The industrial Internet of Things is the next big step in the world of heavy industry. A whole host of security problems come with it, and if this report is correct they're largely being ignored.
A report out from LNS Research points to an accelerating growth in industrial Internet of Things (IIOT) adoption. As companies weigh the business applications of connected tech, according to the study, they aren't accounting for a new landscape of cybersecurity challenges.
Industry 4.0, as connected "smart factories" are often termed, is all about building new connected hardware that's adaptive, automated, and agile. LNS found that a majority of industrial companies plan to undergo digital transformation, making cybersecurity considerations more important than ever.
Unfortunately, most businesses planning to move into the IIOT aren't considering security, largely because of a wall between operational technology (OT) and IT. That wall could have a serious impact on the future success of industrial digital transformation.
40% of industrial businesses have already begun an IIOT initiative, and another 24% plan to do so within the next year, the report said.
Many next-generation IIOT platforms operate as a service, which makes them more flexible, easier to implement, and better at producing measurable data. It's also a weak point for cybersecurity, as protection is often considered an add-on element and not an integrated part of an IIOT PaaS setup.
The security disconnect
LNS gives three reasons for industrial cybersecurity being a huge risk for IIOT adoptions: Companies don't understand the magnitude of the threat, IT and OT are operating in silos, and there's a severe lack of cybersecurity best practice implementation.
Companies don't understand the threat, the study says, because 47% of them haven't dealt with a breach. Of those that have, 19% have suffered an incident due to accidents involving malware on removable media. Direct attacks are incredibly rare, which leads to a high degree of complacency.
That complacency is misplaced, especially considering that the Department of Homeland Security has warned that every major automation vendor is producing software with known vulnerabilities. Direct attacks may not have happened yet, but it's only a matter of time.
Another serious issue causing cybersecurity to slip is the siloed worlds of IT and OT. OT includes everything that's non-enterprise in a factory: Control systems, monitoring systems, factory hardware, and machinery.
SEE: Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
"As organizations begin to take industrial cyber security seriously, they cannot adequately address it without true collaboration between IT and OT," the report said. IT skills, combined with OT professionals' knowledge, is required to create an effective security plan for the next generation of industrial technology.
As for best practices, there are some disheartening figures to be found there. Only 35% of organizations have a dedicated chief information security officer (CISO), while the rest fold the responsibilities into the CIO's duties. "For IT-OT convergence to become a reality and for a company to implement an effective industrial cyber security solution, both of these roles [CIO and CISO] must exist and work collaboratively," the report said.
On top of industrial businesses lacking CISOs, they're also falling behind in other security areas. Only 49% have enterprise and plant-wide account management policies, only 38% have lists of
internet connections to the plant and what can come through them, and 38% fail to do any network security monitoring.
Not so different
Next generation technology, no matter the industry, seems to be simply plopped down on top of old, outdated, and cobbled together systems that have little to none of the connectivity required of the modern digital world.
SEE: Enterprise IoT calculator: TCO and ROI (Tech Pro Research)
Excitement over the possibilities of new business technology needs to be tempered by the realization that it needs new, connected foundations to succeed, and security is a core component.
Businesses, both industrial and otherwise, would do well to heed the recommendations of LNS's report: Make cybersecurity a fundamental part of digital transformation strategies, focus on adopting best practices (now and upon rollout of new systems), and eliminate silos between IT and OT (or whoever else IT needs to work with).
- 9 best practices to improve security in industrial IoT (TechRepublic)
- Industrial firms fail to adopt basic security measures against hackers (ZDNet)
- How industrial IoT and predictive analytics are saving millions through digital transformation (TechRepublic)
- Cisco: Most IoT projects are failing due to lack of experience and security (ZDNet)
- Enterprise IoT Research 2017: Benefits, Trends, and Security Concerns (Tech Pro Research)