The IIoT is being implemented in all industries, from factories to infrastructure. With this more connected approach comes an increased threat of cyberattacks. Most understand the need for better defences against such attacks, but organisations often do not have the tools, skill set or bandwidth to develop effective security measures on their own.
Many seek solutions that allow security to be integrated in their systems easily and quickly, leaving them free to focus on their core interests. Industrial networks are increasingly the target of cyberattacks. Digital transformation through IIoT implementation is seen as necessary to deliver competitive solutions, optimising productivity, and improving business performance.
Unfortunately, the IIoT offers attackers many opportunities to disrupt business and damage property and people. Intercepting data from industrial control systems can reveal manufacturing secrets, potentially exposing a source of competitive advantage. If devices can be taken over, cloned, or spoofed, it’s possible to corrupt sensor data, shut down critical systems, and send false control commands that can pose a serious threat to safety.
There have already been many examples of large attacks posing a serious threat to security. For example, the Stuxnet attack that affected Iran’s nuclear program and Black Energy 3 that reportedly shut down part of Ukraine’s electrical grid. Studying cyber-attacks has taught the industry much about the weaknesses they exploit and has helped to develop security best practices and standards.
These help system architects understand the protection their assets require and how to resist attacks. IEC 62443, for example, is emerging as an international standard for cyber security. It takes a pragmatic approach to the security needs of IIoT devices. IEC 62443 defines five security levels, assessing the risk based on the consequences and impact of a successful attack.
For the higher security levels hardware-based security is a requirement. Storing critical secrets and data within a discrete hardware chip comes with enhanced protection, because a dedicated security chip is hardened against logical as well as physical attacks, where Software-only methods have much lower barriers for logical attacks.
Authentication always plays a key role. Mutual authentication between end nodes, the devices they connect with, and/or the cloud allows only genuine, uncompromised devices to communicate. Without robust authentication, it may be possible to connect to, clone, or load malware onto a genuine device. ‘Bad actors’ can then exploit the connection to disrupt the proper functioning of products or services, or intercept data.
Authentication also protects providers against misuse by customers. Failures in the field can occur when non-genuine spare parts are used, counterfeit devices are inserted, or an unauthorized repair is attempted. Authentication highlights rogue activity, saving the provider the costs of repair.
In practice, effective cyber-protection relies on several commonly employed defences. Including secured communications, secured boot sequence of connected devices, and secured processes for over the air (OTA) firmware updates. Securing communications is important to prevent interaction with connected devices or eavesdropping. In addition to authenticating components and personnel, and enabling connected devices to have unique credentials, encrypting data is also necessary to prevent these types of attacks.
Where devices receive OTA (over-the-air) updates, securing this process is essential to prevent malicious software being introduced. Authentication and integrity checking is essential, together with securing the loading mechanisms and signing and/or encrypting the code to be loaded. Secured boot processes provide further protection for connected devices when they are most vulnerable to attack.
In the future, although digital transformation offers irresistible business benefits, the security challenges it brings must be handled effectively. A thorough analysis of the threats is key to develop a robust and long lasting cyber security implementation, and security chips should be implemented for better protection of critical assets.
