Securing the IIoT: Collaboration can win the day
By Chris Lyden
Just as new innovations and technology have helped industrial manufacturers improve operations, advancements in technology have emboldened a new generation of malicious actors to attempt far more innovative, aggressive, and dangerous cybersecurity attacks.
Not long ago, industrial information technology (IT) and operational technology (OT) were isolated. The hardware and software systems that monitor and control physical equipment were independent from the computers, systems, and applications that process and store operating and business data.
But now the IIoT is transforming how manufacturing and process plants control and manage operations. Connectivity, networking, big data, predictive analytics, cloud computing, edge computing, and the like are gaining acceptance. The line between IT and OT is blurring, so connectivity has become both inescapable and necessary. Yet it also widens access points for hackers. Cybersecurity threats come from every direction. Operations networks not built for connectivity are being connected, and security protocols are ignored for the benefit of data access. The threat vector now extends even to base-level assets. Attackers can target anything from a connected toaster to a wireless field device. It is a new type of cyberattack for industrial control systems (ICSs), which are increasingly accessible over the Internet.
The actors have also changed. Attackers are becoming more sophisticated. Attack techniques are readily available on the dark web, so low-level cybercriminals can access the necessary information for level-4 attacks. Motivations have changed, too; it is not always about money. Notoriety is also prized. And then there are nation-state perpetrators, who have emerged as our most dangerous threat.
We are facing a geopolitical climate where malicious actors have unlimited resources to carry out cyberattacks. That means industry players need to come together to improve our overall cybersecurity culture and hygiene. But where do we begin?
As an industry, we must take a multipronged approach to security threats. First, vendors have to reinforce their commitments to making products stronger and to educating end users on inherent product cybersecurity features. Organizations need to adhere to security best practices, identify threats, and respond accordingly. They should strengthen their own site security protocols, while maintaining the documented procedures from systems, solutions, and software suppliers.
Cybersecurity is a journey, not a destination. More than just technology, it must be accompanied by regular employee training, ongoing risk and threat assessments, firmware updates, maintenance of software and hardware, and procedure and change control. The old adage "an ounce of protection is worth a pound of cure" could not be more true in preventing cyberattacks. Unfortunately, cybersecurity funding and resources often become available only after an attack. Instead, to address continuous threats, the industry needs to invest now in our people, with better training and education, and in our ICS technologies.
Second, we all-suppliers, end users, third-party providers, integrators, standards bodies, and other industry organizations and government agencies-have to come together to put into place stronger unifying standards and practices. From there, we have to be aware of these standards and implement and always adhere to them, regardless of industry or type of facility. Lax adherence to cybersecurity protocols is widespread. Everyone must implement tighter basic cybersecurity controls and practices, but there is also a deeper need for more robust security reviews within all ICS and embedded device systems.
Third, we need new levels of collaboration and openness. For true change, industry leaders must commit to transparency that promotes openness across competitive lines. Cybersecurity is not limited to a single company, industry, or region. It is an international threat to public safety that can only be addressed and resolved through collaboration.
In the face of increasingly bold attacks perpetrated by malicious actors with unlimited time and resources, everyone must participate in open conversations and drive new approaches that allow installed and new technology to combat the highest-level cyberattacks.
We must not be paralyzed by fear, but we must not be complacent, either. The time for an industrywide initiative to address highest-level attacks is now. The entire industry must collaborate openly to educate and train our workforce, strengthen our technology, and install and adhere to stronger unifying standards. This is the clearest path toward ensuring the safety and security of the world's infrastructure and the long-term protection of the people, communities, and environment we serve.