The Challenges of IoT Security in Manufacturing

IoT is Growing — Everywhere

By now, you’ve likely come across the term IoT, or the Internet of Things. This term describes the interconnectedness of multiple devices (and not just phones) via the Internet that passes data to one another. In the consumer world, the benefits are immediate. You can monitor the temperature of your home from an app on your phone while you’re on the other side of the world. You can get updates on anything from the status of an online order to the status of a home improvement project on a smartwatch while you’re out jogging. 

But it’s not just the consumer world that is propelling itself forward in this space. Industries of all types and sizes are leveraging the power and benefits of IoT for a number of reasons. One common shared goal is naturally financial — knowing more enables you to do more and make more money. Another common goal is (understandably) improving efficiency. With greater knowledge of everything that’s going on within its sphere of operations, a business can get the data they need to make better decisions.

But when it comes to IoT security, manufacturing stands out. This is because manufacturing is of course how the world gets its goods. As of early 2019, the United States leads the world in manufacturing with 18.2 percent of the world’s goods produced here. China follows close behind with 17.6 percent. While a significant portion of manufacturing consists of non-critical goods, a fair amount of the food, pharmaceuticals, and other items that are critical for consumers are also produced via manufacturing.

And that’s why IoT security in manufacturing is so important. Many of the attacks we hear about on the news today aren’t just meant to steal business or consumer data. They’re simply meant to destroy — to break or stall infrastructure ranging from the ability of robots to operate on a manufacturing shop floor to how power is distributed in a country. It’s a difficult time to be a manufacturer, not only because of global competition but also because of the massive target on the backs of manufacturers of all kinds.

Operational Technology and Convergence in IoT Security in Manufacturing

The cyber risk for manufacturing currently targets one of the most important yet outdated aspects of the industry: operational technology (OT). This consists of the networks, hardware, and software that manufacturers use to control their production. It can range from devices that monitor temperature and process to equipment in use on the floor itself. Typically, this hardware is left to operate on its own with only minimal updating due to the simple tasks it performs. And because so much of it is older, manufacturers and the companies behind OT haven’t given it the attention is needed. That is, until OT became a significant channel for breaches and other cybersecurity attacks.

The trouble here is that by following a convergence strategy designed to marry OT and IT, companies are putting much, much more at risk than just their core operations. Without proper security, bringing OT online brings its security risks into your other networks. Many different attacks leverage the weaknesses present in OT to gain access to the other areas they’re looking to damage or steal from. And unfortunately, the signal that something might be wrong appears differently in OT than it would elsewhere.

To properly follow IoT security, manufacturers must take proactive steps to secure both their existing networks as well as their OT networks before joining them together to take advantage of IoT benefits. A great first step is evaluating the infrastructure of both your OT and what you’ll use for IoT. As many IoT solutions are cloud-based, attackers are expected to naturally start targeting these platforms more and more. While this alone is haunting, the reality is far more sobering: access to a foundational element within your IoT can potentially provide access to far more that also uses the same system.

Another recommendation is to start building security into more basic business solutions. Attackers continue to rely on low-privilege technologies where protections like identity-based security, multi-factor authentication, and other granular permissions aren’t as thoroughly or fully enforced. There, they’re able to obtain or find a way to the information they need.

A final recommendation is to consider how devices and information are used and pass throughout your organization. IoT and its industrial aspect, IIoT (industrial Internet of Things), have changed the way that data is shared and moves around. By understanding the various devices that are viewing and controlling data pertaining to your manufacturing environment, as well as how that data and those devices are used in your supply chain, manufacturers will be better able to protect their systems, their customers, and their organizations for the long haul.

Let Us Evaluate Your Security Environment

Inversion6 works closely with manufacturers to help them understand their security vulnerabilities and supports them with expert solutions to resolve them. If you’re looking to improve your security in preparation for an IoT rollout, we are here to support you. Fill out the form below to speak with our team and learn how we can partner with you for IoT success.