Protection of valuable IIoT data in the industrial sector. In manufacturing, the Industrial Internet of Things (IIoT) is becoming more and more embedded in ecosystems thanks to advances in automation, big data analytics and lower hardware costs.
In the Internet of Things (IoT), networked smart home appliances and personal assistants such as Alexa or Siri are often mentioned, but the IoT already extends far beyond the use of consumer devices. More and more companies are using IoT technologies to facilitate automation and increase their productivity. Automobile manufacturers, rail-bound transport systems and companies from the food and logistics sector use a range of networked sensors and actuators as well as other devices to collect production data, feed it into the cloud and thereby gain further insights into the efficiency of their systems.
Smart factories: IIoT to increase efficiency in the manufacturing industry
In manufacturing, the Industrial Internet of Things (IIoT) is becoming more and more embedded in ecosystems thanks to advances in automation, big data analytics and lower hardware costs. According to a market study by IoT Analytics, global spending on IIoT platforms for the manufacturing industry is expected to increase from $ 1,67 billion in 2018 to $ 12,44 billion in 2024.
Vendors like Emerson, who specializes in automation solutions, are already helping companies to use IIoT solutions to increase efficiency, for example by setting up an IIoT Edge Computing Gateway. The gateway uses sensor data to assess how quickly the shock absorbers in pneumatic cylinders wear out. Instead of replacing the shock absorbers at a set interval, the sensor sounds an alarm when a certain value is reached. Only then is the shock absorber replaced. Companies like Rolls Royce are also using the technology to analyze trillions of data points provided by sensors to refine their engine development.
IIoT technologies thus increase transparency and provide information on whether machines are switched on, they are working efficiently and whether there are any problems. In the event of a problem, the technology can also use the data provided by IIoT to enable manufacturers to trace components back to the place of manufacture and assess whether the problem is with the machine, one part, or something else.
Huge amounts of IIoT data need to be protected
Since IIoT systems depend on these sensors to collect and analyze huge amounts of data, it is important to ensure that there are controls in place to protect this data and ensure its integrity. It is easy to overlook the fact that this data must be protected from the outset. Finally, these systems are unlikely to handle sensitive information that is subject to regulatory compliance, such as personal data.
But IIoT-generated data such as calibrations, measurements and other parameters must still be securely stored, managed and shared. Failure to do so could result in operational disruptions, loss of intellectual property, and data leaks. Without suitable data security measures, IIoT systems could pose a higher risk for an industrial attack such as the Triton malware. This malware targets the security processes in critical infrastructures such as power plants with the aim of sabotage and damage. Once the malware has embedded itself in security processes, cybercriminals can use it to control valves or trigger an emergency shutdown, for example. The consequences can be massive accidents.
Protection guidelines
Tim Bandos, Chief Information Security Officer at Digital Guardian
As the number of IIoT systems increases and they interact with corporate systems and business processes, it is important to have some kind of starting point for securing them. Here the Industrial Internet Consortium (IIC), a non-profit organization whose founding members include GE, Microsoft, and Dell EMC, published a guide on applying best practices for data protection to IIoT systems.
As the IIC points out, cryptography, encryption, auditing, monitoring, and protecting data - at rest, in motion, and in use - are some of the only ways to ensure data integrity. Understanding best practices like data security, privacy and data residency while ensuring that they are applied to IIoT data can also improve the trustworthiness of the system, according to the consortium.
IoT security maturity model
The IoT Security Maturity Model, which was also published by the IIC and co-authored by Microsoft, can also help companies assess their security maturity for IoT systems. The guide walks readers through tips on establishing governance practices, implementing security controls, hardening practices for IIoT setups such as software patching, performing security audits, and responding appropriately to security incidents.
Further frameworks for the development of interoperable IIoT systems are the Industrial Internet Reference Architecture (IIRA) and the Industrial Internet Security Framework (IISF). The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), has also published guidelines in the form of its report "Securing the Industrial Internet of Things".
Securing the Industrial Internet of Things
While all of these frameworks provide valuable insights to organizations looking for secure industrial systems, organizations should also treat IIoT for what it is: a complex supply chain. Businesses would be doing themselves a disservice by not having a way to track data and ensure its integrity, from factories to engines to cylinders and sensors throughout the environment. Suitable data security measures for IIoT systems should therefore be one of the basic pillars in order to minimize the risk of security breaches in the area of Industry 4.0.
More at DigitalGuardian.com
Via Digital Guardian Digital Guardian offers uncompromising data security. The data protection platform provided from the cloud was specially developed to prevent data loss from insider threats and external attackers on the Windows, Mac and Linux operating systems. The Digital Guardian Data Protection Platform can be used for the entire corporate network, traditional endpoints and cloud applications. For more than 15 years, Digital Guardian has made it possible for companies with high data volumes to protect their most valuable resources using SaaS or a fully managed service. With Digital Guardian's unique policy-less data transparency and flexible controls, organizations can protect their data without slowing down their business.