IT Security Management and Industry 4.0
Posted by Infinium Infinium on October 11th, 2018 in Blog, Industry 4.1, Internet of Things, Security Management
It’s more apparent than ever that a high level of data sharing in an Industry 4.0 ecosystem will put a tremendous amount of strain on current risk management and data security models. Data sharing among devices− including sensors, microcontrollers, devices with RFID tags, tablets, computers, etc.− along with greater interconnectedness across the enterprise, will continue to drive expansion Industry 4.0 and the Internet of Things (IoT). In fact, many predict IoT will exceed 28 billion devices by 2021 (Source: Ericsson). These ‘smart devices’ enabled by IoT will help drive automation as well as smarter decision making because corporate leaders will have more relevant and real-time data available based on information gathered through these connected machines.
To leverage these Industry 4.0 datasets effectively, enterprises need to refocus efforts on improving operational security and strengthening protection across the value chain. Data transfers that rely on a multi-layered approach to connectivity and security will be more prepared to protect communications coming to-and-from devices, as well as accessing the internet, and device-to-device data syncing. Organizations looking to gain a competitive advantage from Industry 4.0 and IoT should keep these IT security considerations in mind.
- Get to know CoAP (Constrained Application Layer Protocol)- With diverse cross-platform deployments and cloud systems connecting in real-time, new communication protocols are needed to let these device sensors communicate. CoAP has emerged as a leading software protocol that is ideal for efficient data exchange of low-power, low-memory devices. CoAP is one piece that will help build out the security framework required to keep pace with the application requirements of Industry 4.0.
- Multi-factor authentication will maintain user access and high device usability- For those in manufacturing or in the industrial environment, security may not have traditionally been given the same level of attention as those in the healthcare, retail or financial services. However, in the era of Industry 4.0 data protection should take on a whole new significance. Multi-factor authentication methods, including single sign-on, (SSO) context-based assessment such as location, time, user type and roles, application risk profile, and others can be combined to limit data risk and maintain information accesses, from anywhere and any authorized device.
- Adaptive authentication can mitigate risk- Adaptive authentication, also called risk-based authentication, is a risk mitigation strategy that is gaining traction to deter industry 4.0 hacks. This is particularly important because viruses or hacks aimed at ‘smart devices’ are extremely contactable because of the dependent nature of the supply chain. For instance, in a smart factory full of connective devices, a breach may have started with one supplier and one set of exposed privileged credentials. This situation can escalate extremely quickly and lead to a mass data exposure. Adaptive authentication applies user data analysis and device data tracking to slow down these breaches by requiring the client side, including users, to take additional steps, only when an elevated risk level is detected. Adaptive authentication security platforms do this by generating an elevated risk profile that outlines certain questionable patterns, such as originating IP address, hardware identification, browser, time of day, etc. If an unusual pattern is detected, additional authentication requirements may be required.
- Look for pattern detection and immediate alert functions- Today’s modern security framework should be able to detect unusual data patterns quickly. This is important in financial, healthcare and manufacturing industries where speed is even more critical to prevent mission-critical device malfunctions from compromised sensors or chip data.
IoT underpins much of the Industry 4.0 platform and creates an exponential number of would-be hacker entry points. This makes the possibility of data exploits even more dangerous. With more and more connected devices in the enterprise, organizations should consider a comprehensive and adaptive security framework that includes context and risk-based measures to close those security gaps.