According to the latest market research report of MarketsandMarkets the industrial cybersecurity market is expected to be valued at USD 22.79 Billion by 2023, growing at a CAGR of 8.6% from 2017 to 2023.
More than half of the IIoT industrial facilities are experiencing cybersecurity incidents that are resulting in downtime of factories, excessive power usage, meter tampering, connectivity proofing, and many more. Connectivity between IT, OT, Cloud, and third party systems are drastically increasing and becoming vulnerable to attackers, and defending them has become more critical and challenging. Here are few examples of recent cyberattacks.
- In one of the most high-profile incidents, the Ukrainian energy sector was hit by a cyber-attack that caused a power outage for more than 86,000 homes.
- One of the recent incidents of vulnerabilities discovered in 2020- On June 22, 2020, Israeli cybersecurity firm JSOF released a report on Ripple 20 vulnerability. Ripple 20 has damaged every sector of the industrial ecosystem and its major impact was observed in manufacturing. Manufacturing industries witnessed data loss from printers, changes in infusion pumps, tampering in energy meters, and industrial control devices. Ripple 20 has affected many fortune 500 multinational corporations industrial vendors, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter among others.
Why the IIoT is vulnerable to cyber-attacks?
There is a significant increase in cyberattacks on the industrial control system (ICS) and operational technology (OT). Below are some of the essential elements, which led to creating a threat in IIoT organization and equipment.
- Increase in sensor and devices that are connected to IIoT network, forming huge potential attack surface
- Old OT equipment and control systems which haven’t been designed to function safely online
- Multiple vendors running OT and control systems running with non-updatable software which includes HMI computers, remote terminal units (RTUs), SCADA and PLCs
- Inadequate or non-existent cybersecurity technology and practices
- An embedded or stripped-down operating system, outdated firmware are an easy target for attackers
Cyber-attack prevention and security are major concerns in the industrial ecosystem, where industrial organizations are enabled with industrial systems like HVAC, building security systems, sensors or monitors, industrial controls, inventory scanners, building automation, and much more.
Let’s take the example of oil and gas companies, they are primary sources of energy for the development of economies in the world, and an easy target for growing cyber-attacks and terrorism. This is a threat to growing supply chains including oil wells, pipelines, refineries, and transportation.
Let us see some complementary approaches for improving industrial IoT cybersecurity:
Approaches for Improving Industrial IoT Cybersecurity
Platform Security and Visibility
Organizations are seeking security technology platforms that can integrate security tools in the industrial ecosystem and provides complete visibility of operations. Platform integration in enterprises supports central management activity for providing configuration management, policy management, monitoring, and remediation capabilities, and also it can prevent, detect, and respond to threats across an enterprise IT infrastructure (i.e. endpoints, networks, servers, or cloud-based workloads)
Platform integration enables a large number of IoT devices connected to the network, and organizations to get complete visibility of endpoints and every corner of the network, where other security solutions are not capable or their outreach is limited. With platform support, they can get clear visibility and it helps them to find critical and harmful threats faster and earlier in the attack lifecycle before some serious damage occurred. The platform establishes a channel between devices and enterprise applications to enable seamless and secure data to flow in a connected system, workforce, and application.
Hardware security solutions are based on security chips, where they are efficiently protecting machine identities, data, and communication channels. Hardware security chips are tamper-resistant and have additional features like fault and manipulation detection, encrypted memory processing, and secure code, and data storage that can efficiently prevent attacks.
Chip design companies are rigorously working to manufacture the security chips. In the industrial ecosystem, integrating security chips helps to avoid unauthorized access to the production network.
Hardware anchors come along with hardware security, which provides security identity to each security chips. A set of certificates and encrypted keys are stored in chips to allow industrial devices like an automation system to securely authenticate a remote device to form a secure connection in a protected way.
Edge gateway security
IIoT devices deal with large data sets, connected systems, sensor integration (energy meters/ devices/ systems), etc which stores and captures data with the working report, if an attacker can modify available data then it can damage the whole industrial ecosystem with production, billing, safety and security of available data. Edge computing gives complete visibility of equipment, devices, processors, communication, and processing time lags, which gives real-time visibility to automation.
IIoT devices create multiple access points for attackers but applying edge computing can reduce such types of threats. Companies can reduce risks by restricting the direct connection between edge nodes and the cloud. They can establish edge devices for those connections.
Legacy devices are an easy target for attackers as they are less secure considering this security concern edge gateway will be the safest and secure communication channel.
At eInfochips, we are helping major industrial vendors with a complete secure-by-design approach for new product design and developments. We are providing silicon to software competencies as well as cross-domain exposure across different verticals like energy, utilities, manufacturing, robotics, and transportation. We provide complete IT and OT integration with HMI/ SCADA application, IoT gateway, and cloud for fulfilling requirements in leading standards and regulations.
Get in touch with us to know more about our IoT Cybersecurity offerings.