Securing Industrial IoT (IIoT) Devices in Manufacturing

The adoption of industrial IoT (IIoT) has significantly revolutionized the manufacturing sector, making it more connected, efficient and smarter than ever. However, this increased connectivity, and seamless operations on the factory floor have introduced a range of cyber risks and threats. Some of the key challenges wrt IIoT device are Default weak and hardcoded credentials, vulnerable web interfaces, insecure data transfer & storage, Insecure Network Services, legacy firmware & OS besides poor device visibility from different manufacturers, reliance on legacy systems lacking IIoT security protocols, unsecured endpoints, evolving regulatory frameworks and limited resources are just few factors that make IIoT vulnerable to security threats.

The primary threats to IIoT and smart manufacturing include device hijacking, Remote Access using Backdoor, Blue Borne attack, man-in-the-middle, distributed denial of services (DDOS) attacks, and permanent denial of services (PDoS) attacks. Securing IIoT devices is pivotal to safeguarding sensitive data, ensuring operational continuity, preventive measures/ health check of equipment’s/ machineries and protecting against malicious attacks on the factory floor/ manufacturing operations. Here are some of the advanced security strategies that manufacturing leaders have been adopting include:

Device authentication and access controls

Often, devices connected in the manufacturing units lack sufficient access controls due unsecured outdated components/ legacy firmware & operating system, default, weak and hardcoded credential, leading to unauthorized access and control for critical equipment and systems. To secure IIoT devices, organizations need to facilitate authentication processes that require entities seeking access to prove their identity. Public key infrastructure, multi-factor authentication etc. can be some practices to secure IIoT devices with multiple layers of protection. Furthermore, access controls should be applied at the connectivity layer using firewalls or data diodes.

Secure communication with end-to-end encryption

For security IIoT devices in manufacturing, data in transit between a device and its service infrastructure must be encrypted and secure. This ensures that only those with a secret decryption key can ensure access to transmitted data. Endpoint and gateway encryption facilitate more secure communication to off-the-rack solutions. Appropriate security measures should be taken wrt data transfer and storage, data security & privacy, API and device management.

Up-to-date inventory management and real-time threat monitoring

With a plethora of connected IIoT devices, manufacturing units often lose track of their connected assets including API, leading to complete visibility into what needs protection. Therefore, the inventory of IIoT devices must be constantly updated through inventory audits, to identify the devices at-risk devices and proactively implement countermeasures. Automated monitoring solutions and intrusion detection systems can monitor traffic movement and facilitate real-time response to cyberattacks, unauthorized access and manufacturing disruption. Next Gen. VPN/ ZTNA, AIML solutions can identify the patterns and behaviours of cyber threats, leading to robust defense mechanisms.

Summarize Counter measures to protect IoT Device

Some of the counter measures which should be considered to protect from IoT attacks are Disable guest account if enabled, change default password, enable account lock out in case of excessive invalid login attempts, implement MFA, End to end encryption and use of PKI, use of network segmentation and use of Next generation Firewall, EDR, periodical patching of vulnerability and firmware update.

Securing IIoT devices in smart manufacturing environments demands a comprehensive, multi-faceted approach. As new technologies are integrated into critical infrastructure, the attack surface expands, necessitating urgent action from manufacturers. To safeguard their operations, manufacturers must adopt advanced IIoT security strategies and remain vigilant in addressing emerging risks.

Ramanand Jha
Ramanand Jha
Head GRC, Internal Audit-Manufacturing & Cyber Security
Havells India
- Advertisement -

Disclaimer: The views expressed in this feature article are of the author. This is not meant to be an advisory to purchase or invest in products, services or solutions of a particular type or, those promoted and sold by a particular company, their legal subsidiary in India or their channel partners. No warranty or any other liability is either expressed or implied.
Reproduction or Copying in part or whole is not permitted unless approved by author.
To explore more insights from CISOs across South Asia, download your copy of the CISO Handbook today.
CISO handbook
CISO handbook – Strategic Cyber Vision, encapsulates point of views of 60+ CISOs and cybersecurity leaders across South Asia, highlighting the best practices, impact of AI and the cybersecurity landscape.
Download Now

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

error: Content is protected !!

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article

Download CIO VISION 2024 Report

Share your details to download the report

Share your details to download the CISO Handbook 2024