The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Six IoT Security Predictions for 2020
December 16, 2019
It’s that time of the year and everybody is making predictions. IoT World Today has joined in the crystal gazing, sharing predictions gleaned from discussions with cyber security service providers. Here are some of the highlights.
Increasing concern about building security
Building security impacts all facilities, including industrial plants. There is growing concern that as more and more devices and controllers connect to building-wide networks, attackers will find their way into critical management and control systems. Author Brian Buntz called out the 2013 Target credit card breach, in which attackers found their way to the payment system via the HVAC network, as an example of this type of penetration.
Securing 5G communications
The fifth generation of wireless communications (5G) is here, offering speeds more than 10 times that of existing 4G networks. Verizon, for example, claims its 5G implementation will boost speeds from the 4G top end maximum of 53.3 Mbps to a whopping 1.07 Gps. Such speed will ultimately translate into more connected devices and more need to protect them.
“Telecommunications and infrastructure firms are touting 5G for an array of use cases, including in the industrial realm. The potential of 5G to be used for critical industrial processes with a tangible business impact is a potentially risky proposition,” said Andrew Howard, chief executive officer of Kudelski Security, a managed security service provider Buntz interviewed for this article.
And we would add that the greatest threat to 5G cyber security may be in the supply chain. A recent European Union report identifies the proliferation of software within 5G networks among the top security challenges facing the next generation of mobile networks.
Growing need to manage Security
While industrial connectivity is expected to continue to expand, the availability of trained professionals is not. These factors are contributing to a predicted 15.62 percent growth rate in cyber security service (Kenneth Research). Other approaches that are predicted to emerge to handle the projected workload increase include partnerships, outsourcing, SaaS solutions, and regular services, as well as hybrid approaches.
More attention to OT cybersecurity
Exploits such as Stuxnet to the more recent Triton attack are elevating the importance of securing an operational technology (OT) system. One contributing factor is the immaturity of the market, which means that industrial end-users have little nuanced guidance standards on which to rely.
“I think the OT space is tougher than the IT space around this topic. Because the reality is, in the IT space, the difference between laptop A and laptop B and server C is just not that different, especially as the operating systems have consolidated,” said Kudelski Security’s Howard. “But the difference between a Rockwell PLC and a Honeywell manufacturing system is just enormous.”
Security by Design
Charlene Marini, vice president of strategy, at IoT services group at Arm, told Buntz that IoT device makers and deployers of connected devices will put plans in place to upgrade the capabilities they offer to ensure secure IoT systems. This she believes will result in a mindset shift in which device makers will begin prioritizing the creation of trusted connectable and manageable products. That new mindset will include embedding life cycle management capabilities at design time, writing software with security and privacy principles at the forefront and providing accessible updates to deployers of their devices.
Although Buntz’s sources were predicting a slight uptick in the use of artificial intelligence in cyber security and significant long-term potential, they still found it to be far from maturity. Andrew Howard shared the following anecdote that encapsulates the current state of the AI art:
“I was in a meeting with a lot of other cyber security leaders and the topic was about how artificial intelligence is driving change in behavior. The various people in the room began to provide examples regarding how they used AI to minimize their cyber-risk and they kept naming off examples. “By the time I got to the seventh one, I just raised my hand and I said: ‘No one has described an artificial intelligent use case. You guys are just describing process workflow and software. If there’s not something like a machine learning model or neural networking capability behind the scenes, it’s just software.’”
Read the full article here.