Network security concerns increasing with rise of IIoT 

Network security concerns increasing with rise of IIoT 

It’s tough to imagine life without the internet and the many devices and gadgets it supports and connects. Everything, from smartphones and computers to your refrigerators — will soon be connected by the Internet of Things (IoT). Along with taking care of our mundane needs, the state-of-the-art IoT solutions and products also cater to a plethora of industrial requirements. The myriad factors of IoT can connect multiple devices — both legacy and modern systems — together, to derive business intelligence in real-time. According to IndustryArc Research, the Industrial IoT (IIoT) market is expected to reach an impressive $123.89 billion by 2021. As more and more companies across various domains are increasingly embracing IIoT and using it to their advantage, it poses serious security threats as well.

What if one of these ordinary, benign devices is hacked to access private and valuable information stored in another connected device? This scenario is not completely unlikely, as was the case in the 2016 massive Distributed Denial-of-Service (DDOS) attack when large parts of the US and Europe experienced internet disruption. The attack was traced back to a large number of compromised and insecure smart home devices that were used to shut down several major websites.

Security threats: IIoT represents a classic paradox — as its popularity rises, so do the inherent risks. According to a study by leading research company, Gartner, there will be 6.4 billion connected things globally by the end of 2018 and this number is likely to reach 21 billion by 2020. But at the same time, it has sent alarm bells ringing among cybersecurity experts with inadequate security and privacy concerns posing as a threat to consumers. Around the globe, between 2011 and 2016, many homes went without water when multiple water supply plants were hacked. The hackers also succeeded in infiltrating the US power grid a whopping 17 times between 2013 and 2014. As IIoT is estimated to witness a phenomenal growth, one cannot deny the fact that it is a goldmine for cyberattackers. All the above-mentioned attacks point to a larger global problem and here’s a look at some of the security threats posed by IIoT.

Unsecured industrial devices: As numerous companies are rapidly adapting IIoT products and solutions, machines and devices don’t work in isolation. Increased digitisation and integration of more and more devices make the IIoT ecosystem vulnerable and susceptible to cyber risks. As these devices spawn huge volumes of data and sensitive information, a lack of a robust security architecture can result in serious operational and financial damage.

Data security: Data generated from myriad IIoT devices offers a goldmine of opportunities to businesses. The cloud provides an easily scalable model to store and analyse this data. However, this data is not entirely secure in transit and during storage. One way to secure it is to create multiple levels of encryption but that can slow systems down. 

IIoT applications and devices are developed across different geographical zones and are not governed by any industry standards or regulations. Due to the competitive nature of the field, security is not always a high priority for developers or other decision makers. Businesses can’t afford to be late to the market and pay little or no attention to security vulnerabilities that may get detected very close to the time of the product’s launch. As a result, security is loosely bolted to the application or device, leaving wide loopholes.

Lack of updates: While computers and cell phone operating systems receive regular security updates, that is not usually the case with IIoT devices. Such a device may have been safe when you first bought it but could become compromised with hackers discovering new vulnerabilities. Companies may offer firmware upgrades, but that often stops when they focus on developing a new product leaving you with outdated hardware that is potentially risky.

How to secure IIoT devices

Need we elaborate more the security concerns to IIoT devices which resemble sitting ducks to hackers? Little effort and a change in approach to the development process, can secure these devices for future use. Here’s a look at a few steps to safeguard IIoT devices and their applications. Default passwords: Many devices have fallen prey to hackers in the past due to default passwords. The use of long, complex passwords is the first step to prevent any kind of hacking. Experts suggest that you use a variety of numbers, symbols and varying letter case in your passwords to keep your data and devices safe.

Automate testing process: Developers must place testing at the start of the development process and make security a high priority. By automating the testing process, they can prevent IIoT devices and applications from becoming a security risk.

Encrypted software and firmware: While inter-connectivity of IIoT devices offers many advantages, even one weak IIoT device can act as a rotten apple, leading to the leak of valuable data from other devices. Viruses are used to send out unencrypted information and hijack other devices connected to your network. By using encrypted software and hardware, you can prevent any such leaks of sensitive information from IIoT devices.

In order to nip security issues in the bud, there needs to be a radical change in the development process. Developers must check each device thoroughly for all possible lacunae at preliminary stages. Even as tech companies and governments across the world are waking up to the IIoT security threat, the first line of defence begins with you. Each user must take time to go over security features carefully and adhere to them. It’s vital to remember that as consumers if you don’t demand security, manufacturers will never prioritise it. As the web of the internet spreads wider, IIoT promises endless opportunities, but its inherent security risks must be recognised and addressed to promise a safer future for all concerned stakeholders.

(The writer is co-founder and CEO, Integration Wizards)