By Evan Birkhead, VP Marketing and Business Development, Bayshore Networks
At the first Industrial Internet Security Forum, held Tuesday at IBM headquarters in New York City, attendees were privileged to hear from leading cybersecurity technologists.
Here are three take-aways from the event:
1. The best minds in security are turning their attention to protecting against industrial cyber attacks.
Early on, the Industrial Internet Consortium recognized that security is a critical overlay to the Industrial IoT. To its credit, the organization has worked hard to ensure that the Security Working Group is afforded an influential voice on all IIC projects. The presenters in New York, primarily representing the Working Group, proved that we’re in good hands.
Meanwhile, the industrial security challenge ahead is huge. In her keynote, Beth Hoenicke, Senior ICS Strategist at Johns Hopkins University’s Applied Physics Lab, described the challenge as “definitely something bigger than ourselves, our view of the world, our perspective.” She explained that IoT security is different because the attack surface has exponentially expanded.
The experts weren’t shy about suggesting solutions. For new products, Hoenicke recommended that security should be designed into the product, not added as an afterthought. For legacy systems, she recommends employment of defense in depth, where multiple layers of security and redundant systems integrate with physical security systems.
Security Forum panelists
2. Those best minds agree on one thing: with 50 billion IoT connections by 2020, no network will ever be 100 percent bullet proof.
If someone wants to break into your network, they’re going to. For one thing, there’s always the risk of an insider attack. Executive-level security professionals, including heavyweights from GE, IBM and Symantec, repeated this theme like a mantra.
That appeared to motivate Fujitsu’s Jesus Molina, who reviewed the Security Working Group Best Practices. He explained that industrial systems with “cyber-physical components” were created with security assumptions that are no longer valid, such as air gapped systems and a reliance on proprietary protocols.
The new industrial revolution, with sensors collecting vast amounts of data that can help the cause, breaks these assumptions and requires a fresh look at security. To keep pace, Molina reported that his Working Group is addressing the problem by creating new definitions, models and best practices guidelines that help today’s IT and OT directors anticipate future risks.
Jesus Molina, Fujitsu
3. Bad guys are everywhere. So thank goodness for the good guys.
On his panel, Bayshore CEO Francis Cianfrocca joked that if it weren’t for all the bad guys, there wouldn’t be a need for a security industry.
In that case, be thankful for these good guys. Case studies from Infineon and Belden showcased progressive solutions for protecting railway control systems and wastewater treatment plants respectively. Johns Hopkin’s Hoenicke, explaining that health care might be the place where IoT security takes off first, provided a healthcare case study,
Citing McKinsey statistics on the Economic Impact of Global IoT applications, Hoenicke explained that 40% of global impact of IoT will occur in healthcare by 2025. The 3.7M medical devices in the US alone have a 97% Wi-fi adoption rate.
Healthcare, Energy, Manufacturing, Oil & Gas, Smart Cities; the IIC intends to accelerate the growth of the Industrial Internet by coordinating ecosystem initiatives, such as these, that lead to transformational business outcomes. Fortunately for us, the good guys are making that possible.
Steve Hanna, Infineon Technologies