- Arthur C. Clarke
Network connectivity has fundamentally changed the world as we know it. In the last four decades, connected computing has fueled a global economy centered around the internet and internet-based applications, and most notably the World Wide Web. It has redefined human communications and our experiences with shopping, banking, and travel. However, when this same connectivity concept extends beyond the human boundaries to otherwise dumb devices and machines, the value latent in these machine data creates unprecedented opportunities, much of which we are probably only anticipating at this point and are yet to harness completely.
The present era of smart connected machines has ushered new markets with enormous growth potential, especially with almost every industrial company being under pressure to exploit the benefits of digital intelligence. In the last five years, most industrial verticals, notably manufacturing, transportation, retail, and healthcare, have begun to embrace connected technologies at scale. These technologies collectively is known as the Industrial Internet of Things (IIoT).
Securing IIoT deployments against cyber threats, however, remains a major challenge. The consequences of an IIoT security breach are much more severe than compromises of traditional IT deployments. In the case of a hack in IIoT systems, in addition to the usual IT-based fallouts such as reputation damage and financial loss, there could be loss of life and/or environmental damage. Since IIoT systems interact with the physical environment, the security paradigms of e-commerce and IT infrastructures significantly differ in the cyber-physical domains in terms of attack vectors, threat actors, and impact.
Nevertheless, while cyber-insecurity is the undeniable flip-side of connectivity, security-by-obscurity is no longer an option. The benefits of industrial data and cloud connectivity offer enormous advantages that cannot be ignored. Industries will embrace these new technologies and must therefore balance them with adequate safety and security controls.
For any connected industry use case, security is a business and moral imperative. Much research, innovation, and investment are being directed world-wide to secure connected industries. This book combines these developments to provide a comprehensive understanding of IIoT security, and will equip the reader with practical know-how and tools to tackle both its technical and business aspects. Readers will find the important concepts and techniques needed to plan, design, and build resilient IIoT systems and can benefit from the experiences of IIoT security experts on these topics.
In this chapter, we shall establish a solid foundation by discussing the following topics:
- Defining the Industrial IoT
- Industrial IoT security – a business imperative
- Cybersecurity versus cyber-physical IoT security
- Industrial "things," connectivity, and operational technologies (OT)
- IT and OT convergence – what it really means
- Industrial IoT deployment architecture
- Divergence in IT and OT security fundamentals
- Industrial threats, vulnerabilities, and risk factors
- Evolution of cyber-physical attacks
- Industrial IoT use cases – examining their cyber risk gap