Well into the future, manufacturers will continue to procure platforms that allow thousands of smart devices distributed across factory floors to communicate with one another.
Although the prospects of integrating this technology into existing processes is exciting, even revolutionary, IT departments are also worrying about how the Internet of Things will impact their ability to secure networks, databases and other assets.
The idea of a hacker infiltrating a factory's smart device platform and manipulating its protocols is the stuff of '80s Hollywood, but it's a reality companies have to consider seriously, nonetheless. Given news regarding industrial cyberspies and saboteurs, it makes sense that some figures would pay hackers a fair amount of money to infiltrate particular systems.
If production companies' procurement management teams aren't coordinating with their IT departments to determine which assets and personnel should be procured to defend platforms comprised of hundreds of smart devices, they may not acquire the talent and products needed to defend all their operations.
What kind of threats exist?
Before spend management professionals can get a good sense of what these new security frameworks are going to cost them, it's important to determine what kind of threats already exist. ZDNet contributor Larry Dignan acknowledged findings from a few studies, such as IBM's X-Force Threat Intelligence Quarterly and Forrester Research.
Overall, the idea of firmware sustaining attacks was ubiquitous in both research reports. Firmware describes the cohesion between software and hardware, working together to allow complex systems to function appropriately. Cybercriminals could gain access to such implementations by exposing a vulnerability in a factory or building's local area network. To view a smart device's information, for example, an administrator may have to enter an access code. If the code consists of a four-digit number, it wouldn't be difficult for a hacker to infiltrate the network as a whole.
Of course, it's possible that a collection of smart devices could be controlled from a centralized system, one that requires cybercriminals to bypass multiple security checkpoints in order to gain access to the sensor platform. This type of configuration doesn't necessarily come in the form of physical hardware, rather, it is a configuration IT professionals will have to install.
Which systems need to be addressed?
Referencing Forrester's study, Dignan noted answers to the question "How important are the following characteristics of platforms to enable your firm to deploy Internet of Things solutions?"
- Just over half (52 percent) of participants cited data and account security as "very important."
- Exactly 42 percent maintained connecting the devices was "very important."
- Forty-three percent acknowledged the ability to "easily share device and sensor data" as "very important."
As any IT guru would acknowledge, these three points have a number of implications regarding the security. For example, a man-in-the-middle attack could expose a link between two or more devices communicating over two networks, causing one of them to send false information. This is a strong way in which to sabotage factory operations.
Implement an incident response plan
Having a solid IRP in place is essential for manufacturers to protect their assets. This is where benchmarking comes into the equation - there are optimal ways of doing things as well as substandard methods. IndustryWeek contributor David Barto named several steps that are necessary for organizations to take:
- Assemble an IRP team comprised of professionals knowledgeable of network and database defense systems.
- Use a data classification program that identifies which information was compromised
- Set up a communication plan that guides professionals on how to initiate fixes
- Test the plan assiduously to ensure no oversights or kinks will hinder employees from assessing and resolving issues.
Although there are risks associated with IoT, that doesn't mean manufacturers should avoid using the technology. All that's needed is an extensive IRP.