Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if companies hope to make the most of this technology.
The White House’s 2024 cybersecurity report named critical infrastructure risks and supply chain exploits as two of the top threats facing the U.S. today. Notably, IIoT systems play a key role in both categories. Heavy industries must become aware of and adapt to these risks to remain secure in the future.
Understanding IIoT Security Threats
The first step in addressing IIoT cybersecurity threats is understanding them. While any endpoint is a potential target for a cybercriminal, IIoT solutions involve some unique risks.
Most notably, many of these devices have minimal built-in protections. Those with stronger security settings often rely on proper action from end users, but 91% of manufacturing organizations report cybersecurity skills gaps. Consequently, companies may not be familiar with best practices, leading them to overlook defenses they could otherwise implement.
The IIoT’s rapid growth can further complicate industrial security. A skyrocketing number of endpoints leaves facilities with increasingly complex environments, making it harder to maintain network visibility. As a result, it’s easier for threats to slip through unnoticed.
Finally, IIoT solutions open their users to a much wider attack surface. That entails internal risks from hosting more endpoints and third-party threats from hardware and software supply chains. Even if a manufacturer practices good cyber hygiene, the same may not be true of the companies producing the IIoT devices or software it uses. As many as 29% of all data breaches stem from third-party attack vectors, so this is a pressing concern.
How to Defend Against IIoT Security Threats
These threats emphasize the need for IIoT vulnerability management. While this is not a conclusive list, here are some essential steps organizations can take to improve their IIoT cybersecurity posture.
Vet All IIoT Vendors Before Purchase
Manufacturers can address third-party IIoT security threats by ensuring suppliers are trustworthy before buying from them. That includes both hardware and software vendors.
Businesses should only partner with IIoT providers that meet high cybersecurity standards. Certifications and government seals like the upcoming Cyber Trust Mark can offer such assurance. Other due diligence measures, such as verified customer reviews and third-party audits can also indicate an organization’s security stance.
Organizations should also look for a few key protective features in their IIoT devices. End-to-end encryption, update verification protocols, and multifactor authentication (MFA) are all necessary. Without these defenses, an IIoT solution will be too vulnerable to use safely.
Adjust Device Settings
After sourcing secure devices, businesses must change the default settings. One survey found that 51% of smart factories say their cyberthreats come primarily from vendors, such as those providing IIoT devices, which are infamous for insecure default settings. Cybersecurity features are also only useful if users take advantage of them properly — password protection does little to stop attackers if manufacturers don’t change these codes.
Setting up strong, unique passwords and enabling MFA on each endpoint is a good first step. Companies should also use an advanced encryption method, ensuring every part of their IIoT network supports the same standard. Turning on automatic updates is likewise essential, as outdated software quickly becomes a vulnerability.
In some cases, what manufacturers deactivate is just as important as what they enable. In general, unneeded features should be left off. Automatic connection to other devices on the network is a common one that’s best to avoid, as it opens the door to easier lateral movement.
Segment Networks
Businesses can prevent lateral movement by segmenting their networks. While IIoT solutions must connect to one another to deliver value, unnecessary connections may turn IIoT endpoints into gateways to other, more sensitive targets.
The best way to segment networks is to create an entirely new channel to host IIoT devices. Manufacturers using 5G to support their IIoT solutions may think they can achieve the same through 5G’s network slicing capabilities, but this is untrue. Government researchers stress that network slicing is not a reliable security measure, so it cannot stand in for actual segmentation.
Organizations can segment user permissions, too. Applying the principle of least privilege so that people can only access what they need is an important step. While it may restrict some process efficiency, it prevents a breached account from affecting the entire system.
Ensure Sufficient EMI Shielding
Physical risks are another key part of IIoT vulnerability management. IIoT systems must be able to work amid high levels of electromagnetic interference (EMI), given their device-dense operating environments. Susceptibility to EMI could compromise a mission-critical device or open it to larger attacks.
Some devices include electromagnetic noise shielding against up to 120 decibels, but in other cases, end users will need to provide their own EMI shielding. Faraday cages are an easy way to isolate endpoints from EMI, but foam inserts and similar protections can achieve similar results in a smaller package.
Anti-EMI requirements will vary between use cases. Organizations can determine what level of shielding they need by performing a third-party audit or measuring internal EMI levels.
Implement Automated Network Monitoring
Even with these other protections, attacks can still slip through the cracks. Consequently, no IIoT vulnerability management solution is complete without a reliable response strategy.
Automation is an important step. Automated network monitoring can detect and contain potential breaches in real time. This responsiveness is particularly important for IIoT networks, which may be more susceptible to botnet attacks. Manual monitoring can theoretically do the same, but IT skills shortages and the sheer scale of IIoT networks make it impractical.
Network activity will be easier to track when organizations have a detailed and updated asset inventory. Automated network discovery tools can help by streamlining the process of compiling such a list.
Employ Threat Hunting
Because IIoT solutions are experiencing increasing attacks and have such severe consequences, proactive security is also necessary. It’s not enough to rest on existing defenses. Businesses must also actively search for new threats to ensure their protections are up to date.
Continuous monitoring and a formal threat workflow will help. Such strategies enable teams to discover and address vulnerabilities before a cybercriminal takes advantage of them. Regular penetration testing will likewise help by keeping end users ahead of shifting cybercrime trends.
Prioritizing business-specific threats is vital during this process, as it’s impossible to ensure protection against every possibility. Risk-based vulnerability management is more effective than alternatives because it focuses resources on what poses the likeliest or most severe threat to the organization.
IIoT Vulnerability Management Is Essential
IIoT security will only become more important as critical infrastructure sectors embrace connectivity. Businesses relying on the technology must pay greater attention to their vulnerability management amid this trend.
Implementing these steps is critical as companies look to remain operational and safe in the future. While best practices and specific measures may evolve, starting here will give organizations a solid baseline to improve their IIoT defenses.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
