ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

All Posts

What Is IoT Security?

By Jacob Chapman


History of Security

Security has been important to human society for a long, long time. But as time passed, what needed security and how it was secured has changed drastically. Within the last human lifespan, a new form of security has emergedcybersecuritywhich is changing more rapidly than traditional security ever did. Hacking has evolved from replicating dialup tones to make long-distance calls for free, to executing sophisticated nation-state-sponsored campaigns over the course of months.

Industrial Security Meets the Internet of Things

Every new technology and technology trend represents a new attack surfaceor a trend in change of attack surfacefor malicious actors. The figurative king of current technology trends is the Internet of Things (IoT), a term used to describe the devices now being connected to the Internet in numbers so large the human brain literally cannot comprehend it. During 2020, an estimated 31 billion devices will have been installed and connected to the Internet. If each of those devices were one grain of rice long and arranged in a line, the line would wrap around the earth’s equator nearly six times. The same trend is occurring within industrial systems, termed as the Industrial Internet of Things (IIoT). That massive influx of devices certainly affects the attack surface for malicious actors, and the way we secure those systemsbut how?

Applying Security to IIoT

Experts are currently grappling with this exact question. In fact, the International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) are considering expanding the ISA/IEC 62443 series of cybersecurity standards for industrial control systems with standards specifically for guiding security implementations for IIoT systems.

If that occurs, many meetings and discussions will be held to develop a consensus-driven answer to the question. In the mean time, certain truths can be agreed upon. Chief among those is that IIoT, and the enhanced connectivity it causes, blur the lines between systems—physically, geographically, and logically in the network. Securing the perimeter of a system is no longer sufficient; defense in depth must be used. 

In essence, building a wall for the attacker to climb over is not the right approacha "moat" is needed, so wide and with mud so thick that attackers cannot run through it. That approach requires a combination of foundational system design practices (such as segmenting and filtering traffic within a network), advanced security technologies (such as intrusion detection systems), cybersecurity training and awareness for everyone from the operator to the executive, and policies and processes for maintaining the systems and security programs.  Ultimately, proper IIoT security is a combination of all security best practices developed to date, applied consistently and uniformly throughout the enterprise.

This article is a product of the International Society of Automation (ISA) Smart Manufacturing & IIoT Division. If you are an ISA member who is interested in joining this division, please log in to your account and visit this page.


About the Author

Jacob Chapman has more than seven years of automation engineering, project management, account management, industrial networking, and ICS cybersecurity expertise within the food and beverage, pharmaceutical, and energy generation sectors, among others. Jacob currently leads the industrial IT and cybersecurity solutions and services at Grantek, which help manufacturers develop their facility infrastructures, including their industrial network architectures, local and cloud computing systems, and cybersecurity programs. As Grantek’s leader in the space, Jacob maintains involvement and leadership in international societies and standard bodiesincluding the Cybersecurity Committee Chair of ISA’s Smart Manufacturing & IIoT Division and a member of  the ISA99 standards development committee.

Related Posts

ISA President's Column: Make Way for 2021!

The 2021 International Society of Automation (ISA) President Steve Mustard will be featured monthly on th...
ISA President Jan 15, 2021 5:00:00 AM

Cyber-Physical Systems: The Core of Industry 4.0

By Rajabahadur V. Arcot   The principle idea behind the implementation of Industry 4.0 solutions is to em...
Contributing Author Jan 12, 2021 5:15:00 AM

The Genius of ANSI/ISA S84.01-1996

By Iwan van Beurden and William M. Goble   The real genius of a standard is measured by the level of acce...
Contributing Author Jan 11, 2021 5:00:00 AM