With millions of dollars to be saved through the reduction, or elimination of downtime, and enhanced productivity, entire industries are rethinking their approach to business in order to take advantage.
But the IIoT — as with any technology — isn’t a one-way street. As enterprises make more and more of their infrastructure and machinery smart and connected, the risk that these new systems could be compromised by cyber attack rises. A wide and deep cyber attack can have a crippling effect on a company’s operations, and can cost billions.
For a stark illustration of this reality, we don’t need to look further back than the summer of 2017, when the Russian-launched NotPetya virus sent two of the largest shipping and pharmaceutical companies into a technological free-fall. The global damage estimate: $10 billion. One year later, the affected companies are still dealing with the aftermath of the attack.
NotPetya was not a worst-case scenario, but there are lessons to be learned from this devastating event — especially in the world of the IIoT. Schneider Electric, a global manufacturer of electrical, and industrial automation and control products, notes that there are three critical factors to IIoT cyber protection.
1. The first step is to realize that any connected system represents a possible point of entry for attack. Effectively configured and managed firewalls are a must, but these only prevent outsiders from penetrating a corporate network. There are still other ways for malicious code to enter an enterprise’s systems, as NotPetya showed.
2. The second step is ensuring that all equipment with compute capability has been designed with security in mind. Schneider Electric takes a Secure Development Life Cycle (SDL) approach to its EcoStruxure IIoT platform and products. The process involves threat modeling, regular code reviews, and security testing, all aimed at hardening IoT products and software against cyber attacks.
“At the device level, we are developing secure end-point capabilities at the level of the silicon or the software,” Cyril Perducat, Schneider Electric’s head of IoT, recently told HotTopics.
3. Since no technological solution can be foolproof in an environment where people are a part of the process, the third — and arguably the most important step — is developing a cybersecurity-aware process culture within the enterprise. Every employee needs to be educated on the risks, and what they can do to reduce the chances of a cyber attack gaining a foothold in the first place.