Internet of Things (IoT) reshaped society and ignited the Fourth Industrial Revolution. With more consumers embracing this new technology, industries, governments, and businesses are also starting to integrate IoT in their mechanisms.
The application of IoT in industrial operations is known as the Industrial Internet of Things (IIoT). Harnessing the power of IIoT, limits are being redefined.
With IIoT, the interconnectedness of the underlying systems and operations are strengthened. This consequently heightens productivity, efficiency, and reliability. However, the connections offered by IIoT is a double-edged sword — attackers can exploit this very strength of IIoT to create much more complex and encompassing vulnerabilities. Needless to say, the impact of disruptions in IIoT systems are way more catastrophic.
With so much at stake, cybersecurity must be the first priority. In their white paper, World Economic Forum digs deep into protocols which lays down baseline conditions to improve the security of IIoT systems.
Line of Business IIoT Device Safeguards
WEF listed down safeguards that must be implemented by entities that handle IIoT systems. This is one way to ensure effective risk management and mitigation.
- Employment of risk-assessment models to identify assets that require protection and risk factors.
- Segmentation of the identified assets based on common security requirements into subsystems with restricted access in between each segment.
- Ensuring device integrity and availability by employing appropriate protective models.
- Compliance with up-to-date encryption protocols and practices.
- Proficiency in delivering system updates and patches.
- Encryption of personally identifiable data to maintain privacy.
- Ensuring interoperability — the ability of IIoT devices to communicate via standard protocols
- Making sure IIoT devices are subjected to a standardized software development life cycle and methodologies.
- Creation of trust zones that will outline the communication paths of the IIoT system
- Establishment of coordinated vulnerability disclosures.
Internal Governance and Risk Management
Apart from these safeguards, entities handling IIoT systems must also exhibit good governance and business practices. WEF created a business model enumerating desirable practices which it adapted from its publication, “Advancing Cyber Resilience: Principles and Tools for Boards.”
- Board oversight of IIoT cyber-strategies
- Top-level accountability
- Integration of cyber-resilience in business strategies
- Frequent and thorough assessment of IIoT systems
- Periodic testing of IIoT cybersecurity and resiliency through proven methods such as penetration testing
- Tracking and addressing legacy and obsolete solutions
- Sharing of information on vulnerabilities with related government agencies and private sectors.
- Development of cyber-event handling procedures
Record-Keeping and Metrics
Decision-makers should also have the means to monitor and measure the security of IIoT systems.
- Performance indicators will serve as guides to business personnel in making appropriate security-related decisions.
- Security metrics, on the other hand, will serve as accountability tools. At the same time, metrics will also ensure that security problems are addressed immediately. Lastly, these can also be used to set standards for compliance to laws and regulations surrounding IIoT systems.