Security on the IoT: A continuous process from the start

• In 2016, according to Gartner, 43 percent of companies will either use the Internet of Things or be in the process of implementing an IoT solution<br /> • According to a DZ Bank study, companies will benefit from a 12-percent productivity boost by connecting and automating their processes by 2025<br /> • However, according to the VDE, seven out of 10 industry decision-makers have security misgivings

The security of industrial control systems is a key precondition for companies to jump on the bandwagon of the industrial Internet of Things. If machines are to communicate with each other by an automated process across systems, sites, and even companies, the systems that communication partners use must become significantly more open. Forestalling hacker attacks, industrial espionage, and the like in this context will require a comprehensive security concept that must, above all, be developed continuously.

Highly innovative hackers
Cybercriminals are highly innovative in constantly developing new methods of attack. They program malware, for example, to penetrate ever deeper into corporate administrative and user systems. That leads to theft of trade secrets, production downtimes, and physical damage to production plants and equipment – up to and including falsified sensor data that misleads control systems and thereby reduces the quality of the end product.

Employees as a security hazard
Although there is no such thing as absolute IT security, effective safeguards do exist against all types of threats, including sealed-off systems, restricted access rights, encryption techniques, and especially secure ICT components.
Another crucial factor is the security-consciousness of employees. Weak passwords, operating errors, or even simple credulity make life difficult for system administrators. Setting up guidelines and strictly adhering to them plays an important role in countering threats, especially those posed by social engineering.

Identifying vulnerabilities
Only a comprehensive risk analysis that covers not just a company itself, but also its customers, suppliers, and partners, can effectively identify all potential vulnerabilities.
Before investing in hardware and software for production plants, equipment, systems, and network components, have you checked that the manufacturer has integrated security components into the product (security by design)? The same question also needs to be asked with respect to connectivity and cloud services. Deutsche Telekom, for instance, has the extremely high security level of its products and services tested and certified regularly.

In-depth defense strategy
Once the risks and loopholes have been identified, companies can develop a comprehensive security concept. A Defense in Depth strategy could be a good choice in this regard. It involves dividing the IT architecture into different layers and equipping each of them with adequate security measures. The idea is that if a hacker gains access to the system, he will immediately face the next closed door.

Risks and challenges

• A large number of complex active and passive components
• Cyberattacks on the operational security of plants and equipment
• Partially open networks and systems for customers, suppliers, and partners
• The human factor: misconduct and credulity
• Manipulation of cloud components

Effective countermeasures

• Sealing off systems
• Restricting access rights
• Hardening ICT components by means of dedicated software
• Using encryption techniques
• Making employees more security-conscious

Source of all numbers and figures:
Deutsche Telekom AG: Security on the industrial Internet of Things – download here:
https://www.telekom.com/media/enterprise-solutions/310380