ManufacturingIoT has enabled smart manufacturing that increases safety, improves performance and services as well as reduces time and cost. It has been a driving force behind the industry 4.0 movement. Efficient data collection, enhanced automation, and analytics are all possible with the help of IoT. With a large variety of IoT devices, manufacturing units are able to leverage their workflow more efficiently and accurately. For example, companies are tracking assets, collecting data, and performing analytics using IoT sensors placed in equipment and devices. These sensors monitor the functioning of equipment to allow automated recovery and to shorten downtime in maintenance. According to statistics by The Atlantic, it is expected that the investment in IoT solutions by international companies will exceed $70 billion by the end of 2020. Many other statistical reports are indicating that IoT technology has a huge potential for manufacturing and that the manufacturing industry has been the sector most impacted by IoT in the last few years. IoT is important in the manufacturing industry because it automates operations. The operational technology in a smart factory includes programmable logic controllers, industrial IoT devices (IIoT), distributed control systems, embedded systems, and more. Collectively, these systems can multiply the risk of potential cyber threats. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) listed more than 1200 OT system-related vulnerabilities. These issues came from more than 300 OEMs (Original Equipment Manufacturers). The root cause of the proliferation of these cyber threats is that areas like OT and IT are often not synced with security strategies. Here are the key security strategies for building a sound manufacturing cybersecurity program:
- Perform a cybersecurity maturity assessment
A cybersecurity assessment model provides a path forward and helps organizations to better understand where they are along that path. It helps organizations to improve their cybersecurity efforts and communicate with upper-level management to get the required support. According to an article published in Forbes, the Cybersecurity Capability Maturity Model (C2M2) and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) are two of many models recommended to choose from, each provides a wider approach that covers everything in cybersecurity.
- Prioritize actions based on the risk profile.
It is important for organizations to identify risks by using CSRF Analysis (Cybersecurity Risk Framework). There are several CSRFs such as OCTAVE, NIST, ISO, and more. Organizations can follow different approaches for risk assessment, one of the best models is created by Radanlive et.al. is designed to capture IoT cyber risks
- Built-in security.
Consider buying devices that offer built-in security from cyber-attacks. There is a large number of devices available without any security assurance. For example, a light bulb has a star-based rating system on its back for its energy efficiency, there should be the same rating system for its built-in security measures. Underwriter laboratory, the electronic safety organization, has introduced security ratings for IoT devices.
AgricultureIoT technology is driving the agriculture industry toward a new revolution. It’s yielding information into soil moisture, chemical applications, livestock health, and more. This information allows farmers to track farm operations in real-time and make better informed decisions on improving farm productivity and performing preventive maintenance. IoT-based farming helps farmers across the globe to increase productivity and maximize their resources. The advancement in farming with the help of IoT technology will help farmers to match their production with the ever-increasing demand for food.
- Cybersecurity for smart farming devices:
HealthcareIoT has removed complexity as a barrier for caregivers and patients by enabling healthcare services in hospitals, at home, offices, and in travel. According to 46% of respondents in the healthcare sector, audio devices and mobile phones are the most essential devices for providing better healthcare services. According to the study, 57% of caregivers utilize visual analytics to improve the level of personalized treatment and healthcare services generally. For example, with the help of IoT solutions such as real-time remote health monitoring devices, wearable smart pills, diabetes management systems, and more, it has become easier and more efficient to monitor a patient’s health conditions and make treatment decisions. From health management through smartwatches to post-cancer care, IoT is impacting healthcare in all directions. Due to the use of advanced technologies and devices, the vulnerability and risk of cyberattacks increases meaning that the healthcare industry faces a number of cyber risks. IBM listed out various cyberattacks witnessed by the healthcare industry in the past years. Here are four cybersecurity risk mitigation strategies for IoT devices recommended by NIST (National Institute of Standards and Technology):
- It is important for healthcare providers to maintain accurate inventories of IoT devices throughout the devices’ lifecycle.
- Healthcare institutions should invest in reviewing software and firmware to find vulnerabilities.
- It is crucial to adopt access management policies for the use or administration of IoT devices in order to prevent unauthorized access.
- IoT devices need to be continuously monitored to trace potential security incidents and unusual activities.
