Your Guide to Industrial IoT Security
Every industry has experienced a digital transformation over the past five years. However, the manufacturing industry’s adoption of Industrial Internet of Things (IIoT) devices has dramatically disrupted the idea of “business as usual.” The industry has found itself facing overwhelming obstacles. Between factory shutdowns in 2020, supply chain disruptions, and labor shortages, manufacturers have transformed their business operations with IIoT to build more efficient factories, improve safety, and deliver products faster, all while reducing costs.
Simultaneously, Industrial IoT devices create new cybersecurity risks that can undermine the benefits they offer. From financially motivated cybercriminals to nation-state actors interested in espionage, threat actors seek to leverage these devices’ inherent lack of security controls to gain a foothold in the organization’s systems.
When companies understand the nexus between IoT device use and risk, they can implement appropriate security controls that protect the Industrial IoT used for manufacturing and delivering products.
What is the Industrial IoT?
The Industrial Internet of Things (IIoT) consists of devices, like smart sensors and actuators, that companies use to enhance their manufacturing and industrial processes. These connected assets and edge devices provide data collection capabilities that organizations use to identify and investigate larger issues like:
- Remotely monitoring manufacturing assets
- Predicting machine maintenance to prevent downtime from failures
- Managing inventory to ensure on-time delivery
- Tracking equipment inside a plant
- Gaining visibility into real-time production rates to optimize supply chain management
Industrial IoT focuses on machine-to-machine communications so manufacturers can leverage big data and machine learning (ML) for more efficient, reliable operations while reducing costs.
How Does Industrial IoT Work?
IIoT sensors collect data from the manufacturing floor and then transmit it across networks so that the connected applications can process the data and provide insights. The Industry Industry IoT Consortium (IIC) released the Industrial Internet Reference Architecture (IIRA) 1.0 which identifies data flows across an IIoT implementation, providing insight into how the devices enable manufacturers. At their core, IIoT architectures consist of three layers:
- Edge Tier: collects data from sensors and devices using the proximity network to communicate with other devices outside of the network infrastructure
- Platform Tier: receives, processes, and forwards commands from the enterprise tier to the edge tier, providing management functions for devices and assets
- Enterprise Tier: implements applications, support systems, and end-user interfaces to issue control commands to the platform and edge tiers.
Essentially, the IIoT devices at the edge tier should have a one-way communication with the platform tier that manages processing and transforming data. The platform tier forwards that data to the enterprise tier where users can make decisions based on the applications’ analytics. The enterprise tier then has a one-way communication of orchestration, but no data flows back to the edge tier. At a very high level, the communications across the three tiers would look like this:
What is the Difference Between IoT and Industrial IoT?
Industrial IoT is the square to IoT’s rectangle. Industrial IoT is a subclass of IoT, meaning that they share several characteristics and technologies. For example, both include:
- Cloud platforms
- Wireless communications
- Data analytics
While IoT enables traditional business operations and connects various enterprise IT technologies, Industrial IoT focuses on connecting machines and devices in specific sectors:
- Oil and gas
Since Industrial IoT connects industrial machines with applications, downtimes and failures have a further reaching impact than traditional IoT. While an attack on an enterprise IoT device can lead to data loss, an attack against an IIoT device can lead to physical safety issues.
Industrial IoT Device Adoption in Manufacturing
Despite the risks that cyber-physical systems pose, they optimize processes, reduce factory downtime, and improve customer satisfaction, increasing overall revenue. To remain competitive, manufacturers adopt them to remain competitive in a market that continues to struggle financially.
Strategic inventory management is complex. Manufacturers often struggle with:
- Ordering supplies
- Storing products
- Restocking products
- Forecasting future orders
IIoT devices enable them to collect data and leverage analytics models for real-time insights that enable efficient, precise, and cost-effective inventory management processes.
Supply Chain Visibility
Inventory management is one way that Industrial IoT enables manufacturers to gain visibility into their supply chain. Sensors and radio-frequency identification (RFID) tags enable communication between manufacturers and their suppliers, enabling end-to-end visibility of raw materials and finished goods. With Industrial IoT providing insights into supply chain logistics, manufacturers can implement and maintain a traceability system that allows them to navigate global supply chains.
Sensors attached or embedded into machines and equipment enable manufacturers to implement data-driven asset management, providing insight into assets:
- Location with geofencing data to identify campus or plant
- Usage to track hours for identifying when they reach threshold values
- Flows to monitor and report movement in and out of the factory
With IIoT sensors collecting and analyzing equipment conditions in real-time, manufacturers gain visibility into what normal operation looks like and use that as a baseline for identifying potential issues. IIoT sensor data often includes measurements like:
The connected applications use predictive analytics to create alarms and alerts that prevent problems and provide benefits like:
- Reduced unplanned downtime
- Faster service resolutions
- Less time spent on site managing maintenance
- Improved productivity by increasing asset utilization
- Less time spent running unnecessary maintenance checks
Challenges of Industrial IoT Device Adoption
While manufacturers need to digitally transform their factory floors, the process of integrating Industrial IoT into these traditionally segmented environments creates new security risks.
Traditionally, security for industrial systems relied on physical and network isolation, enforcing the controls using physical locks, alarm systems, or armed guards. Good design focused primarily on direct access through human error or misuse since no one considered or expected the systems to connect to a global network. The convergence of control systems, business systems, and the internet means that traditional security protocols no longer protect these systems.
Sophisticated Cyber Attacks
Threat actors increasingly seek to compromise a manufacturing company’s systems using products that give them strategic access to systems. Beachhead products connect to remote systems and bridge segmented networks, enabling attackers to gain initial unauthorized access to systems and then move across networks to achieve their objectives. Since Industrial IoT devices connect with human-machine interfaces (HMIs) attackers increasingly target them because their connectivity enables authentication to the manufacturer’s networks.
Differing Priorities for Industrial IoT and IT
IT and security teams tasked with protecting these systems speak a different language from the Operational Technology (OT) teams. In IIoT-connected systems, the risks and priorities differ from those the enterprise IT teams traditionally manage. The priorities for these systems typically look like this:
- Safety: protecting the public from risk, like physical injury or death
- Production quality: ensuring that products meet basic quality guidelines
- Production targets: meeting product delivery deadlines
An IT security team would likely accept operational downtime to limit the impact on protected data. However, the Industrial IoT and OT teams focus more heavily on system reliability and resilience to limit downtime because they have these different priorities.
Best Practices for Securing Industrial IoT
Best practices for securing Industrial IoT devices are both similar to and different from securing enterprise IT. While the steps may be the same, the technologies need to be focused on these unique devices. Manufacturers need purpose-built IoT discovery and monitoring technologies so they can create a holistic security approach that protects data and maintains operational uptime to prevent human safety issues.
Identify Industrial IoT Assets with Passive Scanning Solutions
A passive scanning solution identifies Industrial IoT devices without initiating traffic that can disrupt service. When looking for a solution, manufacturers should look for one that enables them to build accurate device profiles that include:
- Operating system
- IP address
- MAC address
- Port numbers
- Version number
Use Passive Scanning to Identify Vulnerabilities
As attackers continue to target Industrial IoT devices and their HMIs, manufacturers need to monitor and manage their fleet deployments more effectively. Vulnerabilities present threat actors with opportunities to leverage these devices during an attack, so manufacturers need solutions that can identify security weaknesses while correlating across multiple data points including:
- Devices containing vulnerabilities
- Threat actors’ ability to use the insecure devices in an attack
- The impact that an attack on those devices would have on operations and human safety
By augmenting their IT vulnerability scanning with this data, they can comprehensively monitor their converged environments for greater visibility and enhanced security.
Leverage Threat Intelligence to Prioritize Remediation Activities
Depending on how the organization deploys its fleet, attackers may not be able to use a vulnerability during an attack. When considering a solution, manufacturers should look for one that leverages both vulnerability and threat intelligence data so that they can identify the high-risk devices that need to be remediated first.
For example, a robust solution should allow them to prioritize actions by aggregating and analyzing:
- Manufacturer-supplied security data
- Open-source software components
- Vulnerability criticality
- Current attack methods using the vulnerability
Further, a solution that reduces the time spent on security while improving posture should offer simple, actionable remediation activities that include compensating controls, like:
- Deactivating unnecessary services without impacting clinical function.
- Blocking risky services with a Network Access Control (NAC) tool.
- Hardening vulnerable devices by updating their configurations.
- Implementing micro-segmenting when altering configurations affects the Industrial IoT device operations
Create and Track Key Performance Indicators (KPIs)
Security is a never-ending process. Organizations need to constantly iterate and mature their programs, meaning that they need to identify KPIs and targets to measure their current state. Reports that track risk trends and make technical data accessible enable all technical and non-technical stakeholders to communicate more effectively.
For example, reports should include information about:
- Device risk likelihood
- Device security compared to industry peers
- Vulnerabilities closed, including a focus on high-risk vulnerabilities
- Top anomaly categories
Incorporate Risk Assessments into Industrial IoT Procurement
Many manufacturers are in the early stages of their digital transformation strategies, meaning that they will continue to add more Industrial IoT devices to their environments. As part of a strong security program, they need to analyze risk impact during the procurement process.
When considering an Industrial IoT monitoring solution, they should look for one that enables them to incorporate risk modeling by:
- Simulating device risk scenarios that calculate which configurations minimize risk
- Identifying the configurations that will have the least risk impact within their unique environments
- Comparing similar device types to find the ones that achieve business objectives while minimizing security risks
Asimily: Helping Mitigate Industrial IoT Risk for the Manufacturing Industry
Asimily provides holistic context into an organization’s environment when calculating Likelihood-based risk scoring for devices. Our vulnerability scoring considers the compensating controls so you can more appropriately prioritize remediation activities.
Organizations efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that cross-references vast amounts of data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.
Asimily customers are 10x more efficient because the engine can pinpoint and prioritize the top 2% of problem devices that are High-Risk (High Likelihood of exploitation and High Impact if compromised). Asimily’s recommendations can easily be applied in several ways, including through seamless integration with NACs, firewalls, or other network enforcement solutions.
Schedule a consultation with an Asimily expert to see how you can efficiently prioritize and remediate vulnerabilities with the leading Industrial IoT risk management platform.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.