Why ICS IoT Systems Need Enhanced Security

Without secure IoT solutions in place, the industrial landscape may struggle to fully leverage the benefits greater connectivity can deliver.

Mnet 193810 Cybersecurity

There’s power in increased connectivity.

From the availability of real-time information to more efficient, intelligent operations, the proliferation of the Internet of Things (IoT) is changing the way industrial control systems (ICS) operate. And this year, nearly 60 percent of global manufacturers will identify opportunities for optimization based on data and analytics gathered from these connected devices, according to the International Data Corporation.

However, manufacturers looking to harness the power of IoT are ushering in more than just increased efficiencies.

Mounting cybersecurity risks pose a significant challenge to ICS IoT ecosystems. With more connectivity options comes more threat vectors. Cybercriminals are taking advantage of a lack of industry know-how surrounding the IoT and the rising number of connected devices with various processing capabilities available to target these increasingly connected ecosystems.

Without secure IoT solutions in place, the industrial landscape may struggle to fully leverage the benefits greater connectivity can deliver.

Assessing the Threat

In today’s digital world, no industry is immune to cybercrime.

In fact, damages from cybercrime are expected to cost global businesses more than $6 trillion annually over the next five years, Cybersecurity Ventures confirmed. When it comes to the manufacturing industry specifically, one in five manufacturers reported a loss of intellectual property as a result of cyberattacks. Couple that with the fact that 8.4 billion connected things will be used worldwide in 2017, and the need for cybersecurity safeguards for ICS’s becomes more critical.

Those looking to gain access to and exploit ICS IoT ecosystems have a wide range of tools at their disposal. Social engineering is often successful and can take many forms, introducing active malware or passive traffic monitoring, cybercriminals can cause a wide range of disruptions. An unsecure digital infrastructure enables attackers to not only gain access to control systems, but possibly cause physical damage, safety and compliance issues, industrial espionage or even financial loss due to downtime.

Well-known malware threats have initiated what some describe as global cyberwarfare — launching cyberattacks that result in power outages, banking credential theft, software self-destruction and the infection of control systems globally. Last year, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) updated its alert on the ongoing sophisticated malware campaign, BlackEnergy, which has targeted numerous ICS environments since 2001. The Industroyer virus was later responsible for electricity grid outages in Ukraine, and designed specifically to target industrial control system hardware, the first of this level of targeted sophistication since the Stuxnet virus.

As ICS environments become increasingly connected to the internet, the threat to privacy is also a major concern. Security breaches can expose proprietary company information, such as patents, designs and formulas, and valuable employee data to unauthorized individuals. 

The Right Fix

While the integration of IoT opens the door to cybersecurity vulnerabilities within ICS environments, manufacturers are not always aware of the severity of the threat. Despite the potential losses and damages from cyberattacks, just one-third of companies surveyed by Sikich for its annual Manufacturing Report conduct penetration testing each year.

The lack of cyber protections and vulnerability screenings can be detrimental to a manufacturer’s long-term growth and increases the risk to operational processes. As more sensors, backend platforms and devices are digitally connected, manufacturers face the challenge of securing the complex ecosystems in which they reside.

In order to establish and maintain a trusted IoT environment, security solutions must be able to deliver on safeguarded connections across trusted people, applications and devices. Securing the connectivity of systems is key. The types of security platforms required by manufacturers must provide ways to safely collect and transmit data throughout manufacturing plants or other industrial facilities.

With increased transparency and the ability to deliver secure data outcomes, these cyber defenses can empower organizations with trusted identities and secure transactions. But it doesn’t end with identity and device security. IoT security solutions must also be scalable for evolving ecosystems and able to authenticate new products and services.

For manufacturers, the elimination of data silos is also important. Though industrial environments are often considered isolated from a communication standpoint, increasingly connected manufacturing systems are changing this perception. IoT has the ability to break down the barriers to connectivity, interoperability and mobility, which means protecting this increased attack surface is vital. Therefore, industrial organizations are in need of IoT security solutions with greater authentication capabilities, as well as proficiency in safeguarding data flows.

The ultimate goal of increasing IoT presence within ICS ecosystems is greater efficiency — but without the necessary security protocols and systems in place, the risks of connectivity can quickly outweigh the advantages. By leveraging security solutions that add value and enable optimization, manufacturers can safely transform themselves into digital businesses that deliver trusted products and experiences.

Josh Jabs is the vice president of PKI and IoT solutions at Entrust Datacard.

More in Cybersecurity