Building Trust and Security in the Evolving IIoT Landscape

  /  ICS Security   /  Cybersecurity   /  Building Trust and Security in the Evolving IIoT Landscape
cybersecurity

Building Trust and Security in the Evolving IIoT Landscape

In the evolving landscape of the Industrial Internet of Things (IIoT), cybersecurity has become a critical concern for manufacturers. The increased connectivity of industrial environments exposes Operational Technology (OT) to significant threats, particularly from supply chain attacks. Ensuring the security of connected devices is paramount as operators heavily rely on the security practices of their vendors. This article explores the importance of building trust and security in the IIoT landscape, emphasizing the need for robust security frameworks, code authenticity, and industry collaboration.

Supply chain attacks pose a significant threat to manufacturers’ Operational Technology (OT) environments. As connectivity expands in industrial settings, the security of connected devices becomes paramount. Operators rely heavily on the security practices of their vendors, making the choice of vendor a crucial decision. This reliance extends to the code running on the device, the underlying hardware, and the methods used to secure connections.

Product security in the realm of Industrial Internet of Things (IIoT) devices hinges on several key factors. Ensuring the authenticity and integrity of the code running on these devices is paramount. Code signing emerges as a critical practice, though it remains regrettably rare in many IIoT controllers. Out-of-band verification methods become necessary to bridge this gap and guarantee the legitimacy of software updates.

Understanding the provenance of software components is non-negotiable. Knowing the origin of the software, its developers, and any modifications made is vital for mitigating risks. The industry needs to shift its focus from merely identifying vulnerabilities to proactively assessing the risks associated with the software supply chain. Software Bill of Materials (SBOMs) play a crucial role in this regard by providing a comprehensive inventory of software components and their origins.

Collaboration and the adoption of robust security frameworks are essential for safeguarding industrial environments. Industry stakeholders, including component manufacturers, control system vendors, system integrators, and operators, must work together to ensure a secure lifecycle for industrial equipment. IEC 62443 offers a comprehensive framework, emphasizing not just compliance but certification to validate adherence to security standards. This framework addresses secure development lifecycles, product security features, and the secure integration and operation of diverse technologies within an industrial system.

The European Union’s Cyber Resilience Act (CRA) is a game-changer, setting a new global standard for IoT security. This regulation mandates manufacturers to provide detailed information about their software, including SBOMs, to ensure transparency and accountability. While initially focused on Europe, the CRA will likely influence global security practices and regulations. This comprehensive approach, addressing security features, vulnerability management, and supply chain security, benefits manufacturers and asset owners worldwide.

Securing the IIoT landscape demands a multi-faceted approach that prioritizes transparency, collaboration, and a proactive approach to risk management. Operators need to carefully evaluate vendors and their security practices, demanding transparency and accountability. The adoption of robust security frameworks like IEC 62443, along with a deep understanding of software provenance and secure communication protocols, is crucial for mitigating risks. Regulations like the EU CRA play a vital role in setting standards and driving industry-wide improvements. Ultimately, a collective effort from all stakeholders is paramount to ensure the secure and reliable operation of industrial environments in the face of evolving threats.

This article was written based on the insights provided by Ellen Boehm, SVP of Global IoT Strategy & Operations, Keyfactor, Megan Samford, VP, Chief Product Security Officer – Energy Management, Schneider Electric, and Eric Byres, CTO and Board Member, aDolus, during the IIoT World Manufacturing Days. The “Fortress Factory: The Critical Importance of Cybersecurity in the IIoT Era” session was moderated by Patrick C Miller, CEO, Ampyx Cyber. For more insights, watch the video.

Watch the video.

The article was generated using notebooklm and chatGPT based on the session’s video transcript. It was verified and edited by IIoT World’s team.