A Necessary Paradox: Trust and Value for Industrial IoT
Introducing: Cisco Industrial IoT Security Journey Series.
It’s a fact: most people are worried about data breaches. A Cisco Value/Trust Paradox report, based on a survey of 3,000 consumers, revealed that while 42 percent of respondents appreciate the values of the Internet of Things (IoT) data, only 9 percent consider their data as secured.
What many may not be aware of are the greater security challenges in 2018 and beyond to current Industrial Internet of Things (IIoT) environments and the need to protect critical infrastructures and data in both the IT and OT world. The pressure to plan and build end-to-end efficiency and processes are driving the adoption of connected technologies, notably IIoT.
Why do security threats keep happening?
Industrial environments are reaching a unique time in their history where the evolution of information and automation is changing all business processes. This means a couple of things. It’s easier for hackers to steal data and make tools, and in an era of mass targeted attacks, they are only going to get worse.
Yet, this evolution of information and automation must be promoted but protected as well. This new way of doing business, combined with advanced technologies, touches everything we see and do not see with an IP address, such as distributed computing, cloud-based services, artificial intelligence, machine learning, predictive maintenance, blockchain, industrial 3D printing.
What can you do to protect your customers? First, some background:
Industries are in the midst of new data paradigms where machines and people generate and receive more and more real-time information, which is leveraged for decision making. In fact, the adoption of IIoT networks impacts so many organizations that it’s a real challenge to estimate all of them but they range from:
- Manufacturing plants where robotics and human interactions have shifted from the historical repetitive operations to more localized and complex processes
- Complex power grid systems architecture where generation, control, and distribution are impacted by new grid schemes, such as renewable energies and synchrophasor applications in transmission systems
- Transportation developing intelligent vehicles and intelligent infrastructures’ systems to automate and optimize traffic flow
- Cities controlling and optimizing their environmental conditions and defense network-centric warfare, and remote health services and so on
Across these and many other industries, IIoT networks extend outside traditional IT environments, expanding the concept of “Extended Enterprise Network” architecture. Within extended enterprise IoT networks, engineers have to cope with a rapid increase of smart objects getting connected, growing data exchanges, the convergence between Information Technology (IT) and Operational Technology (OT) applications and services, and breaking conventional silos and field network locations generally considered unprotected.
Industrial IoT Security is Mission Critical
Technologies, products, and solutions are constantly evolving, driving innovation but also creating an unintended opportunity for new security flaws. External (or even internal) attackers are always looking for ways to leverage any technical or non-technical methods of attacks. “Meltdown and Spectre” on CPU chipsets or “KRACK” on Wi-Fi WPA2 security are just two highly visible examples.
A survey of security professionals revealed that 96 percent said they expect an increase in IoT breaches this year. And, as reported by Cisco Talos, vulnerabilities are monthly identified across Industrial Control Systems solution—so don’t think you or your customers are immune.
Yet, despite these challenges, people overall support the benefits of IoT data. That’s why bringing all devices, operations, and processes under a trustworthy umbrella that reinforces security and safety have never been more important.
Recognized Leader in Industrial IoT Security
Cisco, as a leader in IIoT security, can quickly react via well-defined processes to deliver effective, efficient security fixes for its customers. We are well-positioned to observe the challenges of industrial networks as deployed by its customers. An article in Forbes last year called out Cisco for its work in IoT network security, encryption and security analytics.
As a New Year’s resolution, the Cisco IIoT Networking team decided to publish monthly blog articles discussing industrial IOT security. In the next months you will see blogs that cover – Device security, Security protocols, cybersecurity, Utility Security and increase visibility of Manufacturing networks, to name a few.
Let us know the problems your organization is facing. Feel free to share your thoughts in the comments below.