The Fourth industrial revolution has unleashed a myriad of opportunities for organisations eager to leverage a new generation of connected Industrial Internet of Things (IIoT) devices and reap the rewards of enhanced data sharing, operational efficiencies, and productivity, says Trevor Daughney, vice president of product marketing at Exabeam
Around the globe, cities are deploying innovative
‘smart’ technologies to connect everything from power grids to transport
infrastructures in a bid to improve the quality of citizens’ lives. Healthcare
is another sector that’s quickly adopting IoT technology to streamline care
delivery and give patients more control over their treatment. Meanwhile,
manufacturers are rapidly upscaling their smart factory investments, utilising everything
from programmable logic controllers (PLCs) and embedded systems to IIoT
devices in their production facilities.
As a result, connected operational
technologies (OT) are rapidly becoming the backbone of modern commercial
automation solutions, business operations and critical infrastructure. However,
the rapid proliferation of such devices has opened the door to external
security threats.
Indeed, a recent 2019 study by the Ponemon Institute reveals how OT environments used to run critical utilities like electricity and water are now top targets for cyber attackers looking to cause “severe” damage. With 54% of utility companies saying they expect an attack in 2020, the digitalisation of OT assets represents a clear and present danger when it comes to protecting critical infrastructure and initiating cyber resilience that works.
Similarly, according to a recent smart factory report by Deloitte and MAPI (Manufacturers Alliance for Productivity and Innovation) cyber threats now represent a growing menace for manufacturing companies looking to converge IT and OT across their operations.
The trouble with digital transformation
Until recently, the risk posed by the
adoption of IP-based connectivity in industrial environments was largely
overlooked. In the past, legacy control systems had specific functions and were
often unconnected to other systems, which made attacks unlikely and difficult
to achieve. This complacency resulted in the rise of the notion that industrial
assets are immune to cyber attack if they are isolated from the Internet or
other vulnerable corporate networks.
However, the infamous Stuxnet worm attack carried out on an Iranian nuclear facility proved a major wakeup call for industrial enterprises across a range of industries. Designed to bypass standard network security programmes, Stuxnet reprogrammed nuclear centrifuges to perform cycles that resulted in them disintegrating.
It was an attack that demonstrated how adopting IP-based connectivity between industrial systems also results in increased exposure to highly complex and sophisticated cyberattacks. Simply put, IIoT devices often have native integration with IP networks. While this helps to streamline operational tasks, it also means that everything else that’s connected is now a vulnerable soft target for global cyberthreats – in much the same way as standard IT devices.
Mind the security gap: the IT and OT
disconnect
It’s not just IIoT devices that are being
exploited within OT systems. Historically, cyberattacks have targeted IT assets
that enable business operations, like computers and mobile devices, for data
theft. However, cyberattacks against IT devices – including networks and
systems that transmit or distribute power to an OT system – can be triggered to
hijack the control systems that operate critical infrastructure. The result of
such hacks will be physical damage, widespread outages, and the loss of
operational data.
This poses a significant challenge for
organisations where IT and OT leaders have, until now, operated in independent
silos. A less than ideal scenario if organisations are leveraging IoT devices
that need to be integrated to – and then managed – using existing IT network
infrastructures.
The growing convergence of IT and OT
security means every organisation needs to gain an integrated overview of global
security aspects and vulnerabilities in a bid to prevent infiltration that
could result in the destruction of critical infrastructure or data loss.
It’s time to apply industrial cyber
security
From the automotive industry to smart cities and big pharma, organisations with IIoT and IT devices within their OT systems need to evaluate exposure and maximise their ability to quickly detect, respond to and mitigate attacks. However, providing device security can be challenging – especially since IIoT and IT devices are inherently different, and IIoT devices were never designed to integrate with security management tools. In my next article, I’ll explore these challenges together with the frameworks and solutions that organisations can apply to achieve industrial cyber security that works.
The author is Trevor Daughney, vice president of product marketing at Exabeam
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
Leave a Reply