How you can secure iiot

Even as the Industrial Internet of Things (IIoT) ushers in a new era of greater capability and standardization, it adds to an already complex set of interrelated security challenges that exist within industrial facilities.

Today, maintaining effective and coherent security postures in these environments is complicated by the disparate nature of large collections of incompatible equipment. The sophisticated new generation of connected sensors, actuators, and instrumentation that is arising from IIoT usage models makes those challenges even more pronounced.

IIoT and Existing Environments Must Share a Holistic Security Approach

Machine-to-machine (M2M) operating models based on SCADA (supervisory control and data acquisition) have enabled substantial increases in cost efficiency, productivity, and safety by enhancing interoperability among systems. At the same time, however, security vulnerabilities are common in SCADA environments. IIoT systems have an inherently high degree of connectivity, which can make the impacts of existing risks greater:

• Endpoint vulnerabilities. Industrial computer equipment often have significant security shortcomings, including operating systems and other software that are not fully patched and may have reached support end of life, as well as insufficient or lacking firewall, anti-virus, and other security software.
• Uncontrolled points of entry. Threats to industrial systems may use unsecured access to the network, as in the famous Stuxnet attack on SCADA systems from a USB drive that destroyed Iranian uranium-enriching centrifuges in 2010. Many vectors are possible, from a contractor’s laptop to a rogue equipment-management port.
• Flat control-network architectures. Many industrial control systems (ICS) networks are built with flat topologies, where all resources exist in a single data domain that allows data—and therefore malware—to flow freely anywhere. Proper network segmentation addresses this issue by restricting communication between subsystems.

While the IIoT is revolutionary, it will work in tandem with existing SCADA systems, rather than replacing them. Therefore, a structured approach to security that encompasses both is critical to ensure that the rise of the IIoT addresses key security issues, even as it makes existing functionality more capable.

Addressing Industrial Security for SCADA and the IIoT Together

The interoperability of existing SCADA systems and emerging IIoT systems is critical to successful operations in industrial environments, as well as a consistent security posture across both. This means decision makers and architects must embrace security approaches that treat the holistic plant environment as a single, integrated unit.

To thwart the mostly nascent threat of cyberattacks on infrastructure requires that industrial systems have the same robust level of security as IT systems:

• Network security protects network resources from unauthorized access using measures such as subnetting, DMZs, VPN access, and perimeter protections such as firewalls.
• System integrity protects automation systems, controls, and data through system hardening and the authentication of users and their access privileges.
• Plant security protects physical facilities based on a thorough risk analysis, including keycard or biometric access control, customized security processes and guidelines, and ongoing monitoring and updates.

To implement these strategic measures most effectively, many organizations seek out expert services and platforms that have them fully baked in. When doing this, the IIoT platform that organizations choose to work with must do more than implement standard security protocols. A concerted effort is needed to completely secure the entire lifecycle, from connecting devices to data retention to decommissioning.

One IIoT platform that makes data security a central focus is Siemens MindSphere. All Siemens solutions must meet the principles in the Siemens Information Security Policy that establishes a blueprint for information system solutions to align with international standards. MindSphere is a cloud-based, open IoT platform that provides a holistic foundation for both environments. It is secure by design to better protect industrial systems against security threats, while also embracing the benefits of the IIoT.

To learn more about security at Siemens, click here.