In five questions or less, an industry expert defines and explains a technology, term or trend in CBR’s Tech Express – with this installment seeing Simon Edwards, European Cyber Security Architect at Trend Micro, tackle the Industrial IoT.
CBR: What is the Industrial IoT?
SE: The Industrial Internet of Things is where Industrial Control Systems are evolving to become more smart. Where the components that run utilities like water and gas pipelines; or the points system of a rail network; or the systems that run manufacturing lines; all of these used to simply do the job they were intended to do. But now these are being made smarter and more connected so they become more efficient and more intelligent.
CBR: What are the main business benefits of the Industrial IoT?
SE: With IIoT it is possible to link all of these devices across IP networks (i.e. theinternet); the data they create that then be fed into machine learning systems using big data technology. This then allows organisations to make better and more efficient use of the smart network. Take for example the concept of a smart city, where the electricity supplies are moved from the business districts to the residential ones at night for better fuel efficiency.
CBR: What industries do you foresee adopting the Industrial IoT?
SE: Really any that use ICS systems today, will certainly start to embrace the technology. But it also opens up new and exciting opportunities, like those of smart cars and motorways, where cars can communicate between them to achieve the best and most efficiency speed and fuel consumption. So every industry will be affected; even if they don’t really know that it is being used!
CBR: What security concerns are associated with the Industrial Internet of Things?
SE: The first problem lies in the way they are connected, with many relying simply on available internet connections (take CCTV camera networks in major cities as a good example) as their network; and so they become easily accessible to everyone else on the internet. The 2ndthough is much worse, and that is simply the fact that when these devices are being designed and built, no one is considering the security implications of what they are building. So security is simply not being designed in; and this must change urgently. The recent Mirai DDoS attack shows this; where a simple script was able to gain control of 100,000’s of unsecured devices and then use them, on mass, to target a security journalist – creating one of the largest DDoS storms ever seen.
CBR: How can the Industrial IoT be secured against cyber threats?
SE: Firstly manufactures have to start securing their systems at the point of initial design. Whether that is in the specific IoT device, or in the infrastructure that connects them. The early proof of concepts around hacking into cars worked because the entertainment system (connected to the mobile network) was connected on the same backplane to the engine management system, so it was very easy to jump from one to the other. This leads to the second requirement, to build in layered security using different security techniques, to detect and block attacks and other compromises. As with all security, never rely on one detection method or blocking system, create multiple hurdles for the attackers to have to get across and use the same inter-connected nature of IIoT to share information across the network. So if one area is under attack, the other parts of the system know and are able to also react.