The manufacturing sector is particularly vulnerable to cyberattacks due to its interconnected nature and the huge volume of valuable proprietary data they process and transfer. Jim Wallace, sales manager at Balluff Australia and Open IIoT member, outlines the best practice for designing an IIoT-specific security framework.
As more companies continue to embrace IIoT, hackers are paying close attention, and IoT devices have become prime targets for opportunistic individuals in 2023. In fact, according to the Bureau of Statistics, the number of businesses falling victim to cyberattacks has in fact doubled over the past three years.
“In 2020, one in 10 businesses were privy to cyberattacks, while in 2023, it was one in five. This figure shows that cybercrime is increasing significantly as hackers spot more opportunity,” Wallace explained.
“Once a hacker gains into an IIoT network, they can gain control of any exposed devices connected to the system and use this interconnected gateway to compromise other devices, and even the network itself.”
The real-world impact of this issue can be devastating, with a successful attack on an IIoT network having the ability to cripple a manufacturing facility for days and incur hundreds of thousands of dollars in costs.
According to Wallace, because the IIoT networks are so vulnerable to interception, the underlying architecture is critical.
“To safeguard these networks, companies must adopt a security strategy distinct from that of enterprise data networks. This begins by implementing robust authentication mechanisms to ensure that only authorised users and devices can access the IIoT system,” Wallace stressed.
Wallace recommends defining and enforcing standard authorisation policies for controlling access to sensitive data and functionalities.
Further security measures include ensuring that all data travelling on the IIoT network is end-to-end encrypted and only accessible by designated staffers with an encryption key.
Segmentation, which limits access by separating which devices are connected to certain parts of the network, prevents hackers from infiltrating the entire network.
“To bolster network defence, scrutinising inbound data traffic identifies potential DDoS attacks, while monitoring outbound traffic empowers IT staff to swiftly pinpoint compromised devices and take immediate defensive actions,” said Wallace.
Implementing mechanisms like checksums or hash functions can detect any unauthorised modifications or tampering with stored data.
“Don’t forget about data lifecycle management here – you should have a strategy for securely disposing of obsolete data to ensure that it can’t be compromised,” added Wallace.
“In a worst-case scenario, cybersecurity breaches can mean a widespread loss of data. To mitigate loss and system disruptions, have a robust data backup and recovery strategy – and test it regularly to ensure recovery effectiveness.”
Protecting the integrity of IIoT-enabled devices and networks is an ongoing process that doesn’t end once the network’s system architecture has been reinforced.
Instead, Wallace believes that manufacturers will need to adopt a security-first mindset to their everyday processes.
Wallace says this approach should include the following measures:
- Employee training: all employees should receive regular training on cybersecurity best practice and adhering to policies. As an added layer of protection, staffers should have passwords with multi-factor authentication and change these passwords on a monthly basis.
- Monitoring and anomaly detection: Continuous monitoring of IIoT systems can detect any unusual activity or anomalies that may indicate a security breach.
- Incident response: a clearly-defined incident response plan must be in place to address any threats promptly, with steps that must be followed.
- Vendor security: the security measures of all IIoT vendors should be reviewed, with manufacturers encouraged to evaluate their track record and select the vendor with the highest level of protection.
“Remember that IIoT data processing and storage must be compliant with regulatory standards to protect privacy and proprietary information.”
“In Australia, these regulations differ from state to state, so I recommend consulting with an expert, such as our Open IIoT members, to ensure all standards are met,” Wallace concluded.
