Improving worker safety, increasing uptime, maintaining process integrity, and enhancing operational efficiency are all goals of industrial organizations. The widespread adoption of the industrial internet of things (IIoT) has made these goals more achievable by giving organizations a wealth of actionable data from their operations. In the last few years, traditional industries including oil and gas, manufacturing, water and waste management, shipping, and more have experienced the widespread effects brought on by digital transformation in IIoT. This rapid advancement in technological connectivity has led to great innovation, but it has also created new cyber attack vectors in many industrial networks. Organizations are now faced with the challenge of securing their IIoT networks while still achieving cyber and operational resilience.
The concept of the Industrial Internet of Things (IIoT) involves connecting sensors, instruments and devices, within settings like manufacturing and energy management. Unlike the IoT that focuses on consumers the IIoT emphasizes improving efficiency facilitating machine to machine communication (M2M) and automating industrial processes. By incorporating analytics, artificial intelligence and real time data collection the IIoT enables industries to achieve levels of productivity, performance and predictive maintenance. It plays a role in modernizing operations by offering smarter and more efficient approaches to production and operational workflows. As businesses increasingly realize its potential the IIoT is set to revolutionize how industries function.
In the past, information technology (IT) and operational technology (OT) environments functioned as distinctly separate, isolated domains managed by different business units. These conditions have changed tremendously in recent years, however, as digital transformation accelerated, connecting OT networks to IT systems and the Internet providing tremendous business value. The resulting of interconnectivity introduced by the rise of the IoT — including more sector-specific technologies such as the Industrial Internet of Things (IIoT) and Internet of Medical Things (IoMT), along with the holistic Extended Internet of Things (XIoT) — has further fueled IT/OT convergence. And now we’ve reached a point where our physical world is very dependent on its digital components.
Above, we can view the distinct areas encompassed in the Internet of things (IoT), which can be defined as the network of physical objects or "things" that are embedded with sensors, software, and connectivity for the purpose of exchanging data with other connected devices and systems over the internet. A widely used example of IoT is smart home security. This form of IoT is commonly used to help secure homes from break-ins with physical objects such as motion detectors, cameras, security alarm pads, smart doorbells, etc. These daily objects are equipped with sensors and/or actuators to measure and act within their environment. The readings and alarms from these sensors flow to an in-home controller and then to the cloud via the internet — alerting you to any untoward activity in the home via mobile phone or computer app. This and other uses of IoT has exploded in recent years, and such advancements will continue to benefit both organizations and society as a whole.
The industrial internet of things (IIoT), on the other hand, involves connecting industrial devices and equipment to the internet and/or an IT network to support the real-time collection and analysis of data. This functionality enables critical infrastructure organizations to achieve their goals by monitoring and optimizing their industrial processes, increasing efficiency, reducing downtime, and saving costs. Unlike IoT, IIoT connects machines and devices in industries such as manufacturing, transportation, oil and gas, power generation and transmission, mines, and ports. But, failure of both IoT and IIoT devices can have serious consequences. IIoT failures can create high risk and potentially life-threatening situations, and downtimes of IoT devices may not only result in inconveniences, but emergency situations.
A prime example of a cyber attack that severely impacted IIoT occurred in 2017, when the world was introduced to the most destructive malware ever deployed. The NotPetya ransomware variant infected organizations worldwide, with a significant impact to critical infrastructure, businesses, and governments. The breach began with a Ukrainian financial software company which distributed a tax accounting software update containing the ransomware. Once inside the network, NotPetya utilized various propagation techniques to spread laterally and infect other unsuspecting devices. The damage from the attack is estimated at more than $10 billion — and caused widespread disruptions in over 60 countries. NotPetya served as a wake-up call for organizations worldwide, highlighting the far-reaching and destructive consequences attacks of this nature can have, and the dire need for robust industrial cybersecurity practices across critical sectors.
