Internet of Things Security Risks in Manufacturing
Manufacturing facilities used to be able to rely on “air gaps”—the lack of connectivity between their equipment and the outside world—to provide security for computerized equipment in the plant. The rise of the Internet of Things (IoT) is changing that. Equipment inside the shop is now connected to outside vendors for managing orders, supplies and raw materials, and workflows.
While these connections can streamline processing and increase quality, they also introduce the risk of unauthorized access to the manufacturer’s computers and data. As a result, manufacturers need to make the security of their operational technology an information technology priority.
Risks Are Real
The risks for companies that ignore computer security are significant. Deloitte found that 40 percent had experienced a security incident and more than one third of those incidents ended up costing more than $1 million. The study also found that few companies treat IoT risks as part of their overall incident response plan, meaning that most companies are vulnerable to these threats. The IoT has already been used in attacks, such as the Mirai distributed denial of service (DDoS) attack that used connected cameras to bring down servers, and Forrester predicts those attacks will only get bigger in 2017.
Threats Go Beyond Data
The threat from connected devices differs from the threat of connected business systems. It’s true that connected devices provide an entry point into the enterprise network that can enable access to corporate data. There’s also vulnerability that comes from data the IoT vendors store insecurely in their backend systems, and from the possibility of exposing communications between devices that don’t use a secure, encrypted transmission protocol. IoT devices may become vulnerable to ransomware, potentially shutting down a manufacturing process.
But the biggest risks come from the potential ability of hackers to gain access to IoT devices and then affect systems in the real world. Hackers with access to connected thermostats and light bulbs can change climate settings and turn off the light, and hackers with access to industrial control systems can alter manufacturing processes and create dangerous threats to public safety.
Coping with IoT Security Risks
IoT systems are difficult to protect effectively because they have limited computing power that may lack the capacity to use tools like encryption. Updating these devices with patches is often difficult. Because the devices are small and easily installed, it’s difficult for companies to even know where they are located.
The most basic security measure is to change the default, administrator passwords on these devices. Companies need to incorporate their industrial control systems into vulnerability testing in order to identify and react to the risks of these devices; few companies are taking this step, according to Deloitte’s report. Companies should also look at developing IoT policies similar to their mobile device policies in order to define which devices are permitted and how they are allowed to be used.
It’s also important to have the appropriate network security, with segmentation and firewall settings that protect the most sensitive connected equipment. Network monitoring that can identify unexpected IoT usage is also important.
Work With Security Experts
Prescient Solutions is an experienced IT services provider. With certified security experts on our team, along with our experience supporting both large and small-scale manufacturers, we understand the challenges the IoT adds to achieving security in a manufacturing facility. Contact us to learn how our services can help you protect your systems while you leverage the best of today’s technology.