Finding Security in an IIoT Driven World
It wasn’t that long ago that IIoT sounded out of reach. Who would have imagined we could control our home’s thermostat or turn on the sprinklers from anywhere in the world? The truth is, while it may seem we are living in a highly connected world, this is just the tip of the iceberg. In fact, analysts predict there will be 80 billion connected devices by 2025.
Naturally, many businesses are drawn to the opportunities that IoT brings. With its ability to grow revenue, increase efficiency, and improve customer experiences, enterprises are jumping into the world of high connectivity. So much so, that enterprises are often quick to overlook the security challenges the IoT presents. DigiCert’s new 2018 State of IoT Security revealed that not taking IoT security seriously is sure to result in security mishaps and millions in lost revenue every year. In fact, the study found that companies struggling the most with IoT security have lost at least $34 million in the last two years.
Regardless of the security implications, enterprise adoption of IoT continues to boom and as it evolves it is opening up new possibilities around the Industrial Internet of Things (IIoT). The seemingly simple step of adding connected devices in an industrial setting, brings with it the ability to manage safer and better plants, a more secure and efficient supply chain, and accurate information on things that truly matter. But with the possibilities the IIoT presents, there is potential for even greater risk. It’s no longer about the vulnerability of your Wi-Fi dishwasher and securing Fitbits; the stakes go up when you start working with safety critical infrastructure like power plants, dams, city electric grids, energy production facilities and other operations that form the IIoT. Just as cyber criminals have been eager to exploit the IoT we should also expect a similar, if not more focus on the IIoT.
Challenges of IIoT
While 82 percent of survey respondents view IoT security and privacy as their top priority, it’s easy for manufacturers to skip the security side of things in the frenzy to get products to market. Most likely, manufacturers will not give much priority to the design and infrastructure of the supporting systems and the security measures in place. In many cases, IIoT adoption will be performed using old systems, through retrofitting these existing systems to support the new wave of connectivity. What’s more, there are few security standards to govern this growing new field, making it feel more like a free for all.
Without much governance or guidance, coupled with the systems of yesterday, manufacturers are sure to run into security challenges. While there is much to be gained from IIoT deployment, there is also a lot to lose. As such, it is imperative that enterprises begin to take the steps necessary to ensure a secure transition to the future of IIoT.
Despite the challenges, there is one essential element of security for the industrial internet of things that should be considered in any IIoT implementation, Public Key Infrastructures (PKI). PKI´s using digital certificates provide a way to ensure that innovation can be done securely. The following are key features of a strong PKI environment:
- Polices the connections over a vast IIoT network, filled with endpoints sending data between all the different points of contact.
- Is built on interoperable and standardized protocols open to all, and meant to encompass the worldwide web.
- Provides safe mutual authentication between connected devices, systems and users, making sure that both ends of the transaction are trusted parties and ensuring the secure exchange of data.
- Encrypts data between sources, using the latest cryptography.
- Ensures the integrity of data and devices through signed code and message exchanges.
- Provides scalability for environments that are often tasked with overseeing many endpoints.
A time-tested and always-evolving solution like PKI can give businesses confidence in the IIoT. What’s more, manufacturers of connected devices entering the market can add PKI while the devices are still on the floor, before they hit the market. By building the security into the design approach of IIoT-enabled devices, manufacturers can ensure better security at a less cost. All of this allows for unparalleled trust within that network and makes a cyber-criminal’s job that much harder. While governments consider regulations and device manufacturers work on improving their practices, IoT and IIoT users can take the initiative themselves to ensure a safe and secure experience.
This article was written by Mike Ahmadi, Vice President, Industrial IoT Security at DigiCert.