Industrial Internet of Things (IIoT) and Cybersecurity
Industrial Internet of Things (IIoT) and Cybersecurity
The Internet of Things (IoT) is often referred to as the ever-expanding web of inter-connected devices, ranging from numerous everyday items all connected to the internet (O’Maley, 2016). With consumers being drawn into the technological wave of IoT, the evolution for opportunity is becoming endless, allowing all devices being able to connect to the internet, with mass amounts of data obtainable for big consumer brands. This has become possible due to the incorporation of small computer chips that allow you to connect devices to the internet easily and competitively. For around a decade, rapid growth has allowed businesses to explore new ideas and interests, modernising everyday technology to automate goods and dramatically change the world.
There are now an extraordinary number of items that come in all shapes and sizes such as smart fridges which have interactive notes on the fridge and allow you to access the internet on the fridge door. Smart cars are now incorporating complex sensors in order to detect objects in their path and including sensors in the boot, to open it via movement or proximity. Almost anything, can now be connected to the internet to track data no matter the size due to the availability of micro computer chips. If you wanted to check the time spent brushing your teeth to the speed you can throw an apple, it is all now possible from the use of sensory equipment and hardware engineering. In this article I will discuss how IoT is relevant within the industry, the cyber security threats that may pose a threat and the challenges currently faced.
How is IoT relevant within the industry
The industrial Internet of Things opens up opportunities in automation, optimisation, manufacturing, performance management, maintenance, industrial control, customer centric roles and smart industries (Business guide to Industrial IoT (Industrial Internet of Things), 2020). IoT within the business, is used for several different motives however, most companies use it to improve operational efficiency and to improve productivity. These smart technology devices that are incorporated help assist businesses to move into a much smarter means of working and streamlining their processes.
Benefits of IIOT
The Internet of Things is evidently highlighting the way people do business as you can see from the above chart. It is now used in various ways however, more importantly, its main purpose is to create smarter business models, streamline operations and reduce expenditure. With the intelligence enabled from smart devices it can be programmed to work in unison to produce outputs on an assembly line and it can collect data on the status of the environment and equipment that allows fail-safes and smart technologies to be put in place that allow proactive maintenance or automated recovery after failures (How IoT will Impact Different Industries, 2020).
Industrial IoT has proved successful in several different sectors from agriculture to manufacturing, in order to assist and enhance the speed and maintainability of their systems. A good example would be engineering firms that need to monitor and maintain equipment requiring an easy way to monitor faults and issues with their hardware. IoT can play a reliable part in streamlining this process and allow for data to be captured when issues do happen and to better understand system failures and workplace faults.
A popular product many households now see that can relate to the Internet of Things are devices such as Amazon Echo’s, Apple Tv’s and many other smart devices that crop up around the house to streamline processes. It is now easy to ask your personal assistants to remind you at a specific time, order a product via speech or even ring someone without needing your mobile phone. These devices are also very common in organisations and offices in order to create smart office environments. The flexibility of IoT technology and how it can be embedded in many different devices, it makes them extremely useful in a wide range of applications and environments. It offers many businesses the opportunity to increase production and automation, along with improving data processing and analytics.
Organisations worldwide have already incorporated and connected technology by embracing industrial IoT projects and using these applications and technology to drive their business forward. According to (Buntz, 2020), there are several giant companies that embrace IoT such as:
- Amazon – Amazon use technology within their warehouses and logistics to improve the way human and machine collaborate. Amazon have Wi-Fi connected Kiva robots within their warehouses that locate the products quickly on the shelves and give them the workers.
- Bosch – Bosch has a track and trace innovator to help with an issue they had with workers spending large amounts of time finding equipment. They added sensors to its tools in order to track them.
- Hitachi – Hitachi have produced their own IoT-enhanced production model and have slashed production by half for the manufacturing they do with infrastructure.
- Boeing – Boeing are making use of IoT to drive manufacturing efficiency. Their technology is driving efficiency throughout factories and supply chains and steadily implemented sensors into their planes.
As you can see from the above examples, companies are providing solutions to their problems within their companies in order to create technology related solutions to speed up operations and work smarter. Where, new technology is being implemented into the workplace and collecting sensitive data or making significant impacts to business operations, security is extremely important to consider in order to protect against intrusion and attacks. Cyber security is an important factor to consider when looking at implementing any IoT device into the workplace in order to protect against hi-jacking, Distributed Denial of Service (DDoS) attacks and architecture hijacking.
