As the Industrial Internet of Things (IIoT) grows, the security risks grow as well, according to a recent article by Jeff Dorsch in Semiconductor Engineering. According to his sources, the use of the IIoT is expanding both in the amount of new implementations, as well as how the data is being used. In addition to the traditional SCADA-like applications of machine-to-machine (M2M) connectivity, monitoring, and remote connectivity applications, it seems that more and more the IIoT is being used to power a data-driven approach to increasing production efficiency. Using big data tools and technologies, companies can employ better and more sophisticated analytics on industrial process data, thereby enhancing operational performance based on real-time data.
With the increase in use of the IIoT comes a corresponding increase in the potential for risk. Looking at big picture, Robert Lee, CEO of Dragos, and a national cybersecurity fellow at New America commented, “There are two larger problems that have to be dealt with. First, there are not enough security experts. There are about 500 people in the United States with security expertise in industrial control systems. There are only about 1,000 worldwide. And second, most people don’t understand the threats that are out there because they never existed in the industrial space.”
Both of these problems are real, and need to be addressed. And is often the case in issues of security, the human factor is closely intertwined with both. On the one hand, there is a crying need for security experts world wide, and on the other hand the man on the street, or in our case factory floor, control room, or corporate office, needs to quickly get up to speed on the unique security risks and challenges of providing data from live production systems over the Internet.
Addressing the Problems
As we see it, correctly addressing the second problem can help mitigate the first one. When we understand deeply the nature of the Internet, as well as how the industrial space may be particularly vulnerable to security threats from it, then we are in a position to build security directly into control system design. A secure-by-design approach provides a platform on which a secure IIoT system can run.
Like any well-designed tool, from electric cars to smart phones, the system should be easy to use. When the platform on which a system runs is secure by design, it should not require someone with security expertise to run it. The expertise is designed-in. Of course, the human factor is always there. Users will need to keep their guard up—properly handling passwords, restricting physical access, and adhering to company policies. But they should also have confidence in knowing that security has been designed into system they are working on.
Thus, the most effective use of our world’s limited security manpower and resources is to focus them on understanding the unique security challenges of the IIoT, and then on designing industrial systems that address these challenges. This has been our approach at Skkynet, and we find it satisfying to be able to provide a secure IIoT platform that anyone can use. We are confident that through this approach, as the IIoT continues to grow, the security risks will actually diminish for our users.