How Can We Keep Industrial Internet Systems Secure?

The Industrial Internet is on the verge to becoming the largest disruption to the global economy since the Internet revolution in the 1990s. According to GE, it will have a $32.2 trillion impact, representing 46 percent of today’s GDP.
As the Industrial Internet continues to grow and have an impact on the way we work and live, it is imperative that industry players join together with a shared vision to set policies and recommendations for common building blocks for all aspects of the Industrial Internet: architecture, interoperability, platforms, security, standards, and so forth.
The Industrial Internet Consortium was founded in March 2014 by AT&T, Cisco, GE, IBM, and Intel to achieve this goal. An open membership, international not-for-profit consortium, the Industrial Internet Consortium is setting the architectural framework and direction of the Industrial Internet.
Since its founding, the consortium has grown to more than 220 member organizations – including Tripwire‘s parent organization, Belden – hailing from 26 countries.
The Industrial Internet Consortium focuses on building an ecosystem, testbed development, and Technology and Security. The priority for the member companies forming the Industrial Internet Consortium is to build together a safe, reliable and secure Industrial Internet.
Security is a hot topic for IoT technologies. Networks originally designed to be isolated are now exposed to continuous attacks of ever-increasing sophistication. The continuing explosion of connected devices provides opportunities for unprecedented growth and performance gains in industrial systems, as well as unprecedented increases in risks to plant personnel, to society and the environment at large, as well as to the businesses which operate industrial processes.
On Thursday, October 29th, the Industrial Internet Consortium hosted a security-themed TweetChat, so that members and nonmembers alike could swap stories, brainstorm new ideas and come together to ensure that Industrial Internet systems are secure.
Here are some of the highlights:
Question 1
Q1 What are some examples of solutions you have already seen securing Industrial Internet systems? #IICsecurity #IoTSecurity
— IIConsortium (@IIConsortium) October 29, 2015
Some great responses!
Intrusion Detection Systems, Deep Packet Inspection, whitelisting, protocol encryption & signing & access control #IICSecurity @IIConsortium — Kepware Technologies (@Kepware) October 29, 2015
A1: @chrissistrunk presented some powerful monitoring tools at @energysec #IICSecurity https://t.co/zx4fYuAN4U
— Tim Erlin (@terlin) October 29, 2015
Q1 @IIConsortium check out the OWASP Top Ten for some helpful starting points #IICSecurity : https://t.co/3zrb3CifHF — Uptake (@Uptake) October 29, 2015
Question 2
Q2 Intentional vs unintentional threats: are there different approaches to protecting Industrial Internet systems? #IICSecurity #IoTSecurity
— IIConsortium (@IIConsortium) October 29, 2015
IoT technologies like industrial Internet systems need to be designed and built to fail in a safe way https://t.co/IHRPrTojvH #IICsecurity — Deloitte TMT (@DeloitteTMT) October 29, 2015
Check out the infographic Sarah mentions below:
A2: @iiconsortium just put out an infographic outlining the different kinds of #IIoT security threats https://t.co/KtffXpeJr5 #IICSecurity
— Sarah Dellea (@SKDellea) October 29, 2015
A2 For intentional external threats like APTs you need comprehensive security #IICsecurity https://t.co/HWwxDNcSBH — Belden Inc. (@BeldenInc) October 29, 2015
Question 3
Q3 Do the benefits of deploying Industrial Internet solutions outweigh the security risks? #IICsecurity #IoTSecurity
— IIConsortium (@IIConsortium) October 29, 2015
“Bit Stew” sums this up nicely…
A3 Industrial Internet benefits > risks? Yes, if you secure things properly. No, otherwise. #IICSecurity #IoTSecurity #Infineon — Steve Hanna (@steve_hanna) October 29, 2015
A3: A resounding yes. #IICSecurity #BitStew
— Bit Stew (@BitStew) October 29, 2015
Question 4
Q4 Open standards or proprietary solutions for IIoT security? Why? #IICSecurity #IoTSecurity — IIConsortium (@IIConsortium) October 29, 2015
Great to see everyone in agreement. Open standards it is.
A4: At this stage of the industry, open standards/open sharing is best to inspire innovation and growth #IICSecurity #IoTSecurity #IIoT
— Naomi Price (@NaomiEP) October 29, 2015
A4. Open standards (like OPC UA, HTTPS & DDS) are good for the market: allow everyone to play & select best of breed solutions. #IICSecurity — Kepware Technologies (@Kepware) October 29, 2015
A4 Open international standards are preferable, due to their interoperability, stability and continuity #IICSecurity
— WibuSystems (@WibuSystems) October 29, 2015
Question 5
Q5 What new security functions will future industrial devices need to support? #IICSecurity #IoTSecurity — IIConsortium (@IIConsortium) October 29, 2015
Thanks, Belden and Smart Industry.
A5 New devices will need to be secure-by-design & part of a security chain from devices to apps #IICsecurity https://t.co/ZtFGORf5yi
— Belden Inc. (@BeldenInc) October 29, 2015
A5: Remote critical infrastructure advancements will bring new #IoTSecurity needs #IICSecurity @freewavetech https://t.co/6FBjyjn7Sv — Smart Industry (@SmartIndustryUS) October 29, 2015
Question 6
Q6 What are some measures an organization can take to ensure their system is secure? #IICSecurity #IoTSecurity
— IIConsortium (@IIConsortium) October 29, 2015
Some solid advice here.
Reassess decentralized approach to #IoT cyber risk mgmt to be secure, vigilant, resilient #IICsecurity https://t.co/ZlT2AcDS5v — Deloitte TMT (@DeloitteTMT) October 29, 2015
A6a: Identify the biggest holes in your boat & start plugging. Don’t get caught trying to make perfect 1st step. Take action. #IICsecurity
— Walter Paley (@SafeLogic_Walt) October 29, 2015
A6-Vulnerability assessment/penetration testing of the #IIoT environment; regular security patch update #IICSecurity https://t.co/afwcVbaqZx — TCS (@TCS_News) October 29, 2015
These are only a few answers from the TweetChat. To discover more, please take a look at this Storify from the hashtag #IICSecurity: https://storify.com/kmcwalsh/security-tweetchat-oct-29-2015.
About the Author: Julie Pike is the Senior Digital Content Manager for the Industrial Internet Consortium. Besides content creation for press release, articles, blog posts and business development literature, Julie is responsible for all Industrial Internet Consortium social media channels including, Facebook, Twitter, and LinkedIn. Julie received her BA in Communications from Suffolk University, spending a year of her studies in Madrid, Spain. Follow her on Twitter at @julie_pike.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock