Industry 4.0 and IoT pose new security challenges

Author’s note: The intelligence that forms this blog post belongs to Shaun Bligh-Wall, my brilliant colleague who in late June 2017 passed away from acute myeloid leukemia. For Shaun, the work of information security wasn’t just a job, it was a passion. He will be deeply missed and long remembered.

Shaun Bligh-Wall

While information security is always a bit of a moving target, enterprises have a reservoir of technologies and services to protect their operations. But a new business paradigm — Industry 4.0 — is introducing fresh challenges that could upend their defenses.

The Internet of Things (IoT) is at the heart of Industry 4.0, the latest industrial revolution powered by the digitization, data and interconnection of IoT sensors, devices and services — all integrated to enhance industrial value chains. Think smart factories, where sensors embedded in manufacturing equipment can monitor critical performance factors and analyze data as close to the network edge as possible.

Only actionable data is sent back so systems can efficiently identify signs of stress and potential failure. Replacement parts can be automatically ordered and maintenance teams deployed before an anomaly turns into a problem. There are plenty of other applications that make IoT technologies so compelling and Industry 4.0 so revolutionary.

There are also plenty of security challenges: lean, inexpensive hardware components that lack the processing power necessary for security mechanisms; pervasive connectivity via the Internet Protocol (IP) and cloud computing; a new pool of workers not necessarily accustomed to information security protocols; and few standards to guide the IoT industry and hold its producers and consumers accountable.

The fundamental value of IoT comes from the data it produces and an organization’s ability to analyze and take action on it, but digitizing the manufacturing business and leveraging all that IoT has to offer won’t be cheap. There’s little room for missteps. That makes mitigating the new risks and vulnerabilities IoT introduces all the more precarious.

Safety first

The good news is building defenses for Industry 4.0 draws on a number of existing security disciplines, including IT security for protecting information systems; physical security to protect buildings, offices, facilities, etc.; and operational technology security to protect systems for plant automation and environmental monitoring systems. Combining a sound digital security strategy, comprehensive design and robust technical controls is key. It is important to acknowledge and address the business and technical risks IoT poses, but the industry also needs to deal with safety issues up front.

The industry needs to determine how to deal with the limited processing power and storage capabilities of IoT devices. Because data is overwritten on the device or transferred to external systems frequently, the traditional digital forensics approach of isolating or disabling the device is problematic. Some devices, such as those functioning on an oil rig, cannot simply be disabled without significant impact to the company and its employees.

Also, the highly-distributed nature of IoT deployments will make the process of identifying and containing the source of a breach difficult. The challenge is how best to identify a breach when and where it occurs and, more importantly, how to respond to and recover from it.

Organizations will need to turn their attention to educating and training workers who, unlike office workers, haven’t had to think about information security as much in the past. Security governance, risk and compliance management must embrace this new dimension.

Standards needed

Perhaps the most pressing challenge is the lack of standardization when it comes to IoT security features. While traditional computers tend to use standard operating systems and software and can be secured using tried and tested methods, sensors and other IoT devices are not yet governed by a common set of software tools and applications.

The problem is compounded because most IoT devices today make use of the standard Internet Protocol (IP) to communicate with other devices and the outside world. Using standard networking protocols with insufficient security controls to protect data means many IoT devices are vulnerable to attack. There is standards work underway, but much still needs to be done.

The bottom line is that the industry is excited about potential rewards offered by IoT. Already there are billions of IoT devices deployed. And while it is early stages, Industry 4.0 is here. Following existing principles will go a long way in protecting IoT devices and securing Industry 4.0.

To learn more, read the white paper, “Industry 4.0: Security imperatives for IoT — converging networks, increasing risks.”


Rhodri Davies is security and service operations architect for Managed Security Services at DXC Technology.

 

 

 

RELATED LINKS

IoT devices: Security and privacy before you hit ‘okay’

An Internet of Things (IoT) primer

IoT spending increases as strategies mature

 

Trackbacks

  1. […] Industry 4.0 and IoT pose new security challenges […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: