Essential IIoT Security Trends for 2020
Technologies like artificial intelligence (AI), augmented reality (AR) and machine learning (ML) once seemed stranger than fiction, but are now playing a growing role in industrial environments. But the change comes with some risks. Market research firm IoT Analytics forecasts that spending on Industry 4.0 products and services will skyrocket from $119 billion in 2020 to $310 billion in 2023. Those leading the charge and most likely to gain the most from investing in industrial IoT include manufacturing, transportation, and logistics and utilities — each projected to spend $40 billion on IoT platforms, systems and services by 2020.
Introducing new technology into traditionally analog environments means increased security risk as more “things” come online. While automation and AI-powered tools are streamlining operations, maintenance and user experience, they are also creating new doors for intrusion and, ultimately, negative results like the loss of IP, downtime or even bodily harm.
Here are the two biggest trends to watch that could significantly affect how you manage security and risk.
The Risk of AI-Powered Solutions
The application of AI and ML to nefarious cyber operations could make it easier to carry out attacks at machine speeds. Smart malware that learns and adapts as it spreads, machine learning that coordinates global attacks and predictive analysis for attack optimization — they’re all closer to reality than you think.
In industrial settings, operational technology (OT) security teams will increasingly adopt AI-powered defense mechanisms to thwart these smart threats as they arise. But even those tools can be subject to sabotage. Threat actors could poison the data well AI tools train on. Biased data sets could completely throw off an algorithm’s training.
That’s why it is crucial for human operators to remain involved in industrial environments with smart and automated assets and processes. Organizations need to consider Human in the Loop-type frameworks that combine technical approaches as well as management aspects with the deployment and use of AI and ML. There can’t be blind trust.
Edge Computing and the Spread of Sensitive Assets
As more IoT devices come online, the idea of edge computing has become popular as a way to deal with the large amounts of data being generated. In particular, the focus is on processing and analyzing data on devices at the edge of the network instead of a central hub or data center. The goal is to deliver better performance to reduce operational strain and cost. You’re probably already guessing where this is going.
Implementing this kind of infrastructure inherently expands organizations’ attack surfaces with new attack vectors. This issue is worse when you consider the diversity of IoT cases and how different they are from older, legacy IT technology. There aren’t existing IoT standards to help regulate security like there are for IT.
Just tracking and monitoring devices on the edge could lead to problems. There is also the issue of default and weak credentials for these devices. Insecure communication could be a problem as well. Not all devices are viewed as critical, but even seemingly insignificant information can be valuable to attackers – something as small as monitoring a thermostat’s daily use could signal whether people are in a building or not. We also can’t forget about the physical security risk around edge computing like tampering and damage.
Ultimately, both AI-powered solutions and edge technology have huge potential to make the promises of Industry 4.0 reality. But they can’t be taken at face value. Those responsible for breaking ground on the implementation and use of these new technologies need to make sure they do so in a way that does not introduce more risk than benefit.