Guest post by Sam Bocetta!
Sam is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.
The Industrial Internet of Things (IIoT) can be a powerful tool for increasing efficiency and production in industrial systems. By connecting machinery to sensor and control networks, it can allow engineers and managers a far greater level of visibility and control than was previously possible, and can greatly improve manufacturing operations. Interconnecting these machinery and sensors is crucial to obtain the value of real IIoT setup.
Like all connected systems, the IIoT is also vulnerable to cyberattack if these interconnected devices are available over the internet, and this risk must be planned for right from the implementation stage.
Connectivity is Risk
When interconnected industrial machinery and/or sensors available over the internet, they are as much as risk prone as your laptop or phone connected to the internet.
Two main risk factors when it comes to IIoT security are:
1) Attack Surface area
As more and more components are connected into a single system, it becomes easier for hackers to compromise the system. This is known as ‘surface area’ among cybersecurity professionals. This risk is particularly acute for IIoT systems, however, because this kind of connectivity is precisely what makes IIoT solutions valuable.
2) Impact on operations
When IIoT systems were directly connected to the internet to share information between sites or users, due the attack surface area being whole plant or combination of plants, the disruption it causes will be widespread.
The IIoT is essentially an extension of the ideas that underpin IoT. And, just as IoT devices have been hacked many times, IIoT systems are vulnerable to intrusion. These hacks might not make the news as frequently as those affecting consumer devices, but they can be just as damaging.
Take the recent Trisis attack as an example. This incident involved hackers shutting down industrial operations in the middle east by targeting Schneider Electric’s Triconex safety instrumented system. Though certainly important, this attack is only the latest in a series of industrial hacks: last year, Russian hackers managed to shut off power to large regions of Ukraine by gaining access to the control systems of many utility companies.
Know Your Network
When it comes to avoiding cyberattacks, there are several principles that can be applied at the implementation stage.
The first, and most important, is to design these systems as an integrated whole, and to have one point of responsibility for them. Part of the problem with IIoT systems has been that maintenance typically sits between several staff groups, with no-one having an overview of the entire system. Engineers will know, for instance, that “their” control systems are sharing data with performance management systems, but will often have no idea how this is done. The same goes for management staff, who often do not get involved with installing sensors.
The best time to avoid this issue is at the implementation stage. One staff member (or one team) should be given overarching responsibility for all aspects of IIoT, and should know exactly how each part of it works.
This also allows IIoT teams to have an overview of the system as it develops, and – crucially – to plan and manage connections between components. This means they can use certain VPN protocols to securely connect each and every node on the network, and to manage information sharing between multiple sites.
After securing endpoints, IIoT teams need to employ good Network Monitoring and Alerting tools to continuously monitor any changes in usage patterns within the IIoT network.
While we are discussing implementation here, though, this advice also holds for systems that are already in place. By designating an IIoT lead, and allowing them to develop expertise in every part of the IIoT system, you can be sure that at least one person has an overview.
Another important principle when it comes to designing and implementing an IIoT system is segmentation. Segmenting your network can help to protect you against the most common types of cyberattack, because it prevents attackers from moving between the different parts of your system.
There are several approaches you can take to segmentation. One of the simplest is to insulate your machinery and industrial sensors from the wider internet. If you are working in just one site, this can be a powerful, catch-all way of insuring that no external actors can gain access to your operational systems.
That said, if you are working across multiple sites, and want to connect all of these into one IIoT network, an internet connection is going to be the only practical way to do this. This, however, needs to be done carefully. Many legacy industrial systems were never designed to be connected to the web, and have little (or no) protections in place. Connecting these legacy systems to an outside line, without putting extra security in place, can potentially open up your entire network to hackers.
The solution is often micro-segmentation. Think carefully about which systems actually need to be connected to the web, and don’t connect those that don’t. It is probably necessary, for instance, to connect the sensors from a pump (for example) to performance management systems that are used at a managerial level. But the control systems for that same pump definitely don’t need a web connection.
As much as segmentation helps in isolating the impact, having monitoring tools which can aggregate data across the segmentation and present a unified user interface to monitor your entire IIoT infrastructure will make the IT team life easier in monitoring and managing the segments.
Get Ahead of the Curve
This is a key time for IIoT systems, because many companies are only just beginning to use the technology. Early adoption can bring huge benefits for manufacturing companies, but it needs to be done in a secure way.
Taking the time to plan security into the implementation stage and implementing proper IIoT infrastructure monitoring solutions like Sightline EDM (award-winning performance analytics platform) , will ultimately save you a lot of time and money. Retro-fitting systems with extra security measures can be time-consuming, and potentially require manufacturing shut-downs. And this is to say nothing of the consequences of a cyberattack, which can disable industrial machinery for weeks.
So if you’ve just started to plan your IIoT network, take our advice: integrate cybersecurity into it from the earliest possible stage.