In today’s increasingly interconnected and remote world, Industrial Internet of Things (IIoT) devices enable organizations to manage their operational technology (OT) deployments more effectively. Historically, organizations separated their OT environments – physically and technologically – from their internet-connected enterprise IT environments. This process of air-gapping mitigated security risks because malicious actors had to have physical access to the devices to cross the air-gap. 

The rapid adoption of IIoT changes this model, causing organizations to rethink how they secure their OT. Typical IIoT technologies include both a hardware and a software interface, meaning that they can connect to the public internet. To understand how these new cyber-physical systems impact security, organizations should understand how this IIoT/OT convergence creates new risks. 

What’s the difference between IIoT and OT?

While the two terms both have an “o” and “t” in their acronyms, they have significant differences. While their capabilities complement each other, understanding these differences is critical to managing an organization’s security. 

Operational Technology (OT)

Operational technology (OT) consists of the hardware, software, and firmware that interact with or manage the devices that interact with the physical environment. Managing OT requires experts who understand standard protocols, like EtherCAT or OPC UA Binary, and vendor-specific protocols, like Emerson/Fisher ROC Plus and Johnson Controls Metasys N1. Organizations use these devices and systems to detect or make a change to monitor or control industrial equipment, assets, processes, and events. 

The critical infrastructure and industrial environments that typically deploy OT include:

• Manufacturing
• Transportation
• Oil and gas
• Electricity and utilities

Some examples of OT devices include:

• Programmable logic controllers (PLC)
• Remote terminal units (RTUs)
• Industrial control systems (ICS)
• Distributed control systems (DCS)
• Supervisory control and data acquisition system (SCADA)

Traditionally, OT devices run specialized software and proprietary protocols, giving them an extended lifespan when compared to enterprise IT devices. Since many OT devices were built in the decades before cybersecurity threats were ever-present, they often lack modern security controls, like software updates that remediate vulnerabilities. 

Industrial Internet of Things (IIoT)

The Industrial Internet of Things (IIoT) consists of sensors, instruments, machines, and other devices that enhance industrial and manufacturing business processes. These networked systems integrate with OT devices to collect, exchange, and analyze data. However, since they rely on the enterprise IT networks to deliver these outcomes, organizations can no longer physically and logically separate their OT and IT environments. 

IIoT focuses on machine-to-machine communication, big data, and machine learning so that organizations gain operational efficiency and reliability. IIoT connects with OT devices so companies can engage in:

• Remote operational monitoring
• Maintenance predictions
• Inventory management
• Equipment tracking
• Sensing conditions around OT

Some examples of common IIoT devices include:

• Temperature sensors
• Pressure sensors
• Proximity sensors
• Air quality monitors
• Water quality sensors
• Noise level monitors
• Barcode scanners

What role does IIoT play in converging IT and OT?

IIoT devices act as a bridge between the OT and enterprise IT technologies. OT connects machines for centralized analysis of operations, like manufacturing processes. Although these devices incorporate firmware and software, they traditionally focus on giving organizations a way to monitor and control machinery, like physical plant equipment. 

IT typically consists of operating systems and software that enable day-to-day business operations. It focuses on storing, processing, and delivering data to business users for enhanced decision-making and improved productivity. 

IIoT is the bridge that gives these two technologies the ability to communicate more effectively. IIoT devices typically have an application that enables the users to leverage analytics. The IIoT devices that monitor OT technology collect data. That data is sent across the enterprise IT network to the associated application which applies analytics so that the business gains insight. 

IIoT Security Challenges

As a subset of IoT, the devices that enable operational monitoring and efficiency create similar security challenges to their digital cousins. However, within the context of the OT environment, these issues pose a broader risk to businesses. From a business perspective, a cyberattack that compromises the OT environment can disrupt business operations, leading to lost revenue. IIoT’s connection to OT also creates a risk to physical safety, requiring organizations to integrate cybersecurity risk with safety hazard evaluations. 

Lack of Security Protocols

As a subgenre of IoT, IIoT often lacks the inherent security protocols that other technologies have. For example, most IIoT devices lack standard security features like data-at-rest encryption or authentication and authorization controls. Recognizing these deficiencies, malicious actors focus their attacks on these devices as a way to gain an initial foothold in an organization’s networks.

Lateral Movement

Since the IIoT connects the operational and enterprise networks, attackers that comprise an IIoT device can move from one environment to the other. Often, organizations struggle to configure their network architectures appropriately, especially with fragile OT networks that can be easily disrupted and lead to operational outages. 

