ICS Cyber Convergence

Return to blog

Each year, the Internet of Things (IoT) makes strides towards transforming industries. IoT, or as it’s sometimes known as the Internet of Everything (IoE), are physical devices that placed on the Internet by installing wireless sensors on them. You see a lot of IoT in the consumer world, most commonly in home devices such as alarm systems, thermostats and electrical sockets to control lights remotely. Most of these devices are accessed by apps on your mobile device.

Within the last couple of years, IoT has slowly started to enter other markets. Sectors like healthcare and manufacturing are quickly learning about their potential value, particularly when combining IoT with business process management (BPM) programs. At face value, the benefits of this integration seem limitless. Real-time data analytics, immediate social and mobile capabilities to otherwise static and often hard to reach devices, and the ability to pair business-facing operations like inventory control and automated supply-chain capabilities with real-time consumer demand, creates a list of desired capabilities that is almost too appealing for any C level executive to resist.

But how safe are these devices? What can your organization do to protect itself from the danger associated with IoT? In past blogs you’ve heard us talk about the potential challenges between integrating Information Technology and Operational Technology. In many ways, this is very similar. On one hand you have a physical device, like an alarm system, which was built to interface with a live person, and therefore the device was designed from the ground up with accessibility as its core, data integrity as its next most important component, and confidentiality of data as the third priority. By integrating a sensor for wireless access, you’re now effectively opening the door to hackers by providing accessibility to a device that was not built primarily to protect the confidentiality of its data.

According to Earl Perkins, research vice president at Gartner,

The power of an Internet of Things device to change the state of environments and of itself will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities. IoT security needs will be driven by specific business use cases that are resistant to categorization, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk. The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.” Gartner

 The Gartner article continues to state a prediction that by 2020 the installed base of "things" that make up IoT, excluding PCs, tablets and smartphones, will grow to 26 billion. That’s a huge leap from the estimated 0.9 billion units in 2009.

Despite the prospective issues associated with IoT from a security standpoint, there are two major steps that your organization can take to mitigate the cyber threat of the technology.

1. Map and know your environment

One of the dangers with IoT is the idea that they will proliferate on networks to a great degree, which will make it difficult for organizations to keep track of them, even as they take on increasing responsibilities. Once you lose track of how many you have, then you have an issue. This is a similar problem with IT and OT integration, especially within the utilities industry, because organizations lose track of how many IT-OT enabled devices they have and spend a lot of time just mapping their environment and trying to catch up. Industrial Defender not only offers the capability for your organization to better map these technologies, but also provides a snapshot from a centralized dashboard and portal. You can't fix what you don't know about, so this mapping is a vital first step, as well as an ongoing one, before anything else can be accomplished.

2. Assess and Plug vulnerabilities

Once your environment is mapped, assessing which set of IoT devices are specifically dangerous and building an approach to plugging their vulnerability can go a long way in defending from potential future attacks.

IoT is here to stay, and its implication to business and CISCOs that are both good and bad are still being determined. What is known, however, is that by mapping, assessing and addressing known vulnerabilities, you can go a long way to protecting your network.