IIoT security is hopeful at best, reckons the Hannover consensus
Completely securing the industrial ‘internet of things’ (IIoT) is hopeful at best, according to companies and analysts at Hannover Messe last week.
The Germany-based industrial fair was focused on connecting factories and supply chains; the process to secure new devices and networks was the principle sub-plot in this narrative of industrial connectivity. Enterprise security remains an uphill battle, concurred the tech luminaries in Hannover.
“Security is certainly a big focus for everyone looking at IoT; the idea that we’ll ever be completely secure is hopeful, to say the least,” said Matt Hatton, vice president of research at Gartner. “For the enterprise, it’s a constant battle, but the vendors in the space are much more serious about it.”
The technology industry is failing to learn from its mistakes. A glance at top IoT security vulnerabilities, as calculated by the Open Web Application Security Project (OWASP), shows this to be the case. The same errors and oversights from IT security keep appearing, invariably linked with identity authentication, transport encryption and physical security. Devices are invariably the weakest link.
UK processor company Arm, which has just announced tie-ups with Cybertrust and GlobalSign for more flexible security authentication, is among those leading the counter offensive against cyber-criminals seeking to take advantage of vulnerabilities in IoT devices and networks.
“Security is one complexity for customers, especially as you open up more and more,” commented Hima Mukkamala, the company’s general manager of IoT cloud services.
Conformity is everything in the fight against cyber-crime. However, IoT confounds this drive for consistency, with a multiplicity of technologies and devices. IoT security regulation and standards are tightening, slowly, but enterprises cannot wait. Cyber-security technology is improving, according to the show-floor at Hannover.
Swiss IIoT security company WISekey was another graduate of Hannover’s class of 2018, claims strong interest from the automotive industry, in particular. As the number of cars connected to the internet increases, to over a quarter of a billion by 2020, according to Gartner, smart car manufactures are seeking to reduce hacking vulnerabilities in their vehicles.
More than 80 per cent of new cars in 2020 will be connected, reckons BI Intelligence – or 94 million compared with 21 million in 2016. WISeKey showed its ‘secure element’ chips at Hannover Messe, which authenticate a car’s individual car components and the online services it interacts with to ensure only legitimate software is installed in the car.
Security specialists like WISekey were conspicuous, and appeared to confirm with partnerships and memorandums the industry is working hard to stamp out IIoT security threats.
The idea of ‘end-to-end’ IIoT security was claimed by everyone, it seemed – to the point it became clichéd and meaningless. Many vendors were sceptical. “Be wary of any IoT solution that claims to be totally secure,” said Shahram Mehaban, vice president of marketing at US industrial networking company Lantronix.
“The attack surface grows with every additional device that’s connected to the IoT network – the war to secure the IoT has no end in sight. It is likely to always be an ongoing battle. One device is often accessed by many other devices and different people – end-users, system integrators, service and maintenance personnel, and OEMs – and these are typically accessing it remotely from different locations and doing a variety of tasks.
“That makes the attack vector very wide and introduces multiple vulnerabilities at almost every point in the network. IoT security has to be approached in layers and we believe the only way to start is by embedding security at the device level.”
For an in-depth look at this topic, download the report “Industrial IoT security – the pitfalls and practicalities of securing manufacturing and supply chain IoT systems.”