Solving the Industrial IoT Challenge: How Manufacturing Companies Can Keep Devices Secure
Whether manufacturing organizations are retrofitting IoT devices into existing manufacturing equipment or buying new equipment that already includes IoT devices and sensors, it is clear that IoT devices are poised to dramatically improve manufacturing efficiency.
The “IoT in manufacturing” market is predicted to grow at a 29% compound annual growth rate to become a $45.3 billion market by 2022. IoT devices are especially valuable in terms of productivity and planning for critical infrastructure manufacturers. The Department of Homeland Security defines four primary areas of critical infrastructure manufacturing:
- Primary metal manufacturing
- Machinery manufacturing
- Electrical equipment, appliance and component manufacturing
- Transportation equipment manufacturing
These products are essential for a nation to run effectively, so better planning and more efficient production by manufacturers can benefit millions of people nationwide.
IoT devices speed manufacturing efficiency and improve productivity
Manufacturers are incorporating IoT devices and sensors to capture data and communicate with devices that reduce unplanned interruptions, improve quality, and transform the supply chain. They can use IoT devices to track energy consumption, heat levels, goods in transit and much more.
As IoT devices make manufacturing equipment smarter, organizations can improve efficiency in three ways:
- Reduced downtime. IoT devices can help gauge imminent equipment failure using heat sensors. These devices provide alerts when machines are starting to overheat or vibrate. They can also provide historic data to predict when parts, maintenance or equipment replacements are needed, so manufacturers can better forecast and plan maintenance. In many cases, equipment can even download updates or upgrades on-demand to increase efficiency.
- Better visibility into the supply chain. Having IoT devices in the supply chain provides precise information on current supply, demand, and the ability to track goods in transit. This enables organizations to more effectively plan and scale manufacturing in shorter timelines. IoT devices can also feed relevant information into machine learning technology to create an optimized, predictive and automated process.
- More efficient manufacturing operations. IoT devices can make the manufacturing floor more efficient by using real-time analytics from these interconnected devices. Instead of improving processes when a lag is noticed at the end of a shift, alerts can be triggered earlier in a shift, so the root cause can be identified and solved quickly. Using IoT devices or programmable logic controllers, manufacturers can collate data from all machines and processes to find efficiencies in the process and equipment. In addition, organizations can increase yield by using IoT devices and sensors for early quality detection. By sensing quality issues sooner, organizations can drive down the costs of production and raw materials. Furthermore, IoT devices and sensors can be used for smart energy management, to help identify waste and boost efficiency.
The challenge of IoT devices
While IoT devices can drive numerous positive changes in the manufacturing industry, one of the biggest challenges is cybersecurity. Built for autonomous machine-to-machine connection, IoT devices change how organizations collect data, automate services and structure interdependent systems. Since most IoT devices have little or no inherent security, they present an easy target for cyber attackers. Hackers can quickly scan a network, identify these weak spots, and then use the IoT devices to access and move throughout a network.
Lax IoT device security is a known network weakness and a security gap that is particularly concerning for critical infrastructure organizations and the U.S. government. “The growing dependency on network-connected technologies is outpacing the means to secure them,” Jeh Johnson, secretary of Homeland Security said. “Securing the Internet of Things has become a matter of homeland security.”
The amount of unsecured IoT devices connected to networks is exploding and as a result, the attack surface is growing exponentially. With today’s global environment, most networks are accessed by a vast array of endpoints in varying locations. It is critical to ensure IoT and other endpoint devices do not compromise network security.
Securing IoT devices – how to close the security gap
One of the easiest and most effective ways for critical infrastructure manufacturing organizations to secure IoT devices is to use an advanced Network Access Control (NAC) solution as a compensating control. Comprehensive NAC security should provide complete visibility, control and automated threat response. Advanced NAC security can not only secure IoT devices, it can also secure programmable logic controllers (PLCs), BYOD devices and other endpoints common to manufacturing organizations. There are three critical components of NAC security:
Visibility: Since it is impossible to protect the network from a threat you cannot see, visibility is a crucial first step in securing IoT and other endpoint devices. Visibility simplifies centralized management and ensures that if a device is compromised, it can be located quickly, even if the device is in a remote location. It should also be able to identify a new headless device, and notify the device sponsor to authorize the device onto the network. A good NAC security solution should see and verify headless devices every time a device connects or re-connects to the network. In addition, a complete visibility solution records every action taken by every device and provides contextual information that speeds time to remediation. Right now, many organizations receive alerts of suspicious activities for a specific IP address, then spend hours trying to manually track down the suspect device. Critical infrastructure organizations cannot risk this dwell time – it is crucial to deploy a solution that provides the requisite visibility to immediately pinpoint a suspect device. A good NAC security solution solves this challenge in seconds, and also satisfies several National Institute of Standards and Technology (NIST) requirements.
Control: Critical infrastructure organizations require advanced NAC security for granular control of endpoint access policies and permissions. The ability to customize individual levels of access is crucial for many regulatory requirements, as well as a safety precaution that can limit access to an organization’s most sensitive data and devices. In addition, a good NAC security solution simplifies and supports network segmentation right to the network edge, creating numerous VLANS that limit cross-talk and secure the network from the spread of lateral or east/west virus attacks. If critical infrastructure organizations segment IoT devices on separate VLANs from other data and critical systems, this further secures the wider network and critical data in case of a breach.
Automated response: Reducing dwell time can reduce the impact of most threats. By implementing NAC security with real-time automated threat response, organizations can reduce dwell time from months to seconds. For example, if an IoT device starts pinging your DNS server, it can be tracked, an alert can be generated, and the port can be immediately locked down, while the situation waits for analyst review. Advanced NAC security solutions can also scan BYOD, guest and contractor devices on a pre-connect basis to ensure they comply with minimum network security standards. In addition, these solutions can continuously monitor the devices while connected, and automatically isolate a device if it falls out of compliance or begins to behave in a suspicious way. Once a device is isolated, the best solutions can triage and deliver the alert, along with all the contextual information, to an analyst. This speeds time-to-resolution and reduces the burden on strained IT resources.
As manufacturing organizations increase the use of IoT devices for efficiency, it is important that NAC security solutions are implemented to control these unsecured devices. For more information on protecting critical infrastructure organizations, view our on-demand webinar, “Critical Infrastructure Under Cyber Attack: 3 Proactive Steps to Drive Prevention.”
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about our services or just want to chat security please give us a shout.If you’re looking to guest blog, please send an email here.You can also find us on Twitter, Facebook, LinkedIn.
Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization.