Our last article introduced the concept of the Industrial Internet of Things, also known as the “IIoT” for short. In this article, we examine some of the mechanisms that can be implemented to secure it.
What can be done?
Here are some key strategies to help further secure the Industrial IoT:
1) Make use of integrated firewalls:
There have been many advancements that have been made in the technology behind firewalls. Therefore, it is crucial for your organisation to pick the right hardware that meets the security requirements that your IT staff has set forth. For example, procure what are known as the “next generation firewalls”. These kinds of devices have complete visibility over your network traffic, and the various devices that the data packets are being sent to. Also, with this newer type of technology, you can easily create and enforce different kinds of security policies onto your network infrastructure.
2) Maintain the right levels of access control:
Just like giving your employees the rights and permissions to what they only need to conduct their daily job duties, the same holds true for the devices that make up your IIoT environment. In other words, you need to actively manage and control the level of access that the IIoT devices have been assigned. This is can be accomplished through the “Network Access Control” or the “NAC” functionalities in the IIoT devices. For instance, you can craft and assign customised access rules and policies based upon the who, what, where, and when factors when either an actual person or an object in the virtual world is trying to access the network that makes up your IIoT environment.
3) Establish profiling:
Every IIoT device will have their own set of specific functionalities and requirements for them to operate in the most efficient manner. With profiling, the wireless network in which your IIoT environment resides upon will be able to identify a particular IIoT device through the variables that have designated for each one of them. With this, you are creating a sense of visibility of what exactly is transpiring. This is a crucial step in securing the IIoT environment.
4) Implementing preventative measures:
In order to do this, it is imperative that along with the firewalls, you also deploy network intrusion devices and other kinds of preventative tools in your IIoT environment. This will serve two purposes:
- It will help to detect and even to a certain degree mitigate any cyberattacks that are coming from the external environment towards the IIoT devices; and, even help to detect insider attacks that are occurring from within the IIoT environment itself;
- It will allow you to use any kind of suspicious behaviour or anomalies as an initial trigger point from which IIoT devices can either be blacklisted or even quarantined.
5) Just do not create an IIoT environment without security:
This simply means that before you deploy an IIoT environment, first design it with how security will be implemented into it, then deploy the IIoT devices. In other words, the reverse should not happen when the devices are installed and configured first, with security becoming just a mere after thought. To achieve this, consider examining first a list of best practices and standards, such as the following:
- The IIoT security framework from the Industrial Internet Consortium.
- The cybersecurity framework from the National Institute of Standards and Technology.
6) Consider using the PSA Framework:
When developing your IIoT environment, it is suggested that you make use of what is known as the “PSA Framework”. It consists of the following:
- Analysis: Create a threat model analysis for those IIoT devices that are classified as a high risk in terms of being a target by the cyberattacker, and how these risks can be mitigated.
- Design: Think about the entire IIoT ecosystem, as how to all the devices will be connected with and communicate with each other, in a secure manner.
- Implement: Once the above two have been careful evaluation, implement your IIoT devices in a test environment before they go live in a real-world setting.
The PSA Framework is illustrated in the diagram below:
7) Harden the gateway of your IIoT infrastructure:
This is a crucial piece, as IIoT environments can also be interconnected with others as well. In other words, as they continue to further evolve, they will not be just reliant upon the resources that reside just within them. They will also depend accessing and sharing the resources from other environments as well. Thus, in this regard, the connections in between the IIoT environments need to be hardened as much as possible, so that they do not also become an attack surface.
Overall, this series of articles has examined what an IoT is, and some of the security concerns that go along with it. It has also reviewed the IIoT, and some of the procedures that can be taken to help secure this kind of environment. This is by no means an all-inclusive list, and as the IIoT environments continue to grow in size and complexity, you need to carefully examine the benefits versus the risk of deploying one, especially from the standpoint of cybersecurity.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.