Industrial IoT (IIoT) will Require Embedded Hardware Security

http://electronicsforu.com/technology-trends/industrial-iot-iiot-will-require-embedded-hardware-security?utm_source=eotpage&utm_medium=eotpage&utm_campaign=eotpage&utm_content=eotposts

Hardware security is needed in IIoT according to Maxim.

3 Comments

  1. Tomi Engdahl says:

    Develop safety through security
    http://www.controleng.com/single-article/develop-safety-through-security/511e8d46c4a71b08c126311430c37c1b.html

    Safety implications of security often end up overlooked and companies need to learn how to assess, manage and mitigate risks for industrial security.

    As organizations implement connected, information-enabled architectures to improve productivity, efficiency and safety that means industrial security cannot be too far behind.

    Whether it’s remote access to production machinery, wireless access to pumping stations, or connecting plant-floor equipment to the IT infrastructure, greater connectivity can provide significant improvements in productivity and safety. But it also increases risks—not only to intellectual property, profits and mission-critical production assets, but also to people and the environment.

    The connected enterprise unites people, processes and things. It brings together enterprise-level IT and plant-level operations technology (OT) systems into a common network infrastructure. And it harnesses the power of enabling technologies, from data and analytics software to smart devices that make up the Internet of Things (IoT).

    What does this mean for manufacturers and industrial operators? It means production intelligence for measuring and improving nearly every aspect of their operations, including quality, productivity, uptime and overall equipment effectiveness (OEE). It means enterprise-wide connectivity for instantaneous information sharing and seamless collaboration across an organization. It means remote monitoring of critical production assets and systems dispersed across remote locations.

    For all the opportunities, however, there are also risks. More connection points can create more entrance points for security threats. These threats can be physical or digital, internal or external, and malicious or unintentional. And they can pose a danger in many ways, including intellectual property loss, disrupted operations and compromised product quality.

    Safety as attack vector

    Breached machine- and process-safety systems can create cascading safety consequences.

    For starters, compromised safety systems that don’t stop machines when they reach a dangerous state or when a safety device ends up triggered can expose workers to the very threat they should receive protection from. Additionally, safety systems that aren’t able to stop production beyond certain operating conditions can expose other employees or an entire plant to risks, such as fires, chemical leaks or explosions.

    The risks can be especially high in industries where employees work with hazardous or volatile materials, such as in chemical manufacturing. And the risks will only grow as collaborative robotics become more prevalent, with employees and robots working side-by-side on production lines.

    Reply
  2. Tomi Engdahl says:

    Cybersecurity risk spikes with mingling of operations and IT technologies
    Resources available to learn about cybersecurity frameworks; receive alerts, advisories and reports.
    http://www.controleng.com/single-article/cybersecurity-risk-spikes-with-mingling-of-operations-and-it-technologies/bbb3537f376de9e28d66383261d7a199.html?OCVALIDATE&email=tomi.engdahl@netcontrol.fi&ocid=101781

    The growing threat

    The threat is not hypothetical. The global energy industry has already experienced a number of significant incidents. Remote cybersecurity attacks were reportedly used to cause the 2008 explosion of a pipeline in Turkey. In December 2015, the first successful disruption of a public energy grid occurred in Ukraine when attackers used a spear-phishing campaign to obtain administrator credentials, then remotely accessed the SCADA network and halted electricity distribution. The resulting blackouts affected more than 230,000 customers.

    nformation sources

    As you might imagine, responsibility for U.S. federal government functions related to industrial cybersecurity is spread across several departments and agencies. Good places to start your quest for more insight into energy sector cybersecurity include the following:

    The “Cybersecurity framework implementation guidance” from the U.S. Department of Energy includes standards, guidelines and practices to promote the protection of critical infrastructure.
    The U.S. network of oil and gas transportation and distribution pipelines is the purview of the same Transportation Security Administration responsible for security in the 440 airports of the United States. Oil and gas pipeline managers’ can look to the cybersecurity recommendations in the Transportation Security Administration’s “Pipeline security guidelines.”
    The Federal Energy Regulatory Commission (FERC) is an independent agency that regulates interstate transmission of electricity, natural gas and oil. The North American Electric Reliability Corporation (NERC), which FERC has certified as the nation’s “electric reliability organization,” has developed critical infrastructure protection (CIP) cybersecurity reliability standards for electric smart grids.

    Note that while these standards are a good place to begin, following their recommendations is in no way mandatory. Moreover, they do not create incentives for the continual improvement and adaptation needed to respond effectively to rapidly evolving threats.

    In addition, The SANS Institute’s “CIS critical security controls” provide guidance for implementing cybersecurity and risk management programs specifically for critical infrastructure. The SANS Institute was established in 1989 as a cooperative research and education organization. It says it is the largest source in the world for information-security training and security certification in the world.

    Besides the adoption of frameworks, energy-asset owners and operators should develop appropriate supporting management practices, including employee training, performance tracking metrics and business intelligence related to their cybersecurity program.

    Cultural aspects of security

    Energy companies must develop a risk-management culture that focuses on identifying and preventing cybersecurity vulnerabilities. This can be done in much the same way a culture for identifying and eliminating threats to physical safety of individuals and infrastructure was developed in the U.S. and Europe in the past. The cultural aspects of security are especially a matter of concern because employees are often one of the weakest links in cybersecurity.

    Reply
  3. Tomi Engdahl says:

    New Report Highlights Dangers of Hacked Factory Robots
    http://spectrum.ieee.org/automaton/robotics/industrial-robots/report-dangers-of-hacked-factory-robots

    Earlier this month, computer-security firm Trend Micro, in collaboration with researchers at Polytechnic University of Milan, released a report titled, “Rogue Robots.” No, they weren’t writing about the threat of runaway artificial intelligence or Terminator-like “killer robots.” Rather, they were exploring how malevolent hackers might compromise various kinds of industrial robots, whose number is expected to reach 2.6 million units worldwide by 2019.

    https://documents.trendmicro.com/assets/wp/wp-industrial-robot-security.pdf

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*