Security on the IoT: A continuous process from the start

• In 2016, according to Gartner, 43 percent of companies will either use the Internet of Things or be in the process of implementing an IoT solution<br /> • According to a DZ Bank study, companies will benefit from a 12-percent productivity boost by connecting and automating their processes by 2025<br /> • However, according to the VDE, seven out of 10 industry decision-makers have security misgivings

The security of industrial control systems is a key precondition for companies to jump on the bandwagon of the industrial Internet of Things. If machines are to communicate with each other by an automated process across systems, sites, and even companies, the systems that communication partners use must become significantly more open. Forestalling hacker attacks, industrial espionage, and the like in this context will require a comprehensive security concept that must, above all, be developed continuously.

Highly innovative hackers
Cybercriminals are highly innovative in constantly developing new methods of attack. They program malware, for example, to penetrate ever deeper into corporate administrative and user systems. That leads to theft of trade secrets, production downtimes, and physical damage to production plants and equipment – up to and including falsified sensor data that misleads control systems and thereby reduces the quality of the end product.

Employees as a security hazard
Although there is no such thing as absolute IT security, effective safeguards do exist against all types of threats, including sealed-off systems, restricted access rights, encryption techniques, and especially secure ICT components.
Another crucial factor is the security-consciousness of employees. Weak passwords, operating errors, or even simple credulity make life difficult for system administrators. Setting up guidelines and strictly adhering to them plays an important role in countering threats, especially those posed by social engineering.

Identifying vulnerabilities
Only a comprehensive risk analysis that covers not just a company itself, but also its customers, suppliers, and partners, can effectively identify all potential vulnerabilities.
Before investing in hardware and software for production plants, equipment, systems, and network components, have you checked that the manufacturer has integrated security components into the product (security by design)? The same question also needs to be asked with respect to connectivity and cloud services. Deutsche Telekom, for instance, has the extremely high security level of its products and services tested and certified regularly.

In-depth defense strategy
Once the risks and loopholes have been identified, companies can develop a comprehensive security concept. A Defense in Depth strategy could be a good choice in this regard. It involves dividing the IT architecture into different layers and equipping each of them with adequate security measures. The idea is that if a hacker gains access to the system, he will immediately face the next closed door.

Risks and challenges

  • A large number of complex active and passive components
  • Cyberattacks on the operational security of plants and equipment
  • Partially open networks and systems for customers, suppliers, and partners
  • The human factor: misconduct and credulity
  • Manipulation of cloud components

Effective countermeasures

  • Sealing off systems
  • Restricting access rights
  • Hardening ICT components by means of dedicated software
  • Using encryption techniques
  • Making employees more security-conscious

 

Source of all numbers and figures:
Deutsche Telekom AG: Security on the industrial Internet of Things – download here:
https://www.telekom.com/media/enterprise-solutions/310380

Author: Editorial Team
0 Comments, be the first to leave a reply Write a comment

Leave a comment

Your e-mail address will not be published. Required fields are marked *

Narrowband IoT Whitepaper

Narrowband IoT opens up the Internet of Things for large-scale use. Find out why.

Download now

Read more:

Stay up to date with our recent blog articles

Which symbol does not fit?

Uups, something went wrong.

Schließen
Terms and conditions

The data provided by me can be used by Deutsche Telekom AG for general customer consultation, requirements-orientated design of the services I use, advertising and market research. Transferring this data for these purposes within the scope of my consent is to be done so solely within Deutsche Telekom AG. The use of my data for the above-listed purposes cannot be done so if I withdraw my consent. Withdrawing consent can be done so either in writing or electronically, e.g., via Email, at any time.