By: Josh Jabs, VP, office of the CTO and GM of IoT solutions, Entrust Datacard
But with greater connectivity, comes increased security risks. While IoT systems deliver significant benefits to the manufacturing industry — from reduced day-to-day bottlenecks to the creation of new revenue sources — tackling security challenges is still a necessary part of the implementation equation.
Establishing a secure IoT ecosystem with trusted interactions must remain top of mind. Before jumping into implementation, consider the following factors and how they may impact your IoT system strategy.
As systems continue to advance, hackers are quickly adapting and finding new, more sophisticated ways to compromise data. And these smart cybercriminals are eager to take advantage of IoT security vulnerabilities.
In 2016, major websites across the U.S. and Europe were brought down in a distributed denial of service (DDoS) attack by the Mirai botnet — a network of IoT devices infected with malware and used to bombard servers with traffic until they are rendered useless. It’s believed the attack involved the coordination of 100,000 malicious endpoints, making the Mirai botnet attack one of the largest of its kind in history.
Whether using a connected car or operating a smart sensor, there are major security concerns that come with the introduction of IoT.
To properly address these challenges, IoT security systems have to do more than just keep the bad guys out. Securing an industrial IoT ecosystem requires examining where vulnerabilities lie throughout an environment, from the inbound supply chain and operational controls to what happens post-manufacture. The right IoT solution must be built on a strong trust model. This ensures the identity of every device, application and user within an IoT ecosystem is authenticated and that any commands issued or responded to are authorized.
Even with the continued evolution of IoT, there’s still much to be done in the way of standardizing protocols. Not only is there an abundance of diverse connected devices, but all of those devices have various sets of capabilities and access.
In today’s modern industrial facility, where constrained devices and networks were not purposefully built for IoT connectivity, securing data remains a challenge.
No matter the protocol approach used, an effective IoT security solution must secure both greenfield and brownfield manufacturing environments. Building trusted identity into new devices establishes increased end to end supply chain integrity and visibility. With this root of trust in place, systems can be operationalized for strengthened command and control capabilities. This approach also ensures data is securely collected and transmitted between industrial control systems and an enterprise data hub.
Planning for longevity
The range of devices being connected to the internet continues to widen.
There could be as many as 8.4 billion connected things used worldwide in 2017, and that number is projected to reach 20.4 billion by 2020. The global IoT opportunity is significant, which means these connected devices are not expected to go away anytime soon.
But the longer lifecycles of many connected devices actually pose a greater security risk and scale of threat. If an IoT device is expected to operate for 10 to 15 years, then it will require continued updates and monitoring to ensure it can thwart evolving cyberthreats. Both device manufacturers and operators must consider the implications of introducing new features and services, while also being flexible enough to adapt to new industry developments or changes in protocol.
IoT security cannot be a one-time endeavor.
Given how rapidly technology is advancing, the security of a connected ecosystem must scale and evolve with changing security requirements. A future-proofed IoT solution supports devices and infrastructure that can quickly adapt to updates and upgrades, while still driving business forward.
Identity is crucial
Authentication is important, but it’s not everything.
That means the security of a system can’t solely depend on one-time authentication mechanisms. Properly identifying connected devices and endpoints, even if there isn’t an ability to enter a password, is crucial to the overall security architecture of an industrial IoT ecosystem.
Creating a trusted environment starts with identifying and authenticating all devices, applications and users — and kicking untrusted devices off your network. It’s also important that the roles and access of every connected device are clearly defined. This ensures only authorized actions are performed within an environment. It also makes it possible for the data moving through connected systems to only be accessed by users, systems and devices with the appropriate privileges.
As new technologies continue to connect traditional industrial networks to digital platforms, the right security measures must be taken to unlock the promises of IoT. Implementing IoT in industrial environments is complex, but the right security solution can help you realize the business value of increased connectivity. As you consider the right IoT system and implementation for your business, don’t forget to take the longevity, identity and diversity of connected devices into account, and be aware of the evolving threats facing IoT.
About the Author
Josh Jabs is the vice president in the office of the chief technology officer and is the general manager of IoT solutions at Entrust Datacard. He has more than 20 years of experience gauging the practical impact of changes in the technology ecosystem, most recently with the rise of the Internet of Things. Jabs also served as the vice president of PKI and IoT solutions and the vice president of global government solutions at Entrust Datacard prior to his current role. Before joining the company, Jabs directed investor engagements as an equity analyst in the security and financial technology sectors at Roth Capital Partners and Piper Jaffray. He also held roles within the United States government, specializing in new technology investments and security research. Jabs holds an MBA, a master’s in electrical engineering and received his bachelor’s degree in electrical engineering from the United States Air Force Academy.