Cisco Blogs


Cisco Blog > Internet of Everything

Drop the IT-Centric Mindset: Securing IoT Networks Requires New Thinking

October 8, 2014 at 5:00 am PST

The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.

While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.

Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.

Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence.  By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.

At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.

Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData

Tags: , , , , , , , , ,

The 2014 Automation Conference – IoE and Beer

The 2014 Automation Conference (TAC) was held March 20-21, 2014 in sunny Chicago (Yes, sunny Chicago!! I made sure to pack some California sunshine for the Windy City) attracted a diverse group of automation and manufacturing thought leaders and subject matter experts from leading machine builders, system integrators, manufacturing end users, standards bodies and educational institutions. The focus and objective of the conference was to have peer to peer discussions and dialogue around the technologies and next generation automation strategies that are enabling and driving the Internet of Everything (IoE).

“This conference is designed not only to make you think about the application of automation, but also to help you take action” -- David Greenfield, Automation World, editor in chief and TAC event director

The conference achieved this goal and more.  The framework of the sessions encouraged audience collaboration and dialogue around the challenges and practical steps and strategies being designed and deployed to achieve an integrated and scalable IoE architecture that drives value across the entire manufacturing value chain, as depicted in the video below:

I can “wax poetic” around all the great individual sessions held at the conference around Big Data, BYOD (Bring Your Own Device), mobility, virtualization, cloud computing, cyber-physical security, network switching, CPwE (Converged Plantwide Ethernet), safety systems, workforce retention and optimization, but I think its more fun and interesting to summarize the highlights of the conference through the  context of a use case that was shared at the conference.

What better way to meet that objective than to leverage a manufacturing use case around beer!!!!

Automating Brewing Operations from Two Different Perspectives

I attended this session where Highland Brewing, Sierra Nevada and Vicinity Manufacturing gave an interesting perspective around the challenges and strategies in deploying their next generation manufacturing operation.

Highland Brewing is a regional brewer of craft beers based in the Southeast and Sierra Nevada is a larger brewer with more of national brand.  The interesting contrast between the two is that Highland Brewing is designing more automation into their operational facility and Sierra Nevada is scaling their automation and IoE strategies across all their facilities.   Both perspectives and approaches have the same objective.  How do I effectively integrate all the various technologies into an intelligent, flexible and scalable system/architecture to meet the following business outcomes:

  1. Increase Customer Loyalty
  2. Supply Chain Optimization
  3. Operational Excellence
  4. Energy Sustainability
  5. Disruptive Innovation

To paraphase Kevin Wheeler, Director of Operations, Highland Brewing Co,“Our core competency is crafting great beer. We have an opportunity to drive efficiency into our operation by an integrating IoT/IoE platform … the challenge is figuring out the best approach.”

Like Highland Brewing, manufacturers must begin to transform existing business processes and fundamentally rethink how they create, operate, and service smart, connected products in the IoE. For those that get it right, the future represents a huge opportunity to create product and service advantages.

Are you having challenges putting together the “IoE technology puzzle?”  Is security the main barrier to IoE adoption?

Tags: , , , , , , , , , , ,