Understanding The Cybersecurity Risks Of IIoT Machines

With each passing year, new technologies make us all more mobile, flexible and productive. Unfortunately, that level of convenience comes with elevated levels of risk.

Sep 28, 2017
Mnet 191858 Cybersecurity 1
Megan Ray NicholsMegan Ray Nichols

With each passing year, new technologies make us all more mobile, flexible and productive. Unfortunately, that level of convenience comes with elevated levels of risk. Nowhere is this truer than in the ongoing rollout of the Industrial Internet of Things, or IIoT.

The Risks and the Rewards

The potential rewards of embracing connected technologies in industry are clear. Networked devices help us learn more about the work we do and let us identify easier and more efficient ways to do it. Businesses have always generated large quantities of data, but the IIoT makes it more actionable by connecting each business process to the others. We can identify waste and opportunities and generally make better use of our time and resources.

It should go without saying, but connecting a panoply of physical objects to each other and to the internet, all at once, comes with certain expectations of risk — some of them very serious. If you haven’t yet familiarized yourself with the 2016 attack on Dyn — along with its fallout and implications — you should start now, because as things stand, the IoT and IIoT are veritable wild wests when it comes to avenues for attack.

Dyn provides an all-important service in helping direct internet users where they need to go whenever they type a URL into their browser. When attackers turned literally hundreds of thousands of unsecured IoT devices against Dyn, they brought major internet services to their knees, including The New York Times, PayPal, Netflix, Spotify, Twitter and many others. It was, at the time, unprecedented — and it’s only the beginning.

That’s scary, particularly when you start reading some of the predictions about the expected applications and massive rollouts of connected devices all across industry. Those in the know already see its potential and predict networked devices will be absolutely vital — not merely optional — if companies want to realize and maintain growth into the future. Accenture Technology is one such voice, prophesying that the IIoT will help bring about a new era of innovation and efficiency — along with untold potential for revenue growth.

What does this all mean? To put it mildly, it means you need a plan.

How to Protect Your Business in the Era of Ubiquitous Computing

No industry lives by the credo “time is money” quite like manufacturing. If your organization is forced to shut down manufacturing for just a single minute, it could cost you more than $1,000.

Again, we’re still figuring out just what this IIoT technology will look like when it’s safely scaled to suit industry and manufacturing. Even now, though, there are some basic things you can do to ensure your company and its assets stay safe as you ready your processes and workflows for IIoT adoption. Here are three of the main ones to consider.

No. 1 - Take Authentication Seriously

Start with the basics. If your company depends on a network with multiple users logging on and off throughout an average business day, there are absolutely no excuses for not taking authentication seriously. Ignoring this central tenet of cybersecurity is perhaps the best way to paint a big target on your IIoT devices and networks.

Pay attention to the credentials required for users to log on to computer terminals, hand scanners and any other connected devices you use in your facility. These machine-to-machine (M2M) networks are only as strong as their weakest link, which in too many cases is exceptionally weak.

Some industrial technology in the IoT realm comes with credentials literally programmed into the device. This is a strong security measure and should factor into your decision next time you need new equipment. In other cases, authentication — including proof of identity, passwords, physical keys, etc. — is quite up to you. So take it seriously.

You shouldn’t have unsecured devices on your network. Each time someone attempts to access your network, there should be measures in place to ensure they are who they claim to be. These include passwords, obviously, plus two-factor authentication and, in some cases, physical credentials like RFID-equipped badges or keys. The most secure networks will use some combination of these to comply with the immortal security mantra of something you have and something you know.

No. 2 - Created Siloed, or Segmented, Networks

The cascade failure we witnessed during the attack on Dyn wouldn’t have been nearly as bad if the networks leveraged by the attackers had made use of segmented architecture.

What this simply means is that your network is broken into discrete subnetworks. Whereas you used to have a single network in which each connected device interfaced with each of the others, network segmentation means that if one subnetwork falls victim to a third-party attack, not all your assets become vulnerable in turn.

Don’t worry if that sounds a little intimidating — best practices and regulatory guidance are available to help you through it. It’s also worth noting that segmenting your network in this way is difficult and perhaps impossible if you don’t actually know how many, or which types, of IT assets your network actually contains. If you don’t currently perform regular inventories of your connected technologies, it’s time to start.

No. 3 - Follow Existing Best Practices for Cybersecurity

Experts predict we haven’t seen the last of these kinds of widespread attacks on IoT, IIoT and other types of connected devices. For this reason, it will pay off in a big way to know your level of risk before you make too many sweeping changes.

Those same experts indicate that companies that do business in the energy and utilities, finance, health care and public sectors are most likely to be targeted. That’s not to say everybody else can breathe easy, though.

The best news is that cybersecurity experts aren’t really prescribing too many brand-new or prohibitively expensive security fixes to head off these kinds of attacks. Instead, they say, simply getting serious about adopting existing standards and best practices and staying informed about new developments is a great start to really protecting yourself. Dismaying polls reveal that a majority of companies out there today aren’t prepared for a widespread attack on their networks — so make sure you stand in that proud and hopefully ever-larger minority.

Thankfully, simply bringing existing network infrastructure into compliance with modern standards and adopting existing security controls should help harden the networks used in even the most heavily targeted industries.

Megan Ray Nichols is a freelance science writer. 

Latest in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
May 1, 2024
Manufacturing
Tech Trends to Watch in Manufacturing
May 7, 2024
General Cyberattack
CISA, FBI Release Secure by Design Alert
May 3, 2024
Financial Cyber
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Related Stories
Cybersecurity
Cybersecurity
New Siemens Software Automatically Identifies Vulnerable Production Assets
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
All-In-One Manufacturing Management
Sponsor Content
All-In-One Manufacturing Management
More in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
Acumatica looks to offer new solutions.
May 1, 2024
Manufacturing
Cybersecurity
Tech Trends to Watch in Manufacturing
AI is at the forefront.
May 7, 2024
General Cyberattack
Software
CISA, FBI Release Secure by Design Alert
The two agencies are urging manufacturers to eliminate directory traversal vulnerabilities.
May 3, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Video
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Video
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024