3 IoT Security Issues to Mitigate Before Installing Sensors

on April 25, 2019

The internet of things (IoT) is an immature market, but that hasn’t stopped companies from attaching sensors to assets for real-time data and condition monitoring.

The security risks these networked devices pose are often misunderstood, underestimated and underreported: According to Gartner research, one in five companies experienced an IoT-based attack in the past three years, and more than a third of those companies were completely unaware of the breach. (Full report available to Gartner clients.)

Software Advice recently offered security tips to those using an enterprise asset management system and published a guide to identify the best IoT options for boosting predictive maintenance. In this report, we summarize the findings of a new security survey to understand what makes spotting and preventing intrusions difficult and offer tips for better securing your IoT network.

IoT Security Report Shows the Growing Need for Consistency

The 2018 IoT Security Survey Report by CEB, now Gartner, polled more than 40 information security leaders from organizations in 18 industries—including energy and utilities, pharmaceuticals, and several types of manufacturing—who utilize an IoT system. The common use cases of this technology illustrate how wide-ranging the security concern is.

Adoption of IoT Use Cases

Multiple uses for the IoT have emerged over time, most importantly for maintenance professionals in manufacturing and other asset-intensive industries who can use the technology for real-time condition monitoring.

However, the focus on security control systems isn’t keeping pace with practical implementation.

Adoption of IoT Risk Controls

The business world is placing confidence in the IoT, but it is not prepared for the consequences of a potential attack, which could include stolen intellectual property or data, safety hazards, and the infection of your systems with viruses or malware.

Tackle These 3 IoT Security Concerns

With millions of “things” already connected in manufacturing, fleet management, medical practices and other industries, it’s important to understand the common security challenges businesses face.

Top IoT Security Challenges

Management and IT professionals across industry should address poor visibility into and a lack of understanding of the entire IoT project, poor vendor support, and a lack of standardized security protocols.

They can do this by implementing new tools and by understanding vendor capabilities. Here are three key IoT security measures to take before implementing any IoT project.

1. Evaluate Vendor Use Cases, Not Their Technology

“Poor vendor support” usually refers to a vendor’s inability to support your IoT project from implementation through future use.

As you use a technology, your vendor should be able to help you overcome challenges and offer you new solutions — after all, they want you to successfully leverage their technology. But some providers simply don’t have the necessary resources or experience to provide this service.

Depending on the sophistication of your maintenance strategy, you may already have a CMMS or EAM. If not, you’ll likely have to evaluate two different vendors for maintenance and IoT capabilities. Here are some questions you can ask each to determine which can offer the best long-term support:

Questions for Software and IoT Device Vendors

When evaluating vendors, it’s easy to get caught up in product features. Instead, keep your goals in mind and inquire about vendors’ experience with IoT projects and use cases similar to your own.

2. Utilize the Communication Standards of Your Vendor

The final security concern is a lack of standards and norms around the use of IoT technology. Because the technology is still relatively new, IoT devices rely on a variety of different protocols and network types to operate.

It helps your search to be aware of these networks and protocols so you can match vendor capabilities to your needs:

Network Type: Range:
PAN (Personal Area Network) Covers one or two rooms
LAN (Local Area Network) Covers an entire building
CAN (Corporate Area Network) Connects smaller networks within a group buildings
MAN (Metropolitan Area Network) Can cover an entire city
WAN (Wide Area Network) Covers large geographical distances (the Internet is a WAN)

Then, there are more than a dozen different protocols —or languages—devices use to communicate with each other and with maintenance software, including:

  • Bluetooth
  • ZigBee
  • WiFi
  • Z-Wave
  • 4G and 5G
  • DigiMesh

Unless you’re building an IoT platform from scratch, you won’t need to evaluate the merits of each of these protocols. But it’s good to be aware of them so you’re able to match your specific needs with the vendor and standards that best suit your IoT project.

3. Regular Audits Reveal Your Vulnerabilities

When you connect networked sensors to your assets, it tends to expose your system to attack. Malicious hackers look for the easiest, least suspicious way into your network to steal intellectual property, sensitive data or trade secrets.

That’s why you (and your IT team, if applicable) should maintain an accurate inventory of IoT devices in your facility—to illuminate any dark corners of your network. Conduct regular audits of the sensors, equipment and other assets connected to your network.

You can use your existing maintenance software, such as a CMMS or an enterprise asset management (EAM) system, to track these devices like you would any other machine.

Shodan.io is a service that IoT users can use to search for and see if their connected devices are visible online, and, thus, vulnerable. Several companies use the site to discover potential threats to their business.

Questions for Software and IoT Device Vendors

Shodan.io is an inexpensive way to check the visibility of your connected devices (Source)

Time to Adopt IoT (With a Secure Network)

Though large enterprise users of IoT technology are more attractive targets for malicious hackers and intrusions, all companies using IoT devices can and should take simple steps to maintain a secure network. To recap:

  1. Inquire about vendor experience with IoT use-cases for companies similar to yours, instead of focusing only on the technology.
  2. Keep in mind the capabilities of the popular IoT protocol languages (Bluetooth, ZigBee, etc.) to understand how each vendor operates.
  3. Perform audits of your IoT network (sensors, endpoints, etc.) at least annually and when adding new devices or assets.

We also have other reports on: how IoT boosts manufacturing productivity, protecting manufacturing networks from intrusions and using anomaly detection to catch maintenance failures. If you want some personal guidance, reach out to our advisors at (844) 689-4876 for a free consultation to identify your best options.

You may also like

How to Avoid the Worst Manufacturing Cyber Security Risks

3 Ways IoT in Manufacturing Boosts Productivity (And a Roadmap to Get There)

Set Up Predictive Maintenance Anomaly Detection to Catch Costly Failures

See How IoT Boost Manufacturing Productivity