Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What you need for IoT security (Part 2): Security in the manufacturing and operation process

Manoj Kumar Rai, Head of M2M Solutions, South Asia & Japan, Gemalto | July 11, 2016
This is the second article on IoT security, dealing with security of the manufacturing and operation process.

With increased proliferation of IoT and information exchanging hands more than ever across geographical locations, manufacturers are now responsible for data during the entire lifecycle of the product. A single vulnerable point in the supply chain can lead to the failure of the entire ecosystem, creating chaos and disruptions ranging from personal losses to massive breakdown of critical commercial infrastructures or public services. This is a paradigm shift as manufacturers now need to not only assess and secure their own processes in the already complex supply chain, but also ensure that third-parties and partners comply with the comprehensive security guidelines.

Designing in security in the whole manufacturing process is a must for manufacturing companies.  There are several challenges in securing manufacturing processes and systems, given the scale and complexity of the modern manufacturing industry.  Reality is that the complexity will continue to increase and unless companies can effective manage the security of the manufacturing process, business continuity will be at risk.

Manufactures also need to plan for efficient operation and maintenance of the deployed IoT devices. As witnessed in the computer software industry, hackers manage to find new vulnerabilities and attack vectors.  Since it is impossible to tell what can happen in the future, it is essential to design products that can be securely and efficiently be maintained and upgraded after deployment.

Maintaining an information security is a constant ongoing task similar to the practice of continuous improvement process deployed in the manufacturing industry.  The difference is that the metrics for the improvement and the tools to ensure each security element is much different from traditional manufacturing.    Continuous and proactive security system improvement can only be achieved through the establishment of an ISMS (Information Security Management System) in the enterprise and implementing improvements through the PDCA cycle.

Going in depth into this topic is not the purpose of this article series and thus, in summary, will map the various security concepts and technologies that assure the six elements of IT security below.

 

  1. Confidentiality: authentication and verification, access control, authorisation, encryption
  2. Integrity: authentication and verification, access control, authorisation, digital signatures, hash values
  3. Availability: authentication and verification, redundancy, backup
  4. Accountability: authentication and verification, authorisation, audit logging
  5. Authenticity: trust anchor, authentication and verification, digital signature,
  6.  Reliability: trust anchor, mutual authentication and verification

 

Lastly, IT security education and security practice is a must for all employees and partners.  Even with complete and technically secure IT security implementations, security can be compromised through the weakest link; the people who are also a part of the whole system.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.