While IoT technology brings new possibilities for manufacturers, increasing connectivity calls for a vigilant approach to cybersecurity.
By Hervé Tardy, vice president and general manager, Distributed Power Infrastructure, Eaton
In the Internet of Things (IoT) age, digital connectivity is expanding across the manufacturing floor, electric grid, commercial buildings and other facilities. This interconnectedness brings new possibilities for manufacturers to optimize data collection, gain valuable insights and optimize efficiency. But with increased connectivity comes risks associated with innovations increasing across IT and operational systems, and chief among these is cybersecurity.
Defending against cyberattacks today goes beyond protecting internal systems and requires IT managers to be proactive in defending against breaches that can also occur on the devices that connect to their network. End-to-end cybersecurity means incorporating critical protocols, technical standards and tools to address the processes that play across an organization’s entire infrastructure.
In this article, we’ll discuss more about the evolution of cybersecurity threats with IoT’s advancement and some strategies manufacturers can implement to protect their systems.
Assessing the Risk
According to a recent survey by RiskIQ, cybersecurity ranks among the top worries of IT professionals. The digital threat management firm revealed that 89 percent of all information security leaders are concerned about the rise of digital threats across web, social and mobile channels. And their trepidation is certainly not without merit, as potential consequences of a data breach include damaged reputation, downtime, the loss of sensitive personal or enterprise information, and distributed denial-of-service (DDoS) attacks designed to paralyze major websites. Considering the severity of possible outcomes, it’s not surprising that the global cost of cybercrime is projected to reach $2 trillion by 2019, representing a threefold increase from the 2015 estimate of $500 billion, as predicted by Juniper research.
Cybersecurity risks are growing not just in the magnitude of disruption, but in prevalence as well. According to the World Economic Forum 2018 Global Risks Report, attacks against businesses nearly doubled in just five years’ time, and incidents that would once have been considered extraordinary are becoming more and more commonplace. These types of worrisome cybersecurity trends will likely continue to intensify with the growing interconnectedness of IT infrastructure. By 2025, research firm IDC forecasts that there will be 41.6 billion connected IoT devices generating 79.4 zettabytes of data.
As the risks associated with cyber-attacks continue to intensify, manufacturers must ensure that their connected technology is secure and resilient. Experts recommend taking a variety of measures to safeguard against cybersecurity threats, such as using a firewall and encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful passwords policies and end point protection; and offering employees cybersecurity awareness training.
In response to growing cyber dangers, global safety science organization UL has developed and published a standard for software cybersecurity for network-connectable devices, UL 2900-1. The UL cybersecurity certification provides a purchaser the assurance that a product has been thoroughly reviewed and tested against a trusted benchmark.
State governments are also jumping into the game, taking legislative action to demand a higher level of cybersecurity. For instance, California recently passed a bill making IoT device companies more responsible for ensuring the privacy and security of the state’s residents. Additionally, the International Electrotechnical Commission (IEC) has released cybersecurity certifications to give companies more tools for a successful cyber security strategy.
Not to be Underestimated
An interconnected network means there are more entryways for manufactures to be aware of for potential cybers threats. For context on how important cybersecurity is across every access point, consider this: by targeting an overlooked vulnerability in a major retailer’s HVAC unit, hackers were able to access POS devices and steal 70 million client accounts.
A year ago, we at Eaton began taking steps to keep these types of breaches from happening in power management equipment – launching the Gigabit Network Card, which is the first UL 2900-1 and IEC 62443-4-2 certified UPS communication card. Additionally, Eaton’s ongoing focus on cybersecurity has helped to ensure that all our products already comply with California’s requirements, from UPSs to power distribution units (PDUs) and power management software.
As the proliferation of smart, connected devices link together more elements of manufacturing operations, from production lines to IT systems, manufacturers must look to partner with technology and solutions providers that are willing to be proactive in addressing IoT and security risks. Regulatory measures and validation from independent testing will be among the best means for companies to ensure their equipment manufacturers have done their due diligence to mitigate risks.
As big data and IoT innovation continues to advance, companies must adapt or risk getting left behind. Manufacturers can’t afford the costs, production delays or damages to their reputation that can be brought on with debilitating cyber-attacks. Those that make a security-first, end-to-end commitment will put themselves in the best position to meet current and future demands as cybersecurity threats continue to evolve.
Hervé Tardy is Vice President and General Manager of Eaton’s Distributed Power Infrastructure business unit. In this role, Hervé manages the Americas product roadmap for power solutions, software and connectivity products to reinforce Eaton’s technology leadership.
For more information on Eaton’s power management solutions, visit Eaton.com.