ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Securing the Future: IoT Product Testing and Information Security in Smart Manufacturing

The Information of Things (IoT) industry is booming. Data collected by Statista shows that the sector grew by 76% from 2019 to 2023 and is expected to reach nearly $30 billion by 2030.

However, as more devices enter the market, questions are being raised regarding the security of smart tech. In particular, folks fear that their personal data is being shared and their right to privacy is being breached.

Developers and manufacturers can alleviate fears about security by adequately testing their products. This will help manufacturers find faults and push updates when malware advances. This can save IoT manufacturers from expensive lawsuits and help assuage consumer fears about security.

Pre-Launch Testing

Successful pre-launch testing is crucial for any manufacturer hoping to pass security standards and testing by the Federal Trade Commission. Current FTC guidelines recommend that all manufacturers bake security into the design of their products and take a defense-in-depth approach.

Manufacturers can test IoT devices before launch themselves by:

  • Using Testing Phases: Manufacturers should use a series of tests to pass their devices through unit testing, integration testing, and system testing.
  • Test-Driven Development: Regular testing is the key when creating secure, compliant devices. Rather than testing a final product, adopt an iterative approach and regularly test the IoT device at every stage of development.
  • Testing Tools: Developers and manufacturers should be familiar with industry testing standards. Currently, this means they should run all devices through Stubs, Fakes, and Mocks.

A proactive, iterative approach to testing minimizes the risk of products launching with known or unknown errors. Manufacturers who regularly test their products through the development phase will also catch minor issues and major bugs long before the device goes live. The results gathered during the development can also be used to optimize performance and generate valuable user feedback.

Security Standards

Any new product has to pass consumer protection laws before launching to the public. Passing these tests is critical for brands looking to build trust in IoT devices. That’s why big brands like Microsoft and Okta have joined forces to form a multistakeholder collaboration led by the World Economic Forum (WEF). So far, the collaboration has presented the following five security requirements for IoT Tech:

  • Elimination of universal default passwords
  • Regular software updates
  • Secure communication
  • Protection of personal data
  • Implementation of a vulnerability disclosure policy

These changes can drive the expansion of the ISA/IEC 62443 series of cybersecurity standards to ensure that industry IoT (IIoT) creates foundational system design practices that protect consumers and companies.

Stakeholders who use the WEF’s requirements in tandem with ISA/IEC 62443 will take a proactive approach to secure IoT devices throughout their lifetime. Planning regular software updates to protect previous-generation devices is crucial to securing consumer confidence and improving information security within industries that utilize IoT tech.

Security Plans

Applying safety standards during product development and maintenance is crucial for any firm hoping to launch an IoT device. However, many firms still operate without a clear security plan. At a minimum, an information security plan should include key details like:

  • The scope of your security controls and standards
  • The classification of all data involved
  • Specific instructions for emergencies
  • Management objectives in case of a breach
  • The consequences of non-compliance

Ideally, prospective IoT developers will hire a security team that specializes in IoT compliance. This ensures that industry experts are managing expectations and referring to ISA guidelines before signing off on new developments. This is particularly important today, as more businesses are using the IoT to collect data.

Conclusion

The IoT industry is expanding quickly. However, manufacturers who want to make the most of the boom must ensure that their products are safe for public use. This means that developers must follow ISA/IEC 62443 and seek guidance from groups like the WEF. This protects and improves information security and can secure consumer confidence for years to come.  

Katie Brenneman
Katie Brenneman
Katie Brenneman is a passionate writer specializing in lifestyle, mental health, education, and fitness-related content. When she isn't writing, you can find her with her nose buried in a book or hiking with her dog, Charlie. To connect with Katie, you can follow her on Twitter.

Related Posts

Ask the Automation Pros: Achieving the Best Cascade Control

The following discussion is part of an occasional series, "Ask the Automation Pros," authored by Greg McM...
Greg McMillan Dec 6, 2024 7:00:00 AM

ISA's Position Papers from 2024: Collect Them All

The International Society of Automation (ISA) frequently releases positions on global issues affecting th...
Kara Phelps Dec 3, 2024 7:00:00 AM

Integrated Control System (ICS) for H2 Gas Generation

Abstract "H2 gas" refers to hydrogen gas (H2), which can be used as a clean energy carrier, meaning it ca...
Ankeet Anil Kaji Nov 26, 2024 7:00:00 AM