Future-proofing IoT manufacturing through security-by-design

The Internet of Things (IoT) is now part of our daily lives, and smart devices are littered throughout most homes and businesses. In the space of a few years, the presence of a smart hub has gone from being a rarity to a necessity. In 2018, YouGov found that 23% of Britain's 66.44 million people had a smart item, whilst a more recent survey found that 47% of US-based Millennials have at least one smart home product within their homes. Behind closed doors, the IoT has really taken off. Take the retail industry, where by 2025, the connected ecosystem will be worth over $35 billion. The manufacturing industry will see even greater disruption, and is projected to grow exponentially, experiencing what’s known as Industry 4.0. 

As Industrial IoT (IIoT) uptake continues to surge, however, businesses are struggling to fight against rising cybersecurity threats. The Honeywell Industrial USB Threat Report revealed that from 2019-2020, the number of threats capable of causing major disruption to operational technology systems more than doubled, from 26% to 59%. The pandemic has led to an increase in attacks, with bad actors looking to take advantage of vulnerabilities and businesses left unable to keep up with existing infrastructure issues. Research from Keeper Security, in collaboration with the Ponemon Institute, found that nearly three in five (57%) of UK manufacturers faced a cyber attack in 2020. The industry cannot continue on this trajectory, with security being treated as nothing more than a mere afterthought. IoT deployments too often act as just one part of a wider cost-saving or productivity-enhancing exercise; Combine this with a lack of systems management or awareness of individual devices, you quickly have a situation where safety and security is no longer a central consideration. 

Enter security-by-design

Moving forward, the industry needs to be more holistic when it comes to integrating smarter systems. After all, smarter does not mean more secure. Individual devices cannot be deployed and then forgotten about, as every single device represents an entry point for cyber villains to attack. Designing security from the start will allow organisations to distribute important security updates automatically, remotely and from a position of governance and control.

Building with a security-by-design mindset starts with choosing a robust operating system (OS). Open source remains the OS of choice, with Linux renowned for its stability and security, while offering freedom to developers and software engineers to manage it and prepare for future market demands. It can also allow engineers to stay flexible and to keep on top of the evolving risk. Software maintenance is key, not just to avoid missing out on market opportunities related to devices, but to extend the lifetimes of hardware on the factory floor. 

Shedding away the traditional hardware centric mindset, manufacturers must look to protect and future-proof individual deployments, seeking out mechanisms that can address updates and prepare for vulnerabilities. In the past, once a device was deployed into the field - for example, to help monitor performance and boost efficiency on a factory floor - there were minimal mechanisms to quickly deploy any new feature updates or address any newly discovered weaknesses. 

In the event of an attack, the response should not create downtime for production lines. Instead, manufacturers should aim to maintain the factory floor in an operational state as they deploy a stream of software updates. In the case of being prepared for software failure, it is no longer a reality that you can develop software once and expect it to be secure and bug-free forever. Software will fail, so it’s about safeguarding when it does, to avoid substantial costs.

Guarding against software failure 

Rollback features can help guard against software failure by giving hardware components, such as security cameras and other connected machinery on the factory floor, an added layer of reliability. Manufacturers can look to leverage the power of containerised software, like snaps, that enable developers to easily push software updates automatically and roll back in the event of failure. Snaps effectively supports both the OS and associated IoT software applications in a secure and modular packaging format. If a security vulnerability is discovered in the code used by an application, the application publisher is notified so the snap can be rebuilt quickly with the supplied fix and pushed out in a controlled and managed fashion. It greatly reduces the likelihood of an improper update breaking a device or degrading the user experience. Looking at smart manufacturing, rolling out a security patch seamlessly without disrupting the production line can lead to significant benefits like efficiency and reduced downtime. 

Putting trust back in technology

On many factory floors, the onus is still on the end user to protect individual IoT devices. This is not sustainable, nor remotely efficient. Businesses need to take a long, hard look at where the burden of security lies, and seriously consider putting trust in IoT applications to support and manage networks. That way, managers can be confident that they’re future proofing through technology, which can automatically remediate any security issues, absolving customer responsibility. 

It’s no longer a case of one size fits all in the smart era of Industry 4.0. Device hardware is not static and manufacturers must recognise that the future does not lie in this form of vulnerable hardware, but instead software-defined capabilities. As attacks continue to accelerate, more action is needed in order to protect and future-proof the manufacturing industry. It will take investment and a real commitment to change how the industry thinks about security related to smart infrastructure. The billions of existing IoT devices were not deployed overnight, and the security problems they inherent will not be fixed overnight either. 

By Tom Canning, Vice President of Global Sales IoT and Devices, Canonical