How to combat the cybersecurity risk from a changing IIoT
The Industrial Internet of Things (“IIoT”) is evolving at a rapid pace, with experts predicting that 35 billion IoT devices1 will be installed around the world by the end of 2021.
This growth includes new phenomenon, such as automated drone delivery services, and the broad spectrum of remote access nodes, to business and industrial systems that help maintain production continuity and enable remote working.
In addition, the explosive growth in electric vehicle (“EV”) charging stations worldwide, which passed one million last year and is forecasted to reach close to 10 million by 20252 (with one million public chargers in the EU alone), is also fueling this growth.
This proliferation of risk is happening hand-in-hand with the development of processing intelligence at such points of interaction, commonly called “the edge”, which are located at the edge of traditional server/cloud networks. The result is that many user experiences of the IIoT may not seem that different from those of the consumer IoT, though the cybersecurity risks are greater and different.
More complex & different challenges
The cybersecurity risks for today’s burgeoning IIoT are ones of structure and intent.
In traditional IIoT settings, devices were connected mostly via LANs, or local area networks, which functioned like closed systems. Building walls around something is a simple security solution in the physical world, and it was the same for LAN cybersecurity. Extra – and usually bespoke – attention could be focused on controlling limited and infrequent access from outside the system – for example, just think of it as like a house with fewer windows and doors.
But today’s IIoT is far more complex, extending to multiple access points and to the cloud, thereby changing the four-walls metaphor for cybersecurity to perhaps a train station, with each traveler representing a node that uses access for different purposes.
This makes today’s IIoT gateway — perhaps the ticket counter in my train metaphor — the most important element for ensuring system operation and integrity, because that’s how input and output are vetted and controlled.
So, while a LAN continues to need security, as does the cloud, IIoT gateways are the lynchpins for connecting and thereby completing a true end-to-end cybersecurity solution between multiple devices, LANs, and the cloud.
This idea of end-to-end cybersecurity, which we call 360-degree security, is important because today’s IIoT faces different challenges than the IIoT did in its earlier incarnations.
For example, the risks of data theft are growing due to the amount of industrial IP being developed and used in such areas as Artificial Intelligence and machine learning. There are also risks of disruption on the Operational Technology (OT) when a network is affected, such as the recent shut down of the US’s East Coast oil pipeline in May 2021. A cybersecurity event might very well stop or slow other critical functions which, in turn, have implications not only for users but safety and supply chain efficiency.
Integration versus product-level solutions
Each innovation that extends the IIoT to engage more directly with customers, suppliers, and employees creates a new cybersecurity challenge, not only for the device or channel that has been changed, but also for the entire system. Change the configuration of a LAN, gateway, or cloud, and you have probably changed all of them, to a degree unique to that innovation.
There are two cybersecurity approaches to accommodating that change, which is somewhat inevitable for any business that wants to stay relevant in today’s marketplace:
- Integrate, by adjusting the generic security settings inherent in the constituent parts of your IIoT system and then combining them and hoping they perform as needed, or
- Design, which relies on a cybersecurity approach that is explicitly built to support your business needs and provide an adaptable end-to-end solution that is designed to work as a system.
Due to the high complexity of IIoT systems and the rich feature set customers expect from modern devices, it is nearly impossible for any solution developer or operator to start with a blank sheet, which often leads them to integrate off-the-shelf hardware components, software libraries, and services.
A new approach, matched to the challenges of the changing role of IIoT devices in business today, is to utilize a mature ecosystem solution to manage the entire lifecycle of the product, starting with secure design and continuing throughout implementation, onboarding, operating, updating, and end-of-life phases.
In response, ABB has collaborated with Microsoft to design just that solution: a 360-degree industrial internet security that is preconfigured to work seamlessly at both the hardware and software product levels. Using Microsoft Azure and components provided by ABB and NXP the solution provides secure connectivity from the silicon outward to the device, through the network edge, and to the cloud.
It is the outcome of a multi-year collaboration to deliver security by design so that customers don’t have to contend with integration or change issues post-implementation. Ultimately, it provides a comprehensive business solution, from the device to cloud-ecosystem.
Further reading: The Cybersecurity Implications of Infrastructure Modernization
You can read the White Paper from ABB and Microsoft on its new solution for 360-degree IIoT security for today’s business challenges HERE
About the Author
This article was written by Andrea Temporiti, Head of Digital, ABB Electrification.