IoT security took center stage at the IMC IoT Summit panel “Industrial Cybersecurity: Key Considerations for Manufacturing & Fabrication” last month. Aeris co-founder and chief evangelist, Syed “Z” Hosain, joined Ellen Boehm, senior vice president of Global IoT Strategy & Ops at Keyfactor, for a wide-ranging conversation around the state of cellular IoT security at large, and how manufacturing enterprises should prepare now to adequately secure their IoT investments.
“IoT is indeed a place where cyberattacks are growing,” Z said during the virtual event.
We sat down with Z after the webinar to dig a little deeper into some of his points. Here are some of his key insights – and pieces of advice – for manufacturing enterprises leveraging cellular IoT programs.
1. Growing IoT Security Challenges
One of the points Z hit home throughout the webinar and the subsequent discussion was the significant growth in cellular IoT cybersecurity attacks, which have increased as more and more IoT devices are deployed into the field. Z noted that 90% of all IoT traffic is unencrypted according to Z-Scaler, leaving it vulnerable to cyberattacks, which can cost enterprises $4.24 million per breach, according to IBM.
However, the largest hurdle all enterprises leveraging IoT solutions must overcome is securing IoT devices at scale.
“When you have a large number of devices, it’s not easy to take care of problems once they leave the factory and are in the field,” Z said. “When you have 100,000 devices or more, touching them and fixing them all is incredibly difficult.”
2. Cybersecurity Threats in the Manufacturing Sector
After the webinar, Z walked through some specific ways hackers pose a threat to manufacturing operations.
“Bad actors can create havoc and damage manufacturing products and tools,” he said.
One theoretical example Z laid out was a 3D printing operation being tampered with by hackers so the outputs do not meet a client’s manufacturing specifications. Z also warned of threat actors altering vital maintenance reporting thresholds – like unusual vibration intensity or rotations per minute beyond system tolerances – so that equipment becomes damaged.
3. Leveraging ML Solutions to Improve IoT Security Postures
During the webinar, Z discussed some of the key considerations manufacturing organizations should take into account when implementing and maintaining cellular IoT programs. He noted that IoT transmissions often follow distinct patterns, which is a reason why machine learning (ML) models are excellent options to detect malicious and anomalous device and network traffic. Z noted that bad actors are constantly seeking new vulnerabilities in connected devices, and “static security is not sufficiently future-proofed.”
After the webinar, Z spoke at length about the impact ML-empowered solutions have on detecting nefarious traffic.
“ML tools are easier with IoT data because the patterns are so strong,” Z said.
IoT devices generate regular, patterned data, which makes it easier for ML solutions to detect deviations and changes to said patterns. Z noted that ML solutions would not be helpful if the data was completely random and without any pattern. But because of the regular usage of IoT devices, ML models can fit the data well, and these solutions are the perfect method to spot nefarious traffic and usage patterns.
4. Security Close to the Edge
During the webinar, Z recommended that manufacturing organizations leverage network detection and response (NDR) solutions. He suggested that organizations implement these solutions as close to the edge as possible to “contain the blast radius” of a potential cybersecurity attack. This also reduces the detection “dwell time” for rapid recognition of an attack.
“The breach of a single device allows attacks to breach a family of devices using an application,” Z said, before emphasizing the need to rapidly detect and respond to attacks. He also noted that when multiple organizations are operating off the same centralized server, if one organization is compromised, then the problem ripples out to the rest of the users.
Z encouraged enterprises to set up strict security solutions at various levels (i.e., implement “defense in depth”) throughout an IoT program – like in the cloud or on a server – but to ensure that devices on the edge are tightly secured to begin with using standards (for example, IEC 62443 Automation and Control Systems) to contain cybersecurity attacks as much as possible.
You can dive into the rest of Z’s recommendations by watching the webinar on-demand here.