TransportationIoT technology is uniquely positioned to provide sets of solutions that help the transportation industry. For example, through IoT-based safety solutions, vehicles can communicate any incoming accidents and bad weather conditions. The United States Department of Transportation (USDOT) has the goal of using IoT safety solutions to reduce car accidents by 80%. IoT solutions can help to track incoming traffic delays in the current route and suggest better routes, for instance. At the same time, vehicle maintenance solutions can help to track the vehicle’s health in real-time to ensure it’s fully functioning. Geo-fencing helps to create virtual fences and parameters around a certain point of interest; it helps logistics managers to receive shipment updates. Many IoT solutions help the transportation industry to perform more efficiently and accurately. Cyber attacks and data breaches in the transportation system can lead to greater loss. Therefore, it’s important that organizations consider deploying cybersecurity in an IoT-enabled smart transportation ecosystem. In a recent survey of 125 businesses in the industry, 64% of respondents reported that their inner process to mitigate cybersecurity risks could be stronger, while 66% expressed that more could be done to protect against data mishandling. It is important to follow the “security by design” principle more widely in every stage of the designing process and to implement new solutions, risk assessment, and mitigation strategy at every stage. Read more: Transportation Systems Cyber-security is a Major Concern
Energy IndustryIoT helps the energy industry to make use of green energy. Green energy devices that are connected with IoT, have removed human intervention to a large extent. Additionally, energy providers are using smart meters to track information about the usage of both green and non-renewable energy. This makes it easier to prioritize the production and delivery of non-renewable and green energy. As IoT expands in the energy and utility industry, it increases the risk of cyberattacks in the system. Industry leaders see cyber threats as one of the major threats in the industry. If there are 1000 smart meters, that’s 1000 potential entry points to hack the system. The use of third-party service providers opens the door even wider.
Some key precautions industries can take against IoT cyber attacks
- Changing the default setting
Generally, IoT devices come with default settings including a standard username, password, and more. Most of the time, device default settings benefit hackers to get access to the devices. For hacking devices, hackers try to guess the default names, IDs, and device internal settings, it is important to customize the settings and prevent it from being easily guessed.
- Securing password with two-factor authentication (2FA)
It is important to use two-factor authentication for accessing the device because it works as an extra security layer. As the 2FA process requires the user to submit OTP (one-time-password) to grant access to the device which is system generated and presented to the user in a confidential way. It protects the system from unauthorized access and reduces its vulnerability to cyber-attacks. It is recommended to set a strong password with a unique combination of numbers, symbols, uppercase letters, and lowercase letters.
- Disabling UPnP feature
UPnP (Universal Plug and Play) feature allows any IoT device to connect with other devices. For example, a smart bulb can be connected to voice-command-based devices such as Google Home and Alexa. It is important to disable the UPnP feature so that an attacker cannot get access to other systems should they succeed in hacking one device.
- Updating devices regularly
Many manufacturers of IoT devices release security features to protect the user’s privacy from cyber attacks. Users need to update the device regularly to protect their data from ever-evolving cyber-attack patterns if and when an update for their device is made available.
- Avoid using public WiFi networks
If you manage your IoT device remotely through a smartphone or other device, it is recommended that you avoid using public WiFi networks. To avoid the vulnerability to cyber-attack that using public WiFi networks can pose, you can make use of a VPN. There are VPN service providers that offer several security features for the public and to home WiFi networks.
Final ThoughtsAs the technology matures and vendors compete, solutions become more refined and better. IoT technology will continue to drive changes in a variety of industries over the next decade. Businesses with a better understanding of the potential of IoT will be well-positioned to reap their benefit in the future. Based on statistics, it is expected that the global IoT market will exceed the value of USD 1250 billion by 2025 up from USD 690 billion in 2019 at a CAGR of 10.53% between 2020 and 2025. As it is mandatory to adopt the changes, every industry needs to be focused on utilizing the potential of IoT technology to stay relevant in their business.
About the Author: Piyush Jain is the founder and CEO of Simpalm, an app development company in Chicago. Piyush founded Simpalm in 2009 and has grown it to be a leading mobile and web Development Company in the DMV area. With a Ph.D. from Johns Hopkins and a strong background in technology and entrepreneurship, Jain understands how to solve problems using technology. Under Jain’s leadership, Simpalm has delivered 300+ mobile apps and web solutions to clients in startups, enterprises, and the federal sector. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.