Security Experts:

COVID’s Silver Lining: The Acceleration of the Extended IoT

Acceleration of XIoT unlocked business opportunities and ignited security innovation

Most experts agree that over the past two years, COVID has accelerated digital transformation significantly – by five to 10 years – as has the convergence of physical and digital assets. Ransomware attacks against hospitals, oil pipelines, food supply chains, and other critical infrastructure brought into sharp focus the high criticality of cyber-physical systems (CPS) and their exposure to attacks. With more time, the security industry would have been better prepared to address the cyber risks of converged CPS. However, I’d like to argue that this acceleration and the functions it forced are the silver lining of the COVID pandemic. Here’s why.

Let’s start with defining what we mean by CPS. NIST defines CPS as “comprising interacting digital, analog, physical, and human components engineered for function through integrated physics and logic.” Other phrases include IoT, Industrial Internet, Smart Cities, Smart Grid and "Smart" Anything (e.g., cars, buildings, homes, manufacturing, hospitals, appliances). 

For simplicity, these categories can be referred to holistically as the Extended IoT (XIoT), with three main components:

1. Industrial IoT (IIoT) and operational technology (OT) are all the cyber-physical processes and equipment such as programmable logic controllers (PLCs) that support critical processes in industrial environments. These systems are connected internally to workstations that can typically be accessed remotely for maintenance; other cyber components include IIoT devices such as smart sensors. The 16 critical infrastructure sectors as defined by CISA – from manufacturing to energy to transportation – rely on these interconnected processes and systems. 

2. Healthcare IoT includes medical imaging equipment such as MRI machines and CT scanners, as well as internet of medical things (IoMT) devices such as smart vitals monitors and infusion pumps that support critical care delivery in healthcare environments. These systems are usually connected to organizations’ IT networks.

3. All other IoT devices used in smart cities, smart grids, Enterprise IoT, and smart “anything.” 

Acceleration of the XIoT was net positive for a few reasons, as it: 

• Unlocked business opportunities. Projects related to digital transformation and connectivity that were not being funded or prioritized due to challenges of running the daily business and digitizing operations, leapfrogged to the top of the list. COVID gave us no choice and forced us to act. What those projects delivered, in addition to the flexibility we needed to respond to the pandemic, was the realization that different modes of work and delivery of goods and services were not only possible but positive, in most cases resulting in actual savings from both a cost and optimization perspective. The new technology interconnections introduced more efficient ways to measure output, calibrate performance and, ultimately, run businesses better. 

• Ignited security innovation. Typically, there is inherent friction between users and security policies. That changed when the pandemic required us to expand the definitions of our work devices and processes so that we could operate securely in this new “perimeter-less” world. We needed new security technologies to identify and monitor all the devices and processes that were previously not interconnected and the new, expanded networks that now touch the XIoT. To speed deployments, security became inseparable from the systems it was protecting. This innovation strengthened and accelerated the adoption of security. 

• Prioritized cybersecurity at the board level. The board of directors not only became well educated on cyber risk, in many cases they became advocates for cybersecurity as a competitive advantage. Securing the XIoT was a huge component, given the prevalence of critical systems across enterprises. Most were affected significantly by interconnectivity and had to rethink how to expand their cyber governance to include all assets and devices. The pandemic mandated that board members, traditionally from finance backgrounds, understand the proactive measures companies must take with respect to digital transformation and related cybersecurity posture to stay relevant and competitive. Reflecting this new reality, many CIOs, CISOs, and digital transformation executives became board directors.

• Raised executive awareness of XIoT. Lastly, we saw a trend of executive teams and CEOs becoming well versed in the convergence of cyber and physical systems, understanding the competitive advantages that interconnectivity brings and the inevitable risks, and learning how to mitigate those with security technologies and overall expanded risk governance. The surge in attacks that take advantage of this convergence is different in severity and priority from attacks that compromise IT networks and exfiltrate personal data, because they put our lives and livelihoods at risk. Gartner predicts that incidents that lead to physical harm to people, destruction of property, or environmental disasters will expose CEOs to personal liability.

In this landscape, security technologies that can deliver optimized, cross-platform solutions that cover full connectivity between the cyber and physical worlds are preferred by security teams. Given the range and complexity of XIoT, it’s understandable that CISOs want to consolidate their risk governance processes and have a comprehensive view across all aspects and elements of their networks, spanning industrial, healthcare, and enterprise environments. Efficiency and ease of use are also key considerations and we’ve seen a great deal of progress in those areas as organizations have had to move at warp speed to survive and thrive. 

For the last two years we’ve operated under the cloud of COVID. But its silver lining has been the acceleration of the XIoT, the value it delivers to organizations, and the people they serve. With proof we can move forward faster, securely, there is no turning back. The opportunities to think and do differently are limitless, and exciting!

view counter
Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.