Keynote: How to Protect Your Business and IP in the Age of IoT

Exalens CTO, Dr. Ryan Heartfield gave a keynote presentation at this years' Smart Factory Expo for the Manufacturing & Engineering Week in Birmingham. He explored the topic of cybersecurity and resilience across cyber-physical systems and the Internet of Things (IoT). If you didn't get a chance to attend then here is a brief overview:

Highlights from Keynote

IoT is a defining trend of our time, extending its impact to businesses, consumers, and industrial processes. The rise of the Industrial Internet of Things (IIoT) in particular has seen increased connectivity between Information Technology (IT) and Operational Technology (OT), from production systems to cloud solutions. However, this increasing interconnectivity comes with a considerable downside - it heightens cybersecurity risks.

Understanding the Risks

Manufacturing has emerged as the prime target of cybercrime over the past two years, with 99% of attacks taking the form of ransomware. OT systems, now deeply integrated into production processes and often communicating with external cloud solutions, are primary points of vulnerability. Industrial IoT devices controlling these OT systems pose another risk due to their remote access capabilities.

The unfortunate reality is that cybercriminals target everyone - no business is "too small". And if you've performed a HAZOP for OT processes, you're already aware of the potential risks. Cybersecurity isn't just about protecting data; it's about ensuring the smooth operation of physical processes and the machines carrying them out.

Preparing for Cybersecurity Threats

Preparation is key in managing cybersecurity threats, extending beyond mere detection and analysis to containment, eradication, recovery, and post-incident activities. Entry points into your business and production processes need to be understood, along with different service connectivity. Profiling devices and understanding their roles in business and production processes are essential steps.

A basic incident response plan is vital, as is a thorough understanding of the known risks and how they affect your business. A 'cyber risk profile' must start with these 'known knowns'.

Managing Cyber Risk: Do's and Don'ts

Don't fall into the trap of believing in a one-size-fits-all, shiny cybersecurity product. More often than not, these are not the silver bullet solutions they are marketed as. In contrast, carrying out risk assessments and threat modeling can provide a deeper understanding of potential vulnerabilities. If you're unsure how to do this, seek expert help.

The Importance of a Cybersecurity Framework

The absence of a dedicated template for the industrial and automation sector makes a robust cybersecurity framework critical. Existing security frameworks like Purdue/ISA99, IEC 62443, and NIST 800 82r2 provide a great starting point, focusing on the insecure-by-design nature of industrial systems that make them particularly vulnerable.

To prioritize your protective measures, understand what you are trying to protect and identify gaps in your protection. Remember, cybercriminals often recycle the same tactics, so learning from past incidents and trends is crucial.

Concluding Thoughts

The road to securely enabling smart factories is a journey. There's a lot to learn about managing cyber risks, and preventative controls, while important, cannot stop all faults or attacks. As we progress further into the age of IoT, understanding and preparing for these cybersecurity risks will become an essential part of any business strategy.

‍