Product Security Glossary

Industrial IoT Security

What is Industrial IoT Security? 

Industrial IoT security is the principles and practices that are meant to protect industrial control systems that are connected in a network. 

What is the IIoT?

The Industrial Internet of Things (IIoT) consists of network-connected devices that can either monitor or control processes in an industrial setting.  These devices can be installed in power generation and distribution facilities, manufacturing facilities, or in the transportation sector.  Building Management Systems could also be part of the IIoT. 

What are the benefits of the Industrial IoT?

The Industrial IoT can help automate many processes that would had to have been performed manually before.  Monitoring devices can gather data about environmental conditions, manufacturing conditions, or traffic conditions, and provide instant feedback to ensure that things get properly adjusted for optimal workflow.  Other network-connected devices can accept data from the monitoring devices and make that adjustment without human intervention.  Industrial IoT security needs to play a role in this process. 

Why do we need Industrial IoT security?

The lack of proper Industrial IoT security could present many problems.  Obviously, poorly secured devices could allow bad actors to steal sensitive data that are being transferred between the devices and the device gateways.  Also, a bad actor could take control of a poorly secured device and manipulate in a way that could cause injury, death, or property damage.  What might not be so obvious, is that an attacker could take control of a device, and then do a lateral move into the rest of the corporate network. 

What are the challenges of Industrial IoT security?

The biggest challenge we face with Industrial IoT security is that there is no standardized set of manufacturing best practices for dealing with device security.  Many legacy devices run with outdated software and operating systems, and many are exposed to the public Internet. 

Industrial device networks can be very complex, consisting of many different types of devices, with different types of user interfaces and running different communications protocols.  This would make it hard to keep track of them and could also make it hard to perform even the simplest basic security tasks, such as updating device passwords. 

The final challenge could be the biggest.  It is that many personnel lack the knowledge and awareness that they should have about Industrial IoT security. 

How can we enhance Industrial IoT security?

First and foremost, device manufacturers need to start building security into their devices.  Adding security to a device that was not designed to be secure would be difficult at best, and impossible at worst. Security by design for IIoT includes, among other, insuring passwords are changed from default settings and strong, avoid unnecessary network exposure, and in line with best practices and standards.  The device manufacturers need to ensure that permissions are properly set, and that no user has a higher level of permissions than he or she needs.  The device manufacturers and user also need, jointly, to ensure that operating systems are up-to-date, and that security-related patches get applied as soon as possible. 

Personnel who manage industrial devices need to be trained to deal with industrial IoT security. There should also be an inventory system to help keep track of what devices are installed and where they are. 

Finally, larger organizations with a very large network of devices might consider purchasing the services of a Managed Security Service Provider. 

For a lot of reasons, Industrial IoT security is important.  Fortunately, there are things we can do to help make our industrial IoT as secure as possible.