Securing the industrial internet of things in manufacturing

The rapid growth of Internet of Things (IoT) devices within manufacturing environments creates a complex and evolving security landscape. While the Industrial Internet of Things (IIoT) offers transformative potential, manufacturers must address the accompanying cybersecurity risks to realise the full benefits of the technology. 

On the one hand, industrial environments have long relied on operational technology (OT) - hardware and software to monitor and control physical processes. This includes supervisory control and data acquisition (SCADA) systems in water treatment facilities, for example, and programmable logic controllers (PLCs) on factory lines. These technologies have played a vital role in industrial progress. 

The Industrial IoT, on the other hand, is a collective system that helps interconnected physical devices communicate or exchange data with embedded software and sensors over internet protocols. 

IIoT devices capture and share data, helping enhance efficiency, productivity and reliability across many industrial sectors, including manufacturing, energy and transportation. 

The integration of intelligent digital technologies into manufacturing and industrial processes (Industry 4.0) has seen a surge in IoT adoption across the manufacturing sector. Smart factories are characterised by their use of interconnected sensors, cameras, and machinery to enhance efficiency, resource allocation and proactive maintenance strategies. 

However, this expanded attack surface creates new vulnerabilities. Endpoints such as industrial control systems (ICS), sensors, and connected machinery are particularly susceptible, as evidenced by ransomware attacks targeting manufacturing. These endpoints, often exposed to the internet for remote monitoring and control, provide entry points for malicious actors. Legacy security solutions often struggle with the distributed nature of IoT, leaving manufacturers ill-equipped to manage these threats effectively.

IoT devices, in particular, face various cyber threats, including botnets, ransomware, data breaches, firmware exploits, and denial of service (DDoS) attacks. We have seen numerous striking real-world examples:

• The 2022 ransomware attack on a manufacturer supplying parts to Toyota that caused the automaker to shut down all its factories in Japan for one day, with an estimated production loss of 13,000 vehicles. The production control system for the supplier, which Toyota’s network was connected to, came under attack
• The 2021 Colonial Pipeline attack, another ransomware incident, on a major US fuel pipeline operator. It caused widespread disruptions and fuel shortages after the attackers gained access using a leaked password
• The 2015 Ukrainian power grid attack, a coordinated cyberattack that caused widespread power outages, affecting hundreds of thousands of people. Spear-phishing emails were used to access the industrial control systems

These cases and many others highlight the challenges posed by the rise of IIoT to traditional cybersecurity strategies such as endpoint security programs, specific IoT security platforms and conventional network security measures. We need new approaches. Fortunately, one strategy – the SASE (secure access service edge) framework – is gaining popularity and proving successful. 

Through cloud-based integration of networking and security features, SASE establishes a centralised control plane that enhances threat detection, simplifies device administration and expedites policy enforcement. SASE architectures provide a thorough foundation for improving IoT security in the manufacturing industry

Considering the attacks outlined above in the light of the approach illustrates the potential importance of SASE for securing manufacturing:

• In the case of the ransomware attack on Toyota’s supplier, a SASE framework would have helped by providing centralised control and management of assets, reducing the attack surface, and providing stringent access controls to prevent unauthorised entrance into critical systems
• Identity-based security measures through SASE and principles of Zero Trust would have prevented unauthorised access to Colonial Pipeline’s systems and reduced the impact of the attacks on critical infrastructure
• The Ukrainian power grid attack could have been prevented by the SASE approach, which incorporates lateral movement protection and converges the sometimes separately managed disciplines of identity and network security to reduce the potential for this type of attack to cause broader harm

A SASE strategy can provide several advantages for manufacturers. These benefits translate to increased operational resilience and a more consistent security posture, crucial for safeguarding vital industrial processes and data:

• Centralised control and asset management – IT and security professionals can view deployed IoT devices and worldwide networks from a single dashboard. Effective risk assessment and event response depend on this visibility 
• Decreased attack surface – SASE reduces the attack surface by implementing stringent access rules and authenticating each device and user using a zero trust network access (ZTNA) module 
• Identity and network security convergence – SASE treats identity as the new perimeter by combining network security capabilities. Guaranteeing that only authorised and authenticated entities can access network resources fortifies defences
• Protection against lateral movement – SASE architectures protect internal network traffic, much like a building’s security system controls movement between areas. If a threat gets in, it is contained and prevented from spreading, just as a security system restricts access to different building sections
• Lower maintenance – SASE eliminates the need for a traditional network backbone by relying on cloud-delivered networking and security services, which lowers maintenance requirements and the administrative overhead

SASE provides numerous benefits, but as with any architecture, the implementation can be done well or poorly. A well planned and executed implementation will avoid operational disruptions, unexpected costs and even unforeseen security exposures.

Detailed planning, design and implementation are critical to success. S&W can help you understand your current situation, design your future architecture, develop an effective and practical migration plan, and implement it.

Continuous and consistent management ensures continued protection through IoT security and performance measures that must be actively monitored. S&W can assist with ongoing management of the in-scope environments, or perform a stand-back assurance and optimisation role.

Our cyber and digital team also provides a range of other services to support a SASE framework: 

• Executive sponsorship to socialise the SASE initiative and ensure it is supported from the top down, which is often necessary to ensure commitment and the allocation of budget and organisational resources
• Strategic alignment to develop and embrace a SASE strategy aligned with your zero trust strategy and overall enterprise architecture and business goals. We work together to ensure a holistic approach to assimilating SASE into your broader security and IT frameworks
• Operational model design, keeping in mind that security and IT teams implement the SASE together. To support and ensure smooth operations, clear roles and duties must be defined
• Process development for dependable deployment and management, ensuring that all operational staff, such as service providers and helpdesk assistance, have the right tools and training for maintenance and troubleshooting
• Phased implementation to minimise downtime and impacts on productivity, with each incremental step tested carefully to achieve minimum disruption and maximum resilience. With gradual changes in implementation, early identification and rectification of problems can be ensured for a smooth transition

Industrial IoT is the future of manufacturing, but the associated cybersecurity risks can only be fully mitigated through comprehensive, proactive measures. These include secure and robust security protocols, use of the latest firmware, application of patches, device configurations, network segmentation, traffic monitoring and continuous staff and user training.

The SASE architecture can play a critical role in enabling and reinforcing these measures, bolstering security and bringing a host of other benefits: flexibility, consistent security policies, compensating controls, and integrated networking and security. All these can provide much better protection for manufacturers ¬and enable them to harness the full promise of the Industrial Internet of Things.