krunja - stock.adobe.com
Need to secure industrial IoT more acute than ever
A report from the Lloyd’s Register Foundation is calling for urgent action to secure industrial infrastructure, as the IoT leaves it increasingly exposed
The need to address the threat posed by malicious actors exploiting the internet of things (IoT) to attack critical industrial infrastructure is becoming an increasingly urgent one, according to the Foresight review of cyber security for the Industrial IoT report published by charitable organisation the Lloyd’s Register Foundation.
The report dives into the inherent risks surrounding the industrial IoT as it becomes a core part of network infrastructures across multiple critical sectors, such as energy, transport, the built environment, physical infrastructure and manufacturing, noting that the IoT exacerbates many of the security challenges that have existed for a long time.
“Over the past few years, we have seen a rise in deliberate attacks aimed at critical infrastructures across the globe. As adoption of IoT in the industrial sector continues to grow, clear action and guidance is needed,” said Robert Hannigan, report co-author and international executive chairman at BlueVoyant, a New York-based managed security services provider (MSSP).
“Our report frames the context of [the] industrial IoT, the imminent problems facing key infrastructure as they increasingly rely on connected systems, and possible solutions to safeguard against cyber incidents,” said Hannigan.
By identifying key emerging risks, said the Foundation, as well as gaps in capability for which the current pace of change in operational security won’t be good enough, it hopes to help organisations prioritise their security response.
That the current pace of R&D cannot match the emergence of new security threats to the IoT is the core argument made in the report, which suggests that in many cases current capabilities either don’t scale, are untested, or don’t exist.
Some of the biggest emerging challenges include the difficulty of mapping the complex relationships that exist between technical and human systems, as well as communicating between different communities that hold fundamentally different frameworks for understanding risk.
Read more about IoT security
- A £400,000 UK government funding pot is on offer for innovators to design schemes that boost internet-of-things security.
- David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark.
- Maintaining secure networks and IoT usage may seem secondary but following proven protocols to stay digitally protected is one way to come out on top, especially during a pandemic.
It also sets out eight actionable findings to help organisations address industrial IoT risk and security. These are to always consider harm consequences when planning risk management; to consider how increased use of IoT sensors and devices may cause security controls to fail; to use continuous assessment of organisational security; to consider how supply chain partners are using the IoT, and how their failure may hurt you; to invest in forensic readiness processes; to consider future scenarios in risk assessments; to train staff on IoT standards and best practice; and to collaborate on device interface protocols for sharing security monitoring information.
Sadie Creese, report co-author and professor of cyber security at the University of Oxford’s Department of Computer Science, said: “We need to build resilient infrastructures that guarantee security to the ever-expanding connected network of ‘things’.
“There is clearly an urgent need for further research to understand and evidence risk control performance; to explore liability models, practicalities and implications for IoT markets; and to develop international cooperation to build trust in the industrial IoT supply chain.”