1660343750721 Tomgilheanyfinal

Securing IIoT networks: Will you meet the challenge?

Jan. 22, 2018

In rush to connect systems, many are overlooking security. 

There’s tremendous opportunity for operational technology (OT) and information technology (IT) professionals right now, thanks to the digital shift. For business and project leaders, the key to success is understanding the complexity of Industrial Internet of Things (IIoT) networks and accompanying security risks and requirements.

Cisco Services' Tom Gilheany

This understanding presents real career potential for every IT and OT security professional who can get their arms around this new paradigm.

Information and operational technologies are merging.  We know this. Industrial networks are interconnecting with enterprise networks. We know this, just as we're aware of the massive surge in the number and type of connected devices and machines.

Amid this digital shift, eliminating security obstacles is more important than ever.

Security: the foundation for Industrial IoT success

The vast potential of this digital transformation is tantalizing, certainly. The IIoT presents a security challenge on a scale never seen before. At the same time, securing the IIoT opens the door for digital innovation and exciting new career paths.

Understanding what the IIoT consists of and the environment it operates in will make its security challenges much more obvious. IIoT leverages the power of IP networking to connect industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems with enterprise business logistics. Inside all of these components is technology that enables each one to interact with the others, pick up intelligence about the external environment and share it with people.

Where the IIoT really moves into security overdrive, in a manner of speaking, is in all of the machines that are (or could be) connected. This list has no limits. It includes car and truck engines, wind turbines, boat engines, cargo shipping containers, robots, additive (3D) printers, oil drills and more. 

The IIoT’s sheer complexity, diversity, and potential size, plus the critical nature of many of these connected machines, make security a tremendous challenge that calls for a new breed of cyber heroes.

How do you keep all of these networked things safe from hackers? Every component and every connection is a potential vulnerability. And in some instances, security breaches can be matters of life or death. (Consider hospitals being taken offline by ransomware.)

Suppliers of specialized industry equipment are pushing to connect their business systems to more quickly take advantage of new capabilities. In the rush, many are doing so without a security background or without fully understanding the security implications of how their new, connected devices and sensors affect the overall security of the organization where they’re being installed.

As a result, security issues in newly networked/connected equipment can shut down whole factories.

This new manufacturing industry requires new skills

Imagine a highly autonomous assembly line. The production line can automatically reconfigure and optimize itself and produce, at scale, customized products in custom-sized batches, with full tracking and connectivity to sales and ordering systems, ERP systems, WIP inventory, supply-chain systems, and delivery and order-tracking systems. Machines that use robotic vision and AI can execute intricate processes in tandem with collaborative robots working alongside human beings.

This technology setup demands not only multiple skill sets but a breadth of skills across silos and specializations. The result is a whole new category of technology professional, one that understands the interconnectedness of IT and OT and recognizes that the IIoT is really about digitizing business processes far more than it is about digitizing things or their connections.

The new breed of engineers, network specialist, application developer, data architect, UI designer and business person must talk to and understand each other’s role for the IIoT to work.

Likewise, to secure the IIoT, it’s crucial that IT and OT professionals know IIoT standards along with machine protocols. It’s also important that they know how to bolster existing control systems, which were not originally designed to be connected to enterprise networks, but are now in the connected factory.

Finally, it’s essential that these professionals possess general cybersecurity skills. Among these are the ability to:

  • Analyze networks and systems for potential vulnerabilities
  • Spot intrusions, leaks, or data breaches quickly, preferably as they happen
  • Stop incidents and repair damage to network or system integrity
  • Develop secure software to thwart future cyber-events
  • Identify, quantify, and mitigate cybersecurity risks to system availability, integrity and confidentiality. This may include applying security patches to equipment, as well as utilizing other security controls on equipment that cannot be directly patched against an identified vulnerability.

The upshot to all of this? Huge career opportunities for those with hands-on training in the right IIoT security fields, along with professional certifications to demonstrate validity of those skills.

Will you rise to the challenge?

The IIoT provides the opportunity to advance a career by obtaining the skills organizations need now, while also making work more engaging and productive.

The tricky part is that many OT professionals are not sure how to identify which skill sets or certifications they need. As a result, almost one-third (31%) of major global corporations reported that they face an IIoT skills gap. These organizations also said they need new technical skills (51%), better data integration and analytics capabilities (41%), and the ability to rethink business models (33%).

Will you be one of those to fill this talent gap? Will you obtain the right security skill sets? Will you keep your skills updated as technology and processes improve over time?

You will benefit from being trained and certified to take advantage of the IIoT career opportunities that open up as organizational boundaries fade away.

Tom Gilheany is portfolio manager of security training and certifications with Cisco Services.