Another notable example of a disruptive ransomware attack impacting IIoT was the unprecedented attack against Colonial Pipeline, which is the East Coast’s largest gasoline, diesel, and natural gas distributor. The attack led to not only fuel shortages and higher prices, but loss of consumer confidence in the protection of industrial control systems (ICS). This targeted hack was the result of a single compromised password and an old VPN. Once inside, the ransomware quickly spread across Colonial Pipeline’s network, affecting critical systems and infrastructure. To restore its systems, Colonial Pipeline paid a ransom of $4.4 million to obtain a decryption key. Attacks involving stolen credentials require minimal effort for cybercriminals to carry out, but the good news is, they can be easily prevented with basic ICS security in place. In today’s volatile cybersecurity climate, ransomware attacks are only growing in frequency and sophistication, as hackers understand that critical infrastructure organizations cannot afford any downtime. The only way for these organizations to mitigate damage is to prevent it, which can be done by implementing an effective IIoT cybersecurity strategy.
Securing the IIoT environments that underpin critical infrastructure organizations starts with following the below three principles:
The first step to implementing a strong IIoT cybersecurity strategy is ensuring that you gain visibility in your entire extended internet of things (XIoT). A comprehensive inventory of all the assets in your critical infrastructure environment lays the foundation for your entire cybersecurity journey — however, full-spectrum visibility is one of the most challenging tasks facing security and risk leaders today. This is largely because XIoT assets typically use proprietary protocols that are incompatible with, and therefore invisible to, generalized security tools. Critical infrastructure environments may also encompass a diverse mix of new and legacy devices that communicate and operate in different ways, making it even more difficult to answer the question of what devices are in the environment. Further complicating matters is the fact that there is no one-size-fits all path to asset discovery. Every XIoT environment is unique, and most contain complexities that render certain asset discovery methods ineffective.That’s why it is key to ensure your organizations partners with cyber-physical systems (CPS) security provider that offers multiple, highly flexible discovery methods that can be mixed and matched to deliver full visibility in the manner best suited to your distinct needs.
The integration of IT and OT systems have created more connected systems which have led to improved efficiency, increased visibility and control over operations, and better decision-making capabilities for organizations. Although converged IT/OT brings the promise of cost savings and resource efficiencies for industrial organizations, this rise in interconnectivity has also brought its share of challenges. A major issue that has arisen from this integration is increased cybersecurity risk. This is mainly due to the fact that IT and OT operations within an organization tend to be siloed — and, traditional IT security solutions are not equipped to protect OT systems. IT and OT systems have very different security requirements, and face unique cyberthreats. Therefore, there is a need for specialized security controls and collaboration between IT and OT cybersecurity teams to ensure their systems are protected against cyberthreats. To do this, organizations require a CPS security solution that integrates with their already-extensive tech stack — allowing them to simply extend their existing tools and workflows from IT to OT.
Unlike their IT counterparts, most XIoT environments lack essential cybersecurity controls and consistent governance. That’s because many legacy industrial devices and systems were built with a focus on functionality and operational reliability, rather than security, as these systems were not initially intended to be connected to IIoT. The rise of interconnectedness has caused these previously “air-gapped” systems to become converged with IT networks — which have not been designed to be connected and managed in the same way. The rapid adoption of digital transformation, and remote and hybrid working environments, have left security teams with a lack of awareness and understanding about the unique challenges of these newly interconnected IIoT environments. Without a dedicated security team or help form a solution that specializes in securing OT systems, organizations will suffer from a lack of consistent governance and controls. To resolve this, organizations should partner with a CPS security vendor that can provide visibility into all IIoT, integrate your existing IT tools and workflows with OT, and help to extend your IT controls to IIoT by unifying your security governance and driving all use cases on your journey to cyber and operational resilience.
IIoT systems are increasing operational efficiency, reducing downtime, and providing better resource management across a broad range of critical infrastructure sectors. But, as with anything connected to the internet, IIoT has become subject to myriad of cyber threats and has fallen victim to several notable cyber attacks in recent years. Thankfully, as IIoT continues to rapidly evolve and lines blur between IT and OT, organizations can defend their critical systems by implementing robust CPS security controls. This starts with implementing the above three principles for securing IIoT and by partnering with a CPS security vendor, like Claorty, that can help your organization achieve cyber and operational resilience.
IIoT Security: 5 Essential Steps to Secure your IoT Devices and OS
Next-Gen Defense: Cybersecurity in Smart Manufacturing
Best Practices for Securing Industrial Environments, Part 5: Control Access