Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What you need for IoT security (Part 2): Security in the manufacturing and operation process

Manoj Kumar Rai, Head of M2M Solutions, South Asia & Japan, Gemalto | July 11, 2016
This is the second article on IoT security, dealing with security of the manufacturing and operation process.

Outsourced model of manufacturing is likely to stay as it allows companies to remain competitive on a global scale. The biggest mistake many manufacturing companies make is that they think of security as an aftermath. Also, a lot of manufacturing processes were set up a long time ago and have legacy systems that now interface with external gateways, without proper security in place. As more and more devices get connected in this ever-evolving breach landscape, a holistic and multi-layered approach to security can no longer be an afterthought.  As witnessed by the various incidents presented in the previous article, once IoT devices are deployed, it will cost much more or may be impossible to fix the problem at a later date.  Companies need to proactively strengthen their IT security management systems.

To secure the manufacturing process, there are many security measures that need to be addressed for all IT infrastructure, sensitive data and entities that access the data whether the entity be an employee, a partner, a device or a service.  The goal is to ensure that trust can be achieved in the whole manufacturing process, which will involve encryption, authentication, and ensuring the integrity and authenticity of every operation, items and entities involved in the manufacturing process.

In order to safeguard our assets and data, companies should perform thorough risk analysis and security evaluation from top down, keeping in mind each element across the entire manufacturing ecosystem. They must proactively design a security architecture that protects the right elements at the right level, not only securing the data on a device, but all the way through its transit across multiple diverse networks. Since IoT devices and applications tend to have a long lifespan, even extending to 10 - 20 years in the field, failure to anticipate threats or be able to evolve, can prove costly for all. Mass IoT adoption will happen only if consumers can trust that their connected devices and privacy of confidential information is maintained.

In addition, manufactures need to realise that IoT devices will be attacked when deployed.  For devices that are always connected to the Internet, the attack may come from anywhere in the world.  Even for devices that are in-directly connected (e.g. USB thumb drive), it can become a carrier of malware that infects the host.  Many of the vulnerabilities highlighted in the previous article could have been found and corrected through a simple security vulnerability test while the product was in development.  Manufacturers need to realise that all devices that run any software has the potential for vulnerabilities that can be exploited.  This may be overlooked for systems designed initially to run in private dedicated networks.  Reality is that ultimately any system may be connected to the Internet directly or indirectly as witnessed by the blackout caused by malware.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.