Industryweek 6196 Technology Promo

Technology: Rethinking Safety in the IoT World

Nov. 27, 2013
"For organizations to thrive in this connected market, they need to be connected... That transcends even the security concerns. You need to be connected to do the job you need to do."

At this point, car hacking is practically a sport. 

A quick YouTube search pulls an endless stream of videos depicting grinning researchers and pranksters hacking into their cars' steering and operation systems with old school Nintendo controllers or custom iPhone apps. There are even some virus-encrypted audio CDs floating about that can hijack a car's total software system to gain remote access and control of everything from dashboard readings to anti-lock brakes.

See Also: Manufacturing Industry Technology News & Trends

And these are just a few of the techniques being explored on some already outdated car models. As the industry moves more toward the next generation of self-driving cars and vehicle-to-vehicle communication, carmakers are starting to worry about the risks that are accompanying all of the perks of the technologies driving it: the Internet of Things (IoT). 

And they're not the only ones. 

Securing IoT

"By 2020, we expect to see 20 billion smart objects connected to the Internet," says Rob Soderbery, senior vice president and general manager, Enterprise Networking Group, at Cisco (IW 500/30).

Of those billions, he says, the connections with the most to gain are in manufacturing and industrial automation. And that puts the whole industry at risk. 

Just as hackers are drawn to the unprotected architectures of automobile software, other nefarious agents are attracted to unprotected connected control systems, smart tools and online architectures of massive online manufacturing enterprise systems. But security breaches in the manufacturing space can have much greater consequences.

On the financial side, studies indicate that even mild attacks cost the industry $40 to $80 billion each year, escalating as the threats target operations. 

And beyond that, "there are lives at stake," Soderbery says. "There are societal issues; there are compliance and regulatory issues. The threat diversity is fundamentally different in this field." 

Changing the Security Game

Even with this risk, however, Michael Assante, advisor and director, National Board of Information Security Examiners (NBISE), argues that manufacturers must continue to embrace the technology. 

"For organizations to thrive in this connected market, they need to be connected," he says. "That transcends even the security concerns. You need to be connected to do the job you need to do."

So it's not a question of isolation anymore, he says. It's a matter of facing these new security challenges head on. And doing so requires a whole new cybersecurity plan. 

"We're going to have to share cybersecurity responsibility across a much wider spectrum than ever before," Assante explains.

"Security is going to be part of an engineer's job. It's getting more into design and planning, even to operations. Soon, it's going to be part of everyone's business."

Evolving cybersecurity to a more safety-inspired model, he says is essential to take on an evolving threat source. 

"We're seeing adversaries that are actually picking your organization out of the crowd," he explains. "We're seeing targeted attacks, more structured. And they're investing."

While security firms are pumping millions into new antivirus and firewall programs, he says, the cyber underground has pumped as much as $3 billion into attack capability. Worse, almost all of the compromised organizations he has worked with had up-to-date antivirus solutions in place and used industry security practices. 

"That tells us that our traditional security approaches are not working in this environment," Assante says. 

"Working together, we can lock these systems down," he argues. "Our goal is not to turn an engineer into a cybersecurity professional. The goal is to inform them in a better way so they can make better engineering decisions. 

To do that, he says, "We've got to work as integrated teams."

Popular Sponsored Recommendations

Secure end-to-end traceability and digitalization. Ensuring security with a specific data model.

July 11, 2023
A secure end-to-end traceability answers key questions. Is the device genuine or counterfeit? Are the designs intact and untampered? How to track origins and destinations? Explore...

2022 Honeywell Industrial Cybersecurity USB Threat Report

April 19, 2023
New research reveals cyber threat levels remain dangerously high. Threats designed for USB exploitation rise to 52% and threats continue to become more prominent and more potent...

An Executive’s Guide to OT Cyber Incident Response

June 28, 2023
Learn what it takes to develop effective and rapid OT incident response capability to meet your organization’s unique needs.

7 Benefits of Adopting Smart Manufacturing

Aug. 9, 2023
Make smart manufacturing a reality.

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!