Digital connectivity of industrial machinery and equipment (or any physical asset) with advanced IT platforms is a unique advancement that opens up unprecedented social and economic opportunities. This convergence of the physical and cyber worlds at an industrial scale translates to managing operations thousands of miles away, preventing critical machine failures through proactive detection and remediation, digitally tracking the supply chain, providing elderly care remotely, and many similar use cases.
The use cases are promising, no doubt. However, cyber threats are the bane of ubiquitous connectivity, and currently it is a major deterrent to IIoT adoption.
At the Industry of Things 2017, 62% of industrial participants cited cybersecurity and data privacy as their concern in regards to adopting IoT. The lack of standards for interoperability and interconnectivity comes next at 39% (IOT-WLD).
In traditional industrial settings, obscurity has ensured security. Air-gapping has been a prevalent security strategy for protecting sensitive industrial systems. By definition, an air- gapped system is not connected to any external network or system. Air-gapping as a strategy seems questionable in a digital era where assets are never fully immune to intrusion.
Connecting enterprise systems to boost productivity and efficiency came at a price. The Equifax cybersecurity breach in August 2017 reportedly exposed the identity of several million users, and this is just one of many instances of DDoS attacks, ransomware, fraudulent transactions, and even meddling with national administration and governance.
While the impact of enterprise cybercrimes has been mainly limited to loss in finances, brand reputation, and privacy, the impact of a security breach for mission critical assets is feared to be much more severe. For example, a breach in an airline database can expose confidential passenger records and personal data. However, by compromising an aircraft's flight control system, highly sensitive aviation data can be manipulated in real time; for example, the navigation dashboard could display the plane as traveling at a higher altitude than it actually is. A breach in an airline database is serious enough; however, loss of altitude (and safety) could have much worse consequences (WLT-ICS). A cybersecurity intrusion in a connected nuclear facility, manufacturing plant, smart energy grid, or connected hospital environment could cause massive damage in infrastructure and cost human lives.
That's why security is such an important criteria in every IIoT use case. In any IIoT deployment, security can neither be considered in isolation, nor can it be an afterthought. Processes, people, and things—the three components of any IIoT architecture—dictate its safety and security requirements. IIoT security encompasses the full solution life cycle, and this book provides security guidance across most of it. Awareness and proper cognizance of the unique security characteristics of connected industries, risk evaluation, mitigation across a product's life cycle, and "security by design" principles are central to any successful IIoT business strategy. Otherwise, costly security compromises could far outweigh the social and economic promises of IIoT.