The challenge of protecting industrial IoT

How will organizations protect interconnected environments?

by Matt Hamblen

The Industrial Internet of Things (IIoT) is a segment of IoT that demands the attention of security officers and CIOs – and with good reason.

The consequences associated with cyber-attacks on water supplies and power facilities could be dire. Inside every manufacturing plant, aboard every oil rig, and near most any large municipal water facility, thousands of devices control a variety of functions and help protect the safety of products and personnel.

In recent years, older devices have been updated or supplanted with smarter IoT sensors (increasingly running over wireless networks) that provide more functionality and more intelligence – but they also broaden the threat landscape. Industrial sensors and devices will constitute a substantial portion of the 45 billion IoT devices expected to be in use in 2023, according to Frost and Sullivan.

In industrial settings, operational technology (OT) and information technology (IT) are coming together, as IT shops deploy software on top of OT communications to try to improve the efficiency of a plant or facility. This IT/OT convergence means that the potential impact of a security breach can extend well beyond data loss into areas of physical and human risk.

For example, a hacker could use a shop floor network to invoke malicious commands, disrupting the behavior of assembly line robots or processes that cause safety risks, violate protocols, or result in expensive downtime.

A single cyber-attack on an oil and gas plant costs an average of $13 million, according to Frost & Sullivan. In a worse-case scenario, a hack on a city’s water district could change the mix of chemicals being used to purify water. Cyber-criminals could target smart power and water meters, or a city’s network of smart traffic signals.

Education comes first

With so much that can go wrong, plant and other industrial facility operators need to understand these new types of cybersecurity threats and their potential impact on physical operations.  The biggest challenge for industrial companies is knowing where to begin with the adoption of cybersecurity. There are many moving parts for the intelligence on the OT side, and downtime is not an option.

Part of the education process involves bringing OT and IT teams together to collaborate and build trust with one another in order to find technology and processes to guard against threats.

A next step is working with auto-mapping and identification software to learn which devices are most vulnerable on the plant floor, or distributed throughout a water, power, or traffic network. It’s critical to assess industrial controllers such as:

  • automation systems
  • batch control systems
  • production control servers
  • printers
  • OPC (Open Platform Communications) systems
  • SCADA systems
  • peripheral devices
  • cameras and other sensors

Attacks with Meltdown and Spectre methods have heightened the need to know which controllers are vulnerable.

Another critical protection measure is intrusion prevention software that is tuned to operate with the multitude of endpoints found in a manufacturing facility. The software needs to be scalable and it must understand industrial protocols related to such things as human-machine interfaces (HMI) and programmable logic controllers (PLCs).

When securing industrial equipment, context is important – meaning that intrusion protection algorithms must understand anomalies such as a temperature drop or an atypical movement of a robotic arm, for example.

To learn more about how to protect IoT environments, visit the AT&T IoT security page.

Matt Hamblen is a multi-media journalist covering mobile, networking and smart city tech. He previously was a senior editor at Computerworld.