krunja -

Need to secure industrial IoT more acute than ever

A report from the Lloyd’s Register Foundation is calling for urgent action to secure industrial infrastructure, as the IoT leaves it increasingly exposed

The need to address the threat posed by malicious actors exploiting the internet of things (IoT) to attack critical industrial infrastructure is becoming an increasingly urgent one, according to the Foresight review of cyber security for the Industrial IoT report published by charitable organisation the Lloyd’s Register Foundation.

The report dives into the inherent risks surrounding the industrial IoT as it becomes a core part of network infrastructures across multiple critical sectors, such as energy, transport, the built environment, physical infrastructure and manufacturing, noting that the IoT exacerbates many of the security challenges that have existed for a long time.

“Over the past few years, we have seen a rise in deliberate attacks aimed at critical infrastructures across the globe. As adoption of IoT in the industrial sector continues to grow, clear action and guidance is needed,” said Robert Hannigan, report co-author and international executive chairman at BlueVoyant, a New York-based managed security services provider (MSSP).

“Our report frames the context of [the] industrial IoT, the imminent problems facing key infrastructure as they increasingly rely on connected systems, and possible solutions to safeguard against cyber incidents,” said Hannigan.

By identifying key emerging risks, said the Foundation, as well as gaps in capability for which the current pace of change in operational security won’t be good enough, it hopes to help organisations prioritise their security response.

That the current pace of R&D cannot match the emergence of new security threats to the IoT is the core argument made in the report, which suggests that in many cases current capabilities either don’t scale, are untested, or don’t exist.

Some of the biggest emerging challenges include the difficulty of mapping the complex relationships that exist between technical and human systems, as well as communicating between different communities that hold fundamentally different frameworks for understanding risk.

Read more about IoT security

It also sets out eight actionable findings to help organisations address industrial IoT risk and security. These are to always consider harm consequences when planning risk management; to consider how increased use of IoT sensors and devices may cause security controls to fail; to use continuous assessment of organisational security; to consider how supply chain partners are using the IoT, and how their failure may hurt you; to invest in forensic readiness processes; to consider future scenarios in risk assessments; to train staff on IoT standards and best practice; and to collaborate on device interface protocols for sharing security monitoring information.

Sadie Creese, report co-author and professor of cyber security at the University of Oxford’s Department of Computer Science, said: “We need to build resilient infrastructures that guarantee security to the ever-expanding connected network of ‘things’.

“There is clearly an urgent need for further research to understand and evidence risk control performance; to explore liability models, practicalities and implications for IoT markets; and to develop international cooperation to build trust in the industrial IoT supply chain.”

Read more on IT risk management

Data Center
Data Management