Industrial IoT Cybersecurity
Analysts predict that by 2025, there will be roughly 21.5 billion IoT devices connected worldwide drastically increasing the surface area for the cyber-attacks (Addressing cybersecurity risk in industrial IoT and OT – Microsoft Security, 2020). Due to IoT within the industry, now trying to revolutionise the way that they work and manufacture products, the implications for cyber-attacks can be disastrous and sometimes fatal due to safety failures and loss of life. According to (Protecting distributed IoT devices, 2020), it is highly important to understand why IoT devices are becoming increasingly attractive targets for hackers due to them being unnoticed and undetected from the lack of direct user interaction. A couple of reasons for why these devices are attractive targets for hackers are:
- They perform critical functions within the operations of companies which can cause complete chaos and havoc when they are compromised, this may be due to security flaws in industrial equipment that can be hacked and cause production issues.
- They fuel DDoS attacks and disrupt operations due to the scalability of applications on the market. They are always on also, so they are always available to attacks due to their availability.
- Their operating system can play an important role to combatting against attacks due to many use low-cost common code libraries which contain unpatched vulnerabilities and lack basic security due to processing power.
- They have outdated firmware due to the difficulty of maintaining equipment and hardware, also acquiring weak authentication methods for passwords.
From the list it is evident, several devices create their own security flaws by not updating software, using correct authentication methods and keeping up to date with library patches. It is of significant importance that IoT standards are implemented and followed along with best practices to reduce security flaws in IoT systems.
Several risks are recognised with IoT, with how products are used, what they are used for and how they are maintained, all these factors will determine potential DDoS attacks and exploit vulnerabilities (Lindqvist & Neumann, 2017). The challenges that are posed generally fall down to vulnerable components, increased connectivity, insecure protocols and human error. Most systems are rarely designed with cybersecurity in mind and the vulnerabilities and attacks within software are becoming more and more common. Another intriguing factor for cyber threat management is prioritising it during process management. Within most hardware development projects; the functionality and efficiency are usually seen as the higher priority in industrial IoT opposed to cybersecurity.
Managing IT and IoT integration is a significant challenge, the contributing factors include insecure network connections along with unknown risks in IoT related environments. Legacy controlled IoT systems again form a solid issue as manufacturers build new systems on top of legacy (outdated) systems which results in outdated protection measures and contain unknown vulnerabilities that have been inactive for years. Human error may fall down to users not being familiar with new processes and systems that are incorporated, which can be the case for email phishing if hardware is sending data via emails.
Device security and maintenance should be a subject of consideration through the product’s entire lifecycle up until the product is no longer required or used. System architecture can always be exposed and be vulnerable if security considerations are not considered and the cybersecurity threat of the hardware is at the back of the to do list. It requires high-level maintenance and uptime monitoring in order to identify any intrusion, corrupt data or security flaws so that all data is securely stored and maintained.
Cyberattacks on IoT have surged
It is no surprise that IoT vulnerabilities have surged in recent years due to the mass number of connected devices on the market. According to (10 IoT Security Incidents That Make You Feel Less Secure, 2020), there are a number of good examples of prolific vulnerabilities from companies in recent years such as:
- Smart security cameras such as Amazon’s Ring Video Doorbell Pro which may have given hackers unauthorised access to the user’s WIFI network and to other connected devices on it which received a security patch. Researched however, found flaws that may allow hackers to view video footage and listen to audio output which again was future proofed by Amazon.
- Smart Tv’s have several neglected security issues and according to the FBI, hackers can control unsecured TV’s and by changing channels and the volume and make use of the cameras.
- Smart homes can be vulnerable with technical glitches and hacking into the WIFI. A couple in the USA had their smart home compromised where the video system was controlled, and room temperatures were hacked from exploiting the thermostats.
- Smart speakers, fridges and bulbs can be hacked. Researchers have identified ways to access the Amazon Echo smart speaker and attack it with malicious programs. Amazon are on top of their security issues and provide patches regularly for any of their flaws.
