Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Essential IIoT Security Trends for 2020

Technologies like artificial intelligence (AI), augmented reality (AR) and machine learning (ML) once seemed stranger than fiction, but are now playing a growing role in industrial environments. But the change comes with some risks. Market research firm IoT Analytics forecasts that spending on Industry 4.0 products and services will skyrocket from $119 billion in 2020 to $310 billion in 2023.

Technologies like artificial intelligence (AI), augmented reality (AR) and machine learning (ML) once seemed stranger than fiction, but are now playing a growing role in industrial environments. But the change comes with some risks. Market research firm IoT Analytics forecasts that spending on Industry 4.0 products and services will skyrocket from $119 billion in 2020 to $310 billion in 2023. Those leading the charge and most likely to gain the most from investing in industrial IoT include manufacturing, transportation, and logistics and utilities — each projected to spend $40 billion on IoT platforms, systems and services by 2020. 

Introducing new technology into traditionally analog environments means increased security risk as more “things” come online. While automation and AI-powered tools are streamlining operations, maintenance and user experience, they are also creating new doors for intrusion and, ultimately, negative results like the loss of IP, downtime or even bodily harm. 

Here are the two biggest trends to watch that could significantly affect how you manage security and risk. 

The Risk of AI-Powered Solutions

The application of AI and ML to nefarious cyber operations could make it easier to carry out attacks at machine speeds. Smart malware that learns and adapts as it spreads, machine learning that coordinates global attacks and predictive analysis for attack optimization — they’re all closer to reality than you think. 

In industrial settings, operational technology (OT) security teams will increasingly adopt AI-powered defense mechanisms to thwart these smart threats as they arise. But even those tools can be subject to sabotage. Threat actors could poison the data well AI tools train on. Biased data sets could completely throw off an algorithm’s training. 

That’s why it is crucial for human operators to remain involved in industrial environments with smart and automated assets and processes. Organizations need to consider Human in the Loop-type frameworks that combine technical approaches as well as management aspects with the deployment and use of AI and ML. There can’t be blind trust. 

Edge Computing and the Spread of Sensitive Assets

As more IoT devices come online, the idea of edge computing has become popular as a way to deal with the large amounts of data being generated. In particular, the focus is on processing and analyzing data on devices at the edge of the network instead of a central hub or data center. The goal is to deliver better performance to reduce operational strain and cost. You’re probably already guessing where this is going. 

Implementing this kind of infrastructure inherently expands organizations’ attack surfaces with new attack vectors. This issue is worse when you consider the diversity of IoT cases and how different they are from older, legacy IT technology. There aren’t existing IoT standards to help regulate security like there are for IT.

Just tracking and monitoring devices on the edge could lead to problems. There is also the issue of default and weak credentials for these devices. Insecure communication could be a problem as well. Not all devices are viewed as critical, but even seemingly insignificant information can be valuable to attackers – something as small as monitoring a thermostat’s daily use could signal whether people are in a building or not. We also can’t forget about the physical security risk around edge computing like tampering and damage. 

Ultimately, both AI-powered solutions and edge technology have huge potential to make the promises of Industry 4.0 reality. But they can’t be taken at face value. Those responsible for breaking ground on the implementation and use of these new technologies need to make sure they do so in a way that does not introduce more risk than benefit. 

Written By

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...