The IIoT is an excellent way to stand out in an industry sector by enhancing operational efficiency. For companies, it increases their productivity and efficiency. It also favors autonomy, decision-making and the development of CSR thanks to precise monitoring of energy consumption which optimizes the use of resources. Finally, the IIoT is the technological means for creating the factory of the future by facilitating coordination and collaboration among all actors.
Do the advantages of IoT compensate for its lack of security?
The IoT gives industrial companies the opportunity to develop the new model of ultra-connected factories 4.0, improve performance and make significant savings in production costs. Beyond industry, the IoT also makes it possible to develop the concept of the Smart City with connected infrastructures that communicate with users (subways, stadiums, offices, etc.). Finally, it also makes it possible to use connected objects to set up and use renewable energy to combat current environmental challenges.
However, the development of these uses creates difficulties for professionals: connected objects are not designed to be secure and yet this has not been a major capability for the IoT up until now!
For example, individuals who have installed connected objects to secure their homes (domotics) are not the only ones who can access these devices. A study carried out by HP shows that 80% of devices tested contain unsettling security flaws in terms of confidentiality. There is also a lack of security when it comes to passwords, encryption and authentication.
As a reminder, massive attacks have already been launched from connected objects. In 2016, botnets controlled by Mirai carried out wide-scale DDoS attacks on DNS servers in the company Dyn. These attacks were carried out by thousands of security cameras and other vulnerable devices that were hacked into.
Cyberattack risks on the IIoT
The IoT carries with it security problems for both individuals and companies. To limit risks, suitable security protocols must be implemented internally as well as externally.
Black Hat briefings are well-known events that provide technical consulting for problems related to information security.
During Black Hat 2016, Tripwire found that 70% of IT experts agree that they are not ready to face the threats related to the IoT. Given that connected objects are ever more present in the industrial processes of IT (Information Technology) and OT (Operational Technology) environments, if a cyberattack is launched, the consequences can be severe (production halts, accidents involving people, etc.).
Greater connectivity with operational technology exposes OT teams to the same attacks that IT teams are used to dealing with but with greater risks. Now these risks are no longer limited to data loss but can also jeopardize people’s safety and the availability of services.
For example, if a cyberattack is launched on a power plant, an entire region may find itself without electricity and the people working on site may be in physical danger.
Is Industry 4.0 ready to face the security challenges of the IIoT?
The study carried out by Tripwire and Dimensional Research in early 2017 compiled the following data:
- 96% of experts surveyed state that they expect attacks on the IIoT to rise next year.
- 51% state that they are not prepared for malicious campaigns affecting the IIoT.
- 64% recognize that their companies need to protect themselves from this type of attack.
- 90% expect the deployment of the IIoT in their company to continue increasing.
These findings confirm that the industrial sector is aware of the risks related to the IIoT but is not yet ready to confront them quickly and effectively.
That is why certain companies have become specialized in creating cybersecurity solutions. Among these companies is Sentryo with its ICS CyberVision solution which also monitors the IIoT to detect and block cyberattacks.