Strengthening Industrial IoT Security: Proven Strategies & Best Practices

It’s fast becoming obvious that industrial security and cybersecurity is a growing problem and that there are no clear solutions readily available to address matters.

This is due to the complex nature of industrial operations. For instance, in a factory setting, there are several questions that one needs to consider when setting up an industrial Internet of Things (IIoT) network, including what kinds of security tech to put in place and where; also, what threats these systems should be prepared to address.

Author Ann R. Thryft points to the recent Global ICS and IIoT Risk Report by operational technology (OT) security firm CyberX:

What’s more, Thryft points out that twenty-percent have wireless access points, which can be compromised in multiple ways, including the KRACK WPA2 vulnerability in most Wi-Fi networks, which was discovered last October.

Late last year, the National Institute of Standards and Technology (NIST) published a manufacturing profile providing details for implementing its Cybersecurity Framework in the plant. Additionally, the agency published a draft revision of its SP 800-53 Security and Privacy Controls for Information Systems and Organizations, focused on how public and private sector organizations can maintain security and privacy in interconnected systems and devices such as their IoT and IIoT networks.

Although the controls were developed for use by the federal government, industry organizations are also adopting them.

Per the draft revision, the controls are intended not just for IoT and IIoT or information security, but for protecting all kinds of computing platforms including mobile, cloud and industrial control systems.

A security framework for embedded IoT and IIoT devices that provides protection against a wide variety of cyber attacks. Source: Icon Labs

Aimed more specifically at the IIoT, the Industrial Internet Security Framework (IISF) was developed last year by the public-private Industrial Internet Consortium (IIC) to begin creating industry consensus for securing IIoT systems. It’s based on the consortium’s Industrial Internet Reference Architecture, a standards-based architectural template and methodology to provide a common framework and concepts for IIoT system architects.

The IISF separates security evaluation into several factors, including endpoints, communications, management systems and supply chains for the system’s elements. It includes best practices and discussions of existing standards, regulations, and guidelines for IIoT security and cybersecurity.

Last October, the IIC also released the Industrial IoT Analytics Framework, containing instructions for system architects for mapping analytics to IIoT machine and process data.

Read the full story on our sister site EETimes.com