Underlying concerns about the security and vulnerability of Internet of Things (IoT) devices and sensors are justified, according to a report by the IBM Institute for Business Value. It warns that Deploying IoT technologies at a faster pace than they are secured can open organisations to dangers greater than negative public sentiment. For industrial manufacturing, chemical, oil and gas and utilities, security breaches can lead to large-spread contamination, environmental disasters and even personal harm.
Insights derived from data collected from connected devices are being used across industries to enhance productivity, solve problems and create new business opportunities and operational efficiencies. But there are also risks. Security was an afterthought for many early generation IoT applications, creating vulnerabilities in the network and the potential for industrial process interruption, manipulation or espionage. But the Internet of Things cannot become simply the internet of threats. Industry and utilities companies, in particular, need to develop new strategies to mitigate and manage cyber-risks.
As for security standards for IoT devices, the report says these are ‘slowly emerging’; Center for Internet Security (CIS) controls, operational and technical practices, protective technologies and IoT authentication must be implemented, IBM says. CIS controls include authorised device and software inventories, and deploying devices with built-in diagnostics.
The report also talks in terms of risk as long used to identify, assess, control, monitor and respond to hazards across operations, including safety. As industries quickly adopt IoT technologies, they must also bring IoT security practices into alignment with their broader risk frameworks, the report suggests. It points out that IoT solutions span information technology (IT), operational technology (OT) and consumer technology (CT) functions. It urges the breaking down of ‘silos’ between IT and OT. We should ‘create a common risk approach across disciplines to manage traditionally IT-centric information processing technologies and OT-centric technologies that monitor and control cyber-physical’ systems.
To download the eight-page report visit the IBM website.