None of this is to scare you, merely to help you understand on how anything that has an internet connection can be manipulated and be prone to attack, so it is important to access the risks and defend against them early on. Within Industrial IoT, data loss and attacks can be substantially more damaging than a smart home speaker and will pose their own threat depending on the functionality on the IoT device.
How to defend against IoT cyber threats
There are several scenarios which can cause pandemonium if a hacker took control of your product due to finding security flaws within your systems. Since IoT provides access to real-world objects, then an attack can cause real world harm to people, and even result in loss of life which can completely destroy your business. There are many scenarios that hackers can take control and jeopardise a system such as self-driving cars being hacked, locks in smart home doors being unlocked or manufacturing equipment being hacked and causing faults. This is the main reason security must be at the forefront of any technical project that is connected to the internet. Many think it won’t happen to them or the chance of it happening is unlikely however, security should constantly be embedded in every aspect of IoT development.
In order to combat against attacks, it is important to consider protecting against physical tempering and keeping hardware out of hands reach for an individual to tamper with. According to (Elizalde, 2020), a hospital invested millions into cybersecurity however when a nurse charged her phone a Trojan horse found its way into the hospitals network, which highlights just how easy it can be to fall short to unwanted attacks. It is important for all product managers to ensure security is consistent throughout the full life cycle of the application and the below image identifies what factors need to be considered to combat threats.
Full stack IoT security lifecycle
IoT devices harbour a minefield of data and highly valuable personal data and it is with great importance that these are protected and treated with high consideration. It can be difficult to optimise every risk and security flaw however; it is important to consider the risk to the business and how it may affect it in order to combat the most important risk factors. IoT provides many technological enhancements and even though risks are present it should not stop companies from exploring and using this technology in order to grow and automate. It is important to consider the security issues that may be present and to consider the security elements of every product made in order to protect our devices and ourselves from intrusion.
IoT is an exciting and resourceful use of technology which allows any device to be connected to the internet and acquire data easily and effectively, improving the way we interact at home and at work. Even with the surge of contactless interfaces and IoT products, it is a main concern as to how insecure many are becoming due to the lack of security considerations and outdated code libraries. From this article it identifies the resourcefulness of using industrial IoT and how it can automate and create a successful workforce however, security issues need to be considered. When automating systems or building new products it is vital that all security issues are addressed throughout the full life cycle to iron out any problems that may occur in the future and have a means of assessing the risk and keeping security flaws to a minimum. IoT however, is an exciting and brilliant resource to use and should be considered for many businesses as a new tool to automate substantial tasks, with security in mind.
References and Further Reading
Buntz, B., 2020. The Top 20 Industrial Iot Applications. [online] IoT World Today. Available at: <https://www.iotworldtoday.com/2017/09/20/top-20-industrial-iot-applications/> [Accessed 20 September 2017].
CISO MAG | Cyber Security Magazine. 2020. 10 Iot Security Incidents That Make You Feel Less Secure. [online] Available at: <https://cisomag.eccouncil.org/10-iot-security-incidents-that-make-you-feel-less-secure/> [Accessed 10 January 2020].
Elizalde, D., 2020. How To Protect Your Iot Product From Hackers. [online] Daniel Elizalde. Available at: <https://danielelizalde.com/iot-security-hacks-worst-case-scenario/> [Accessed 28 July 2020].
i-SCOOP. 2020. Business Guide To Industrial Iot (Industrial Internet Of Things). [online] Available at: <https://www.i-scoop.eu/internet-of-things-guide/industrial-internet-things-iiot-saving-costs-innovation> [Accessed 10 October 2020].
LINDQVIST, U. and NEUMANN, P., 2017. Inside Risks the Future of the Internet of Things. Association for Computing Machinery.Communications of the ACM, 60(2), pp. 26.
Machine Design. 2020. How Iot Will Impact Different Industries. [online] Available at: <https://www.machinedesign.com/automation-iiot/article/21836897/how-iot-will-impact-different-industries.> [Accessed 8 March 2019].
O’MALEY, D., 2016. The Internet of Things. Journal of Democracy, 27(3), pp. 176-178.
Securitymagazine.com. 2020. Protecting Distributed Iot Devices. [online] Available at: <https://www.securitymagazine.com/articles/92738-protecting-industrial-iot-devices> [Accessed 2 July 2020].