工业物联网的兴起对网络安全意味着什么
当今,很难找到一家工业或运营技术公司,不关注或至少探索如何融入物联网。根据一些估计,到2023年,工业物联网行业将拥有超过460亿个活跃的工业联系。市场要求新系统的智能功能和连接性,并且随着物联网概念继续变得成熟和新的创新技术,这些技术也将出现,这些技术也将会迅速进入IIOT空间。
IoT is being applied in a wide range of industrial use cases, from sensors used to track things like equipment health, fuel efficiency and energy management to fully automated machines and robots used to outfit smart, connected factories. While IIoT offers tremendous opportunities to deliver more and richer data to drive operational efficiency and smart decision-making, it also puts increasing pressure on cybersecurity.
According to Frost & Sullivan, cyberattacks within the energy and utilities industries alone cost an average of $13.2 million per year. Hacking operations — such as LockerGoga, which crippled Norsk Hydro’s aluminum production, costing the company an estimated $52 million in losses;蜻蜓2.0, which targeted dozens of energy companies in the U.S. and Europe; andGreyEnergy这击败了乌克兰的电网 - 所有这些都强调了黑客如何充分利用工业控制系统中的安全漏洞,以及为什么在物联网时代,安全性变得越来越重要。
如果做得正确,IIOT可能会破坏。当做得不好时,它会造成物质安全风险。为了最好地防止网络攻击和其他安全风险,应确保每个工业设备。制造商应设计每个IIT设备或传感器,以符合当前的网络安全最佳实践,例如特权最少的原则,深入防御和访问控制。例如,IIOT设备应考虑到安全性,包括用于安全的,空中更改的功能启用更新to mitigate threats that are not present at deployment.
不幸的是,尤其是在工业空间中,由于正常运行时间和成本,存在大量的旧设备。更重要的是,旧设备是一个特别容易的目标,因为它的大部分并不是考虑到安全性的。
Getting IIoT security right
在确保IIT环境方面,最好从基础知识开始。这包括关注补丁管理,身份管理和监视。制定全面的安全计划需要理解并正确设置IIOT架构的四层层次中的每一层,以防止现在和将来妥协。
设备层
The device layer is where the digital world meets the real world, and hence where it is most at risk. This layer consists of IoT hardware, software, sensors and actuators. IoT devices are susceptible to spoofing, tampering, theft, elevation of privilege, information disclosure and repudiation threats. While organizations should look to design security into the devices by incorporating a hardware root of trust, at minimum they should adopt a strong secrets strategy — passwords, keys, certificates and so forth — or invest in additive security to harden devices in the wild.
通信层
通信层定义了物联网系统所需的通信协议,网络技术和通信服务提供商。它还可以定义必要的安全协议,例如数据传输层安全性或其他安全机制,例如X.509 certificates。通常,该层容易受到窃听,篡改,信息披露,欺骗和拒绝服务的影响。所有通信渠道上的强加密应为安全性优先级。在可行的,相互验证的通道的地方是首选。
云平台层
The cloud platform ensures end-to-end semantic consistency of data objects throughout the distributed industrial IoT system. It describes how data flows into, out of and through the system, as well as how it is transformed and stored. It also contains the features and intelligence that gives an organization its competitive advantage. It provides the stream processing, event processing, dispatching, orchestration, analytics, algorithms and machine learning necessary to meet the needs of the business. This layer is susceptible to threats like tampering, information disclosure, elevation of privilege, theft and denial of service. Organizations should invest in a third-party assessment or monitoring of their cloud platform as virtually all attacks will involve taking advantage of weaknesses in this layer.
过程层
该过程层的重点是组织如何将IoT项目与治理,运营和管理流程以及业务系统系统整合在一起。网络安全架构中最弱的联系是人们。他们在理解和实施网络安全实践和政策方面的疏忽可能使整个生态系统易受使网络攻击使人衰弱的影响。这些攻击包括否定和盗窃敏感信息,例如知识产权。
此外,新兴的安全法规有助于确保对更广泛行业的基线保护。我们开始看到国会山的运动以解决和打击工业安全威胁,最近一次H.R 5733,DHS工业控制系统功能增强法,这是去年在众议院提出的一项法案。
IIT安全:您应该独自去吗?
Securing IIoT devices or networks is a specialist field. Many companies don’t have access to the necessary skills to build and maintain a sustainable IIoT security architecture. As such, one critical question for businesses as they develop their IIoT security strategy is whether to go it alone or to get help.
Organizations should have their devices and networks inspected and tested for vulnerabilities and take the recommended actions to mitigate any risks. They should also demand suppliers harden devices and design products against tampering and attacks.
组织可能还希望调查第三方监视。托管安全服务提供商正在适应满足复杂IIOT环境创建的需求,但这也是一个专业领域,因为IIOT数据和网络要求与传统网络监控不同。
当企业考虑与托管安全服务提供商合作时,他们应确保他们正在考虑的合作伙伴具有专业知识,资源和服务,以指导他们完成设计,实施和管理的过程IIOT安全在整个设备生命周期中。
在基本层面上,这意味着确保合作伙伴的IIOT安全平台可以无缝集成到现有环境中,可以从中央位置安全地控制和验证,并可以扩展以满足不断变化的需求。在更高级的层面上,这需要能够对所有设备和整个网络的全局视图,以减少检测时间并打击高级对手。
应该注意的是,IIT安全性是连续性的,每个连接的系统或设备都不可能在每种情况下都能安全。因此,任何工业企业的良好经验法则和一种合理的方法是始终采取不断发展的安全姿势,并在对最新技术进行努力之前采取尽职调查的步骤。
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.