Smart and secure: IIoT rewards come with risks

Cyber-attacks cause business disruptions, damaged machinery, result in lost revenues and may even cost lives. PHOTO: THINKSTOCK

The term ‘smart devices’ may conjure images of consumer appliances such as refrigerators and thermostats that you can control remotely, but they’re also transforming manufacturing by improving productivity and cutting costs.

Experts believe the adoption and use of smart devices will be a catalyst and an enabler of Industry 4.0, the fourth industrial revolution, and it will be defined by the pivotal role of the Industrial Internet of Things’ (IIoT).

Smart, connected devices digitize the manufacturing process by using machine-to-machine (or person-to-machine) communication to relay, synthesize, evaluate, exchange and analyze data. This process improves warehouse inventory management, quality control, preventive maintenance and repair work.

IIoT has already been adopted by some of the world’s biggest companies. According to a 2016 TATA Consultancy Survey, manufacturers implementing IIoT solutions saw revenues increase by an average of 28.5% between 2013 and 2014. IIoT investment is to increase to $70 billion by 2020 from $29 billion in 2015; andMcKinsey & Co. estimates IIoT’s economic impact could reach $3.7 trillion by 2025.

But early adoption comes with its own, unique set of challenges. All the necessary security safeguards required to protect networks, data and systems from cyber-attacks may not be in place, and the problem is exacerbated by the fast-paced evolution of the risks.

Considering IIoT devices are connected to one another and the internet, the scale of an attack could be large and difficult to contain. Attacks on systems result in prolonged business disruptions, physical damage, and lost revenue. Threats include the disruption of the digitization process, such as intellectual property and production metrics, and the destruction of equiment.
Cyber-attacks are not theoretical. In 2014, a German steel plant was the target of hackers who sent spear-phishing e-mails to infect its computers. The attack prevented a blast furnace from initiating its safety settings, which then caused extensive physical damage to the plant.

Given the damage unsecured IIoT devices cause, a comprehensive security program is a must.

By deploying strong cybersecurity measures, manufacturers protect themselves, their employees and their customers.

Steps to take

Most organizations have adopted well-known frameworks, such as those developed by the National Institute of Standards Technology (NIST). It recommends the following approach:

Identify. Assess your network and identify the gaps vulnerable to a cyber-attack.
Protect. Apply appropriate safeguards to protect critical infrastructure.
Detect. Put procedures in place to identify potential cyber threats.
Respond. Set up an action plan to deal with a threat when it’s detected.
Recover. Maintain plans for resilience and restoring any capabilities or services that were impaired by a cyber event.

Retain external consultants to test the security of IIoT devices within the manufacturing supply chain. Also consider legal counsel that specializes in cybersecurity to review contracts with IIoT manufacturers. Include key provisions that ensure updated software versions are pushed out automatically or devices are deployed based on a “security by design” model. Consult with insurance brokers to ensure an existing policy covers physical and cyber damages.

Despite the risks, IIoT optimizes operations and significantly improves the manufacturing process, but take the necessary steps to protect your systems.

Imran Ahmad is a partner specializing in cybersecurity law at Miller Thomson LLP in Toronto. Sarah Nasrullah practices cybersecurity law in Toronto.