We can’t stop talking about the connected industrial future.
From mining to energy to manufacturing, connected, smart networks have been deemed the pinnacle of industrial innovation. It’s for good reason––more connected devices mean greater potential for improvements in safety and efficiency. But this excitement around the next industrial revolution must be met with a level of caution that we’re neglecting today. From state-sponsored hacks to employee carelessness, there is endless potential for things to go wrong with connected networks and hundreds of examples of times when they already have. Cyberattacks are increasing annually and are prevalent in industries where the impact can be dangerous environmentally, cause physical harm, or lose companies millions of dollars.
As it stands, 48% of companies employing IoT devices don’t have systems in place to recognize when a hack has been attempted, or even when one is successful. And another 62% of companies believe their security is not adequate. As industries move toward a connected future, adequate, continuously updated security is the only way we’ll be able to make sure that the benefits outweigh the risks across industries.
The ideal solution? Distributed security enforcement specifically built to facilitate and universally secure the ever-more diverse mix of IoT and legacy applications/devices.
Decentralized systems need decentralized security enforcement
Enabled in part by the speed and bandwidth of advanced network capabilities, IoT devices across industries are set to rise from today’s 23 billion to 75 billion in 2025. As it stands, a single hack on an industrial system can take out hundreds (if not thousands) of devices, including critical systems. The centralized and/or firewall-based security solutions currently in place are not designed to handle the scope nor the complexity of evolving operations. Many existing models have a single choke point at the center of everything. Once a hacker gets in, the center can be taken down almost immediately, so we need to distribute information, data and control to protect it.
Instead of creating a game of capture the flag for attackers, we need to force them to go on an Easter egg hunt. One successful hack cannot mean control over an entire system.
For distributed, autonomous, any-to-any, device ecosystems, it’s essential to have decentralized, distributed security enforcement to match the structure of the interactions. Decentralized enforcement enables system operators to access and control large geographic areas, and thus hundreds of thousands of controllers, sensors and meters, while facilitating secure addition/removal/control of resources.
Instead of interacting in real time with a centralized security hub, the equipment, devices and applications cooperate locally to protect themselves. In multi-vendor and multi-application IoT systems, decentralized enforcement enables smart devices and applications to cooperate securely.
To create decentralized security enforcement, you need a decentralized security platform. One example is blockchain, which is distributed by nature, making it a uniquely suited approach for decentralized, any-to-any IIoT security enforcement. Blockchain further solves a major issue for industrial-control systems that are evolving to incorporate the efficiency of many-to-many interconnectivity and 5G— maintaining security while continuing to add smart devices. Blockchain can be used to create a security foundation at the industrial edge, enhancing security with every node added to the network.
A universal approach
The next step in securing systems end-to-end and enabling a fully connected future is ensuring that all devices are secured, no matter their level of modernity. Connectivity inherently means speed, and coupled with the constant growth in the number and variety of devices, we’re utilizing more bandwidth to transmit more information and data than ever before. We need solutions that extend protection to the millions of currently exposed devices and legacy control systems, while also being adaptable and flexible enough to secure billions of future devices built with emerging technologies.
In the past, industrial operators restricted central access and minimized the risk of unauthorized access to physical and digital systems by isolating control devices and systems on separate networks. However, this “air-gapped” or network-isolation-based approach is no longer realistic, given the draw for industrial operators to connect previously isolated assets (and the data they house) to applications running elsewhere across the industrial edge and in the cloud.
Isolation is no longer a viable solution for companies that want to adopt IIoT at scale and enable next-generation operations through connectivity.
Combining the aforementioned decentralized, blockchain-based enforcement approach on individual devices and controllers is the best way to approach this security risk posed by connected legacy and next-generation devices. This solution ensures maximum security by resolving over-reliance on a network-level-only approach.
Recently we determined that a solution for universal security also means providing universal access to individuals working with other, less-advanced connected and IoT devices. As it stands, however, much existing equipment has only device-specific, unmanaged password protection, or no password protection at all. By implementing role-based access control and single sign-on for every device, application and data-stream, companies can enable universal security and ensure that individual devices—when compromised—are isolated, maintaining the efficiency and safety promised by the IIoT. Plus, role-based access control means that devices can be accessed securely from afar, improving human safety, and promoting efficiency that boosts the bottom line.
Our need for speed and our eagerness for many-to-many interconnectivity (including 5G) must be met with adequate security measures that support all the interactions of our IoT devices.
As we move into an increasingly connected world, innovation should mean safety and security. It doesn’t, yet, but we have the tools and solutions to help us reap the benefits promised by digitization across industries. Businesses need to approach security holistically, and remove operational complexity to limit potential shutdowns. Then, and only then, can we enable the connected, digitized industrial future we envision––with comprehensive security solutions in place for all networks, no matter the industry.
Duncan Greatwood is CEO of Xage.