In December 2017, cyberattackers used TRITON/TRISIS malware to target safety instrumented system (SIS) controllers at a critical infrastructure organization. The malware was designed specifically to interact with the controllers, potentially to damage equipment and shut down operations, according to the New Jersey Cybersecurity & Communications Integration Cell. That attack underscored the risk of implementing industrial Internet of Things (IIoT) technologies. As their numbers grow, so does the potential for data exposure, production disruptions, reputational damage, intellectual property theft, and even injury and loss of life.
Current Industrial IoT Deployments Lack Key Security Considerations
Electronics manufacturing plants have become increasingly instrumented and connected, transforming into cyber-physical systems with the IIoT as a core cognitive component. IIoT devices and sensors embedded in physical assets churn out masses of data, providing insight into operations and highlighting opportunities to improve efficiencies. But between now and 2020, as reported by The Verge, IoT device manufacturers have no legal requirement to equip products with security features.
Connecting previously closed systems to the internet exposes new attack surfaces and security targets. Adding intelligent and automated manufacturing equipment and processes increases the number of access points for threat actors, competitors, nation states and even disgruntled employees. Although many risks can be addressed or mitigated, too many electronics companies deploy IIoT technologies without fully evaluating or protecting against the risks, and without preparing a fast and effective response to a breach.
Security Capabilities Must Keep Pace With IoT Solutions
To better understand IIoT security risks and implications in operational environments, the IBM Institute for Business Value (IBV) partnered with Oxford Economics to survey 700 energy and industrial executives in 18 countries. The report on the 269 electronics firms that participated, titled “Electronics Industrial IoT Cybersecurity: As Strong as Its Weakest Link,” benchmarks the level of IIoT technology adoption and explores associated cybersecurity risks.
The most common applications deployed by electronics firms are real-time equipment monitoring (65 percent) and predictive maintenance (58 percent), followed by asset/equipment monitoring and automation of machines and workflows. But across sectors, firms are implementing IIoT solutions faster than they’re securing them. Why? In many cases, they’re not confident in the combination of cybersecurity capabilities — the skills, controls, practices and protective technologies — needed to secure their businesses.
Follow the Leaders to Protect Environments and Detect Breaches
The IBV study found that 36 electronics companies are among the leaders in securing IIoT environments. These firms are in the top quartile of performance on three measures:
- Percentage of known IIoT vulnerabilities addressed by security controls.
- Cycle time to discover/detect IIoT cybersecurity incidents.
- Cycle time to respond to and recover from IIoT cybersecurity incidents.
These leaders have a better grasp on the security requirements of IIoT deployments and connected industrial control systems (ICSs) than the average enterprise. Furthermore, they stand out in their use of the following nine security practices to protect data, safeguard devices, and augment threat detection and response with automation and cognitive intelligence:
- Apply user privacy controls to IIoT devices.
- Use authentication to verify users on IIoT devices.
- Define clear service-level agreements (SLAs) for security and privacy.
- Inventory all authorized and unauthorized software.
- Use devices with built-in diagnostics.
- Automate scanning of connected devices.
- Secure device hardware and firmware.
- Use advanced behavioral analytics for breach detection and response.
- Use artificial intelligence (AI) technology to enable real-time monitoring and response.
A Custom Approach to Securing Industrial IoT Ecosystems
In terms of vulnerabilities, threats and incidents, there are notable differences among electronics industry sectors. For example, 37 percent of appliance manufacturers listed applications built on cloud solutions and IoT platforms as their greatest IIoT vulnerability, but these weren’t in the top three for any other sector. Appliance manufacturers also ranked unauthorized access or abuse of access credentials as the greatest IIoT-related threat and internal theft/fraud as the most common IIoT cybersecurity incident.
Regardless of sector, securing an IIoT ecosystem starts with a clear strategy that balances prevention and detection. Next, integrate security technologies into operational processes and apply intelligent and automated capabilities to deal with advancing and unknown threats. Finally, enterprises should have an incident response and communications plan in place so they can recover from a breach as quickly as possible and minimize damage to critical assets.
Read the report
IBM Distinguished Engineer and CTO IBM Security Europe
Martin Borrett is an IBM Distinguished Engineer and CTO IBM Security Europe. He advises clients at the most senior level on policy, business, technical, and ...