The rewards—and risks—of IIoT

It’s being called the Fourth Industrial Revolution, and that’s not entirely an exaggeration. But the IIoT, or Industrial Internet of Things, is not one thing on its own. Like the Internet of Things that you already use in your home and office, the IIoT utilizes sensors that can transmit data and networks that can carry that data. We’ve had these things for a while. But the IIoT is finally having its moment in the spotlight because of these three advances:

While IIoT requires upfront tech expenditures, its ability to optimize production, send alerts for machines that need repairs, and reduce a company’s overall carbon footprint makes it a smart return on investment. And businesses know it. This year manufacturers, transport companies, and utilities will spend a combined $329 billion on IIoT—more than triple the spending of consumer IoT, according to tech analyst IDC.

But any major business change also comes with risk. IoT devices have gained a reputation of being insecure, and many traditional businesses aren’t prepared for the potential security challenges they pose. “Every industry in the world will need to be concerned about what they have on the internet,” said Tommy Gardner, Chief Technology Officer at HP. “These [IoT devices] are products that are hanging on connections through the world wide web.”

And here’s where smaller businesses have an advantage: With fewer sensors, machines and end points to worry about, you can implement an IIoT network more efficiently and securely. Here’s what your IT team needs to know about the IIoT security to get started.

Manufacturers “have this industrial equipment they purchased 30 years ago, and they’re not going to replace it for 30 more years, because it’s a major capital investment,” Gardner explains. “They can’t afford, every two years, to throw out the old stuff and bring in the new stuff—they’re just going to have to live with what they’ve got.” And if you can’t replace a factory’s worth of equipment, you need to find the right hardware and security solutions.

In the US, there are currently no official security standards for devices such as sensors, RFID tags, industrial controllers and smart cards. Right now the US National Institute of Standards and Technology (NIST) is working with the private sector to develop some through their “lightweight cryptography” initiative. “Lightweight is not meant to mean weak encryption,” Gardner says. “‘Lightweight’ just means it can operate under a CPU or a memory capacity that’s much less than you’d see in our products.” NIST is holding a workshop in November to discuss potential new standardized algorithms, so watch this space.

Gardner praises the security built into HP’s 3D industrial printers, which many companies use as part of their IIoT network. “We are the only 3D printer manufacturer that has cyberprotection designed in from the start. Our machines are resilient. And what is resiliency? The way I think of resiliency is like the old Timex watch commercials. Where you show a diver off the cliffs of Acapulco who puts on the watch, swan dives into the ocean, and comes up and says, ‘it takes a licking, and it keeps on ticking.’” The key is not to be lulled into believing you can prevent every attack. Keep your defenses strong, but if a vulnerability is exploited, your system needs to be able to detect it and recover without human help. Investing in technology equipped with HP Sure Sense, which uses deep learning AI to enable real-time malware protection, is a good place to start.

Major IIoT security attacks aren’t just speculative, Gardner notes. Global hackers have already infected industrial networks with malware by exploiting interconnected sensors. The most famous is the Trisis attack, which wreaked havoc at a Saudi petrochemical plant in 2017; the same bad actors infected a second unspecified “critical infrastructure” facility this April. Other attacks include hackers crippling Ukraine's power grid in 2015; here in the States, hackers working for Russia were able to gain access to the control room of a US electric utilities. While these are nation state-sized attacks, there are lessons to be learned from them. Basic security measures such as applying new patches immediately and changing default login credentials can go a long way, especially when your IT team is working with operating technicians who may not be as tech-savvy. Segmenting your network can also keep operations running even if a portion of your machines are taken down. And if a hacker attempts a BIOS or UEFI rootkit attack such as a LoJax, HP Sure Start will detect this and automatically re-install an authentic HP BIOS to get you back up and running within minutes on your computer. “You could blink your eye and just missed the fact that you absorbed an attack,” Gardner adds. “And it was thrown off because the system protected itself.”

HP Sure Sense is available on the new HP EliteBook 800 G6 and other models.