Internet of Things

IoT under attack

Industrial device security is a catastrophe waiting to happen. It’s time to start securing the forgotten silicon gubbins embedded in critical industrial systems, says Jason Walsh
Image: Shutterstock via Dennis

20 July 2022

The promise of the Internet of Things (IoT), at least insofar as it relates to consumer devices, is lost on me. Frankly, the only thing I want chips with is a nice steak. Sales of smart watches, smart doorbells, smart fridges, smart televisions, and presumably smart oven gloves suggest that I am in the minority, however, with connectivity being added to every conceivable device. 

Naturally, investors are salivating at the thought of gorging on the unending and predictable profits that can be wrung out of widespread subscriptions to consumer items hitherto purchased on a once-off basis. Quite why so many consumers are excited at the prospect of connecting their coffee machine to their phone, via their wallet, remains shrouded in mystery. The prospect of my umbrella stand bricking itself if I don’t keep up payments is, frankly, just too much to bear.

The Industrial Internet of Things (IiOT), though, has obvious benefits: adding tedious things like sensors, CPUs and wireless radios to manufacturing lines and logistics chains can, and already is, driving massive increases in efficiency and output. While I remain sceptical about the value of adding computation to every random thing ever fashioned by human hands, for many industries predictive maintenance alone is worth the price of entry.




There is one small snag, though: many IIoT devices are about as secure as a window through which a brick has recently been hurled.

A report commissioned by Barracuda Networks entitled The state of industrial security in 2022 found that, of 800 respondents, 94% had experienced some form of attack on their IIoT or operational technology systems in the last 12 months.

Now, obviously a report from a company selling cyber security services that says more cyber security is needed should be taken with a cellar of salt, but not only is the figure significantly high enough to warrant further investigation, the fact is that it is intuitively obvious that IIoT systems are vulnerable. Many have relatively low processing power, all of them are deeply unsexy, and we tend to think of them, if we think of them at all, more as widgets than actual IT.

Cyber security has, rightly, risen to the top of corporate agenas, but while time and money is spent on the network of computers, phones and tablets, scant attention has been paid to securing the increasing number of connected embedded devices. Notably, healthcare was identified as the least prepared industry, with just 17% of respondents in the sector reporting that they had the ability to complete security projects. Doubtlessly, healthcare IT staff have had a rough time in the last two and half years, but this should mean that the argument for greater investment is an easier one to make.

Whether in healthcare, manufacturing or logistics, one thing that we might all spend a little more time pondering is that while IIoT and other edge and embedded devices certainly are IT, they are also an interface with the material world of people, goods and equipment. That fact alone should be enough to encourage us to take security a little more seriously.

Read More:

Comments are closed.

Back to Top ↑