9 best practices to improve security in industrial IoT

9 best practices to improve security in industrial IoT

Conner Forrest has nothing to disclose. He doesnt hold investments in the technology companies he covers.

Internet of Things security: What happens when every device is smart and you dont even know it?(ZDNet)

Industrials organizations need to understand that risk is not static, Kotian said. These organizations should account for legal ownership of IoT components and the supporting systems. The physical consequences of IIoT errors can be much more grave than other IoT breaches.

Stay informed, click here to subscribe to the TechRepublic Cybersecurity Insider newsletter.

Top 5: Ways to create secure IoT devices(TechRepublic)

3 inexpensive steps to secure IoT(TechRepublic)

How IoT hackers turned a universitys network against itself(ZDNet)

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.

Dell EMCs senior product manager for IoT security, Rohan Kotian, hosted a presentation at Dell EMC World explaining how industrial enterprises can protect their IoT deployments.

At a presentation during the 2017 Dell EMC World conference in Las Vegas, Rohan Kotian, senior product manager for IoT security at Dell EMC, explained the major trends affecting industrial IoT. Here are nine best practices Kotian recommended for improving industrial IoT security

Can Russian hackers be stopped? Heres why it might take 20 years

When thinking about IIoT devices, IT needs to think about security features involved with on-boarding, authentication, and provisioning. The data sent by the devices is also a critical security concern. Data integrity and confidentiality should be a top focus, Kotian said, with businesses constantly thinking about where the data is moving and how theyll encrypt it. Asset management and visibility, along with behavior analytics are also top considerations.

Examples like the Stuxnet worm, which took down large nuclear centrifuges, and attacks that took down part of the power grid in Ukraine are often seen asweapons confined to cyber warfare. However, as more and more industrial systems become connected, similar attacks could be seen among businesses in the future.

Kotian noted that a proper security posture for IIoT must consider operations as well. Once an organization has classified the risks facing it, it must build out a security framework to address these risks.

The new commute: How driverless cars, hyperloop, and drones will change our travel plans

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

The Brexit dilemma: Will Londons start-ups stay or go?

Security concerns around the Internet of Things (IoT) are growing, but the issues can be especially problematic in industrial organizations, where connected devices often control heavy machinery and dangerous systems.

Vendor comparison: DIY home security systems

Outside of devices, the gateway is also a critical security vector in IIoT. Captain recommends that organizations follow best practices and system hardening for starters. Secure boot and execution, and secure credential storage can help these companies better secure their gateways, Kotian said.

Why deepfakes are a real threat to elections and society

Security in IIoT requires specific considerations. End-to-end security must be handled from edge to cloud and security technologies must be wrapped around legacy systems, Kotian said. IT must also account for constrained system resources and work to get the right mix of human and automation interaction.

How to become an IoT developer: 6 tips(TechRepublic)

Dark Web: A cheat sheet for business professionals

The recent Mirai botnet distributed denial-of-service (DDoS) attack took down a popular DNS service and left many internet companies out of commission. Being that most IoT devices have default or no credentials, the Mirai botnet spread rapidly, Kotian said. However, a security framework has been built up around Mirai, which can be leveraged by companies to protect against future attacks.

Industry standards should be used for authentication and authorization to secure access to company data, Kotian said. Additionally, firms must ensure data integrity and protection as well, and focus on secure credential management for keys, credentials, and access tokens.

SEE:Internet of Things policy template(Tech Pro Research)

Digital transformation in 2019: A business leaders guide to future challenges and opportunities

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

From the manufacturer, many IoT devices come with minimal security controls, if any at all. Clarity of asset ownership, lack of standardization, flat network issues, inefficient patch management, and resource constraints are all concerns that should be taken into account, Kotian said.

10 signs you may not be cut out for a cybersecurity job

Americas coolest company: How Big Ass Fans went from cooling cows to a multinational tech powerhouse

Cybersecurity no. 1 challenge for CXOs, but only 39% have a defense strategy

IIoT requires IT and OT to work together. Although, the two often have different goals and concerns. IT is often concerned with infrastructure, security, and governance; while OT can sometimes be focused on yield, quality, and efficiency, Kotian said. 

Businesses must think of who needs to involved in their IoT deployment and these employees can share a mission. Its also important to note that IT and OT approach security differently, evaluating different risks, focusing on different patching cycles, protocols, and more, Kotian said.

Another trend is that ransomware is moving from files to devices, with attackers beginning to target IoT devices. Attackers are also exploiting old vulnerabilities on old devices that havent been updated, Kotian said. Additionally, the search service Shodan offers a broad look into open IoT devices.

Telephone interview cheat sheet: Field/systems technician

Our editors highlight the TechRepublic articles, galleries, and videos that you absolutely cannot miss to stay current on the latest IT news, innovations, and tips.

Telephone interview cheat sheet: Computer bench technician

The fog, or adding compute to the edge offers three advantages, Kotian said. First, it brings real-time decision making through edge analytics. Second, data transfer cost is reduced with compression and cleansing. And third, security and data continuity can be improved through local operations.

Leave a Comment