In December 2017, cyberattackers used TRITON/TRISIS malware to target safety instrumented system (SIS) controllers at a critical infrastructure organization. The malware was designed specifically to interact with the controllers, potentially to damage equipment and shut down operations, according to the New Jersey Cybersecurity & Communications Integration Cell. That attack underscored the risk of implementing industrial Internet of Things (IIoT) technologies. As their numbers grow, so does the potential for data exposure, production disruptions, reputational damage, intellectual property theft, and even injury and loss of life.

Current Industrial IoT Deployments Lack Key Security Considerations

Electronics manufacturing plants have become increasingly instrumented and connected, transforming into cyber-physical systems with the IIoT as a core cognitive component. IIoT devices and sensors embedded in physical assets churn out masses of data, providing insight into operations and highlighting opportunities to improve efficiencies. But between now and 2020, as reported by The Verge, IoT device manufacturers have no legal requirement to equip products with security features.

Connecting previously closed systems to the internet exposes new attack surfaces and security targets. Adding intelligent and automated manufacturing equipment and processes increases the number of access points for threat actors, competitors, nation states and even disgruntled employees. Although many risks can be addressed or mitigated, too many electronics companies deploy IIoT technologies without fully evaluating or protecting against the risks, and without preparing a fast and effective response to a breach.

Security Capabilities Must Keep Pace With IoT Solutions

To better understand IIoT security risks and implications in operational environments, the IBM Institute for Business Value (IBV) partnered with Oxford Economics to survey 700 energy and industrial executives in 18 countries. The report on the 269 electronics firms that participated, titled “Electronics Industrial IoT Cybersecurity: As Strong as Its Weakest Link,” benchmarks the level of IIoT technology adoption and explores associated cybersecurity risks.

The most common applications deployed by electronics firms are real-time equipment monitoring (65 percent) and predictive maintenance (58 percent), followed by asset/equipment monitoring and automation of machines and workflows. But across sectors, firms are implementing IIoT solutions faster than they’re securing them. Why? In many cases, they’re not confident in the combination of cybersecurity capabilities — the skills, controls, practices and protective technologies — needed to secure their businesses.

Follow the Leaders to Protect Environments and Detect Breaches

The IBV study found that 36 electronics companies are among the leaders in securing IIoT environments. These firms are in the top quartile of performance on three measures:

  1. Percentage of known IIoT vulnerabilities addressed by security controls.
  2. Cycle time to discover/detect IIoT cybersecurity incidents.
  3. Cycle time to respond to and recover from IIoT cybersecurity incidents.

These leaders have a better grasp on the security requirements of IIoT deployments and connected industrial control systems (ICSs) than the average enterprise. Furthermore, they stand out in their use of the following nine security practices to protect data, safeguard devices, and augment threat detection and response with automation and cognitive intelligence:

  1. Apply user privacy controls to IIoT devices.
  2. Use authentication to verify users on IIoT devices.
  3. Define clear service-level agreements (SLAs) for security and privacy.
  4. Inventory all authorized and unauthorized software.
  5. Use devices with built-in diagnostics.
  6. Automate scanning of connected devices.
  7. Secure device hardware and firmware.
  8. Use advanced behavioral analytics for breach detection and response.
  9. Use artificial intelligence (AI) technology to enable real-time monitoring and response.

A Custom Approach to Securing Industrial IoT Ecosystems

In terms of vulnerabilities, threats and incidents, there are notable differences among electronics industry sectors. For example, 37 percent of appliance manufacturers listed applications built on cloud solutions and IoT platforms as their greatest IIoT vulnerability, but these weren’t in the top three for any other sector. Appliance manufacturers also ranked unauthorized access or abuse of access credentials as the greatest IIoT-related threat and internal theft/fraud as the most common IIoT cybersecurity incident.

Regardless of sector, securing an IIoT ecosystem starts with a clear strategy that balances prevention and detection. Next, integrate security technologies into operational processes and apply intelligent and automated capabilities to deal with advancing and unknown threats. Finally, enterprises should have an incident response and communications plan in place so they can recover from a breach as quickly as possible and minimize damage to critical assets.

Read the report

More from Application Security

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…