Tom GilheanyThe Industrial Internet of Things (IIoT) represents both a challenge and an opportunity. It’s a challenge due to its complex nature. It’s also an opportunity , to create new business efficiencies, reduce costs and achieve successful business outcomes. In order for business leaders to capitalize on the benefits of the IIoT, eliminating security obstacles and keeping networks secure is more important than ever. Education and training is one of the best ways to mitigate this risk.
The IIoT Security Challenge
The IIoT presents security challenges at a scale never before seen. These challenges become more apparent with basic knowledge of the IIoT. The IIoT leverages the power of Internet Protocol (IP) networking to connect industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems with enterprise business logistics. In layman’s terms, the IIoT is a wired or wireless network of physical objects, systems, platforms and applications. Inside all of these components is technology that enables each one to interact with the others, pick up intelligence about the external environment and share it with people.
The IIoT is comprised of a multitude of device types: sensors and controls, and mobile devices such as smart phones or tablets, similar to the consumer-focused IoT. Underlying these devices is software performing a wide range of functions. But where the IIoT really moves in to security overdrive, is in all of the machines that either already are connected or could be.
This includes, but is not limited to, car and truck engines, wind turbines and cargo shipping containers. Robots. Additive (3D) printers. Oil and gas drills. Combine harvesters. Assembly line conveyors. Steam pressure valves. Solar inverters.
The vast size, diversity and complexity of the IIoT, in addition to the critical nature of many of its connected machines, calls for a new breed of cybersecurity professionals. How do you keep all of these networked things safe from hackers? Every component and every connection is a potential vulnerability.
Manufacturing executives are eager to connect their business systems to more quickly take advantage of new capabilities. In the rush, many are doing so without a security background. Or without fully understanding the security implications of how new, connected devices and sensors affect the overall security of the organization or factory where they’re being installed. It’s a precarious situation — an overlooked or unforeseen security glitch in newly connected equipment can potentially shut down a whole factory.
New Skills for a New Era
Today’s connected industrial environment enables highly autonomous assembly lines. The production line can automatically reconfigure and optimize itself and produce, at scale, customized products in custom-sized batches, with full tracking and connectivity to sales and ordering systems, Enterprise Resource Planning (ERP) systems, Work-in-Process (WIP) inventory, supply-chain systems and delivery and order-tracking systems. Machines that use robotic vision and artificial intelligence can execute intricate processes. Throw in collaborative robots, or “cobots,” that work alongside human beings.
A complex, connected network of this type necessitates not only multiple skill sets but a breadth of skills across silos and specializations. The result is a whole new category of technology professionals. They understand the interconnectedness of IT and OT. They recognize that the IIoT is really about digitizing business processes far more than it is about digitizing things or their connections. Engineers, network specialists, application developers, data architects, user interface designers and business people must talk to and understand each other’s role for the IIoT to work.
IT and OT professionals must know IIoT standards along with machine protocols to secure the IIoT. It’s also important that they know how to manage existing control systems, which weren’t originally designed to be connected to enterprise networks but are now in the connected factory.
General cybersecurity skills are a necessity, as well. Among these are the ability to:
- Detect data breaches, intrusions or leaks quickly, preferably as they happen.
- Stop incidents and repair any damage to network or system integrity.
- Develop secure software to prevent future cyber threats.
- Find, measure and reduce cybersecurity risks to system availability, integrity and confidentiality. This may include applying security patches to equipment, as well as using other security controls on equipment that cannot be directly patched against an identified vulnerability.
- Analyze networks and systems for potential vulnerabilities.
In order to make the most of the IIoT, it’s imperative to secure talent with hands-on training in the right IIoT security skills and professional certifications to demonstrate validity of those skills.
Strengthening the IIoT Bench
The IIoT represents great change and great opportunity. However, many manufacturers are not sure how to identify which skill sets or certifications their employees need. As a result, almost one-third of major global corporations reported they face an IIoT skills gap. Over half of these organizations also said they need new technical skills. Forty one percent indicated better data integration and analytics capabilities were needed, and thirty three percent highlighted the ability to rethink business models.
To make up for the IIoT security talent shortfall and to capitalize on the benefits of the IIoT, it’s imperative that industrial organizations create a talent development and acquisition plan that keeps employees’ skills updated as technology and processes continue to change. By enabling employees with the training and certifications they need, organizations are best positioned to remove security obstacles in their connected industrial environment and achieve desired business outcomes.
Tom Gilheany is the portfolio manager of security training and certifications within Cisco Services.