Malware

Since the IIoT connects to both the OT and enterprise networks, attackers can infect them with malware. With malware that enables the attacker to control the IIoT device, malicious actors can create a botnet that overwhelms both networks, leading to expensive operational outages and potential risks to physical safety. 

Accountability

As the connective tissue between IT and OT, many organizations lack clear lines of responsibility for IIoT. The enterprise IT manages traditional network and application monitoring while the dedicated OT team focuses on securing their environment. With each team having specialized skills, they struggle to determine which team should manage the IIoT deployment. However, the technologies for managing these different environments often remain siloed, creating visibility and communications issues. Ultimately, many organizations have no way to appropriately assign responsibility for managing IIoT security. 

Converging Expertise to Manage IIoT/OT Security

Just as IIoT creates a bridge between IT and OT, IIoT security solutions create a bridge between IT and OT cybersecurity tools so the teams can combine their specialized skills to respond to IIoT’s unique challenges. 

Asset Visibility and Inventory

Neither traditional OT nor IT tools enable organizations to identify and inventory their IIoT assets. Typical OT solutions focus on ingesting traffic data to identify the devices communicating on the network and then comparing that information to the organization’s Configuration Management Database (CMDB). These purpose-built technologies prevent downtime but focus on OT communication protocols which often differ from those used by IIoT devices.

Meanwhile, enterprise IT asset identification technologies use active scanning that can cause IIoT service disruption which can flow down to the OT environment, causing downtime. 

Organizations should look for passive scanning solutions that inspect traffic and understand IIoT device protocols so that they can build an accurate device profile that contains:

• Operating system
• IP address
• MAC address
• Port numbers
• Hostname

Vulnerability Management

At the enterprise IT level, vulnerability scanners often initiate traffic, which can lead to a service disruption for IIoT devices. Additionally, unlike enterprise technologies, IIoT device manufacturers may not regularly provide software, firmware, or operating system updates to mitigate risk. 

OT vulnerability management tools gather data about an organization’s devices from specialized threat intelligence services and public sources to prevent service disruption. However, the remediation activities often fail to respond to IIoT risk. For example, OT vulnerability management may mean disconnecting a device from a particular port. For example, an OT device may use a BACnet/IP protocol using a UDP port or a DNP3 protocol using a TCP port. Meanwhile, IIoT devices may use HTTP/HTTPS protocols or MQTT protocols, connecting to the internet via well-known ports. 

Organizations should seek technologies that bridge these security gaps and provide specialized visibility into the IIoT vulnerability landscape, including threat intelligence unique to these devices. Having a dedicated IIoT security solution enables organizations to identify risks and implement appropriate remediation activities like:

• Deactivating unnecessary services without impacting device function.
• Blocking risky services with a Network Access Control (NAC) tool.
• Hardening vulnerable devices by updating their configurations.
• Implementing microsegmentation when altering configurations affects the IIoT device operations

Threat Detection

IIoT threat detection creates new challenges for organizations. An OT threat detection solution supports the OT vendors, often lacking information about what anomalous behavior looks like for an IIoT device. Further, since these dedicated solutions focus on OT technology providers, a company may have an IIoT device delivered by a vendor outside the OT security monitoring solution’s purview. 

Meanwhile, typical IT cybersecurity tools often fail to collect and analyze the technical forensic data that IIoT devices generate. Organizations need to incorporate IIoT monitoring data into their security tools so they can bring them within the overarching security incident detection and response program. 

Organizations should seek a dedicated IIoT solution that can capture network packet data so that the security team can trace an attack back to its root cause faster. For example, security teams need a solution that can correlate IT and OT information with data like:

• RAM from servers (important for fileless malware, which doesn’t touch magnetic media)
• Traffic information from network devices
• Data transferred to an FTP server

Asimily: IIoT Monitoring to Bridge the IT/OT Divide

Asimily provides holistic context into an organization’s environment when calculating Likelihood-based risk scoring for devices. Our vulnerability scoring considers the compensating controls so you can more appropriately prioritize remediation activities.

Organizations efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that cross-references vast amounts of data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.

Asimily customers are 10x more efficient because the engine can pinpoint and prioritize the top 2% of problem devices that are High Risk (High Likelihood of exploitation and High Impact if compromised). Asimily’s recommendations can easily be applied in several ways, including through seamless integration with NACs, firewalls, or other network enforcement solutions. To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.