IIoT to streamline business processes, enhance efficiencies and boost output, they also become more exposed to remote attacks. Poorly segmented networks, use of insecure communications protocols, vulnerable devices and an outdated reliance on security-by-obscurity all create cyber-risk. One vendor last year claimed to have detected a 100% year-on-year increase in infected devices on wireless networks.

Such threats can result in sabotage, denial-of-service, business owners held to ransom, and even data theft, if vulnerable IIoT endpoints are exploited to access corporate networks.

Securing the network

Efforts to mitigate these risks should focus on the network. Security here begins with how devices are authenticated when they join. Unique device certificates embedded in each endpoint are the best way to overcome password compromise of the sort we saw with the infamous Mirai botnet campaigns.

If device firmware is signed in this way, then operators can be sure that only legitimate, untampered hardware can connect to the network. If devices are found to contain vulnerabilities, then over-the-air (OTA) updates are an important feature to ensure continually optimized security. These can not only seamlessly fix any bugs, but also update the relevant certificates.

Another useful security feature is the frequency-hopping capabilities you can find in some mesh networks. Mesh options in any case reduce the performance and coverage issues that sometimes affect star networks. But with frequency hopping, they offer an added bonus: making signals extremely difficult for an adversary to jam, which mitigates the risk of sabotage or denial-of-service extortion.

As mentioned, security-by-obscurity approaches linked to proprietary tech have largely been discredited today. Instead, the future of IIoT and smart cities is with open, interoperable standards. Align yourself to these and you get proven technology optimized for security and reliability.

That’s the value of our Field Area Networks (FAN) communications protocol for IoT networks, which is able to securely manage wireless devices (and certificates) on a massive scale. And because it’s built using internet technology, like IPv6, it benefits from the robustness, fault-tolerance and stress-testing that embody these protocols. This also means it supports the same device management and third-party security tools (such as intrusion detection) that you would find on a regular enterprise network.

The future of industry will inevitably be smart. But it also needs to be secure.