IoT has truly hit the consumer sphere, and it’s not unreasonable to expect that plants and industrial automation as a whole will soon be incorporating elements of the consumer IoT in the form of camera, motion sensors, thermostats, and more. Whether industrial or consumer grade, it’s rapidly becoming an expectation that the devices we use will be connected to the internet, and that the data they collect will make them more helpful to us.
According to the Consumer Technology Association, electronics and tech gadgets now account for more than 73 percent of holiday gift spending in the United States each year. 170 million people are expected to buy presents this year that contribute to the IoT. Gartner predicts these networks will include over 50 billion devices worldwide by 2020. Whether or not the devices used in the home will migrate to the factory floor, operators of plant machines will expect the same kind of intelligence in what they do have available to them. It will be up to machine developers to supply this demand.
This is all well and good, but how do we secure it?
IoT connected devices are expanding, but there seems to be a marked lack of interest in developing security measures to go with them. A recent National Cyber Security Alliance and ESET report tells us that only half of those they surveyed declined to purchase an IoT device due to security risks. Over half admitted to owning up to three that connect to home routers, not even counting smartphones, computers, and tables. 22 percent owned more connected devices. The most concerning statistic is that almost half admitted that they had either not changed their router passwords, or didn’t know if they had. The passwords on the devices themselves were also problematic. Most had not been changed from the default, or were difficult to change.
This is something the automation industry should take note of before it’s too late. Consumer devices are not the only ones that arrive with default passwords or difficult-to-configure security. And with IT and control systems engineers often at odds with one another, there are occasionally challenges in developing a system that’s as secure as it can be.
So how do you make the IIoT more secure?
Obviously there’s no magic bullet for IIot security, but you should certainly make use of the tools you have. Often your SCADA or HMI software will come equipped with security features like username and password authentication for access to the network. Machines can access internet connections over secure thin clients, and web HMI interfaces for intelligent embedded systems can and should require unique credentials for users, with unique, complex passwords that change often.
Never neglect password settings on intelligent devices. Change default passwords, and insist on devices that allow passwords to be changed. Also be aware that some manufacturers leave backdoors into their hardware for service and maintenance. Be sure that you either close these, or at least are aware of them.