ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

What Is IoT Security?

History of Security

Security has been important to human society for a long, long time. But as time passed, what needed security and how it was secured has changed drastically. Within the last human lifespan, a new form of security has emergedcybersecuritywhich is changing more rapidly than traditional security ever did. Hacking has evolved from replicating dialup tones to make long-distance calls for free, to executing sophisticated nation-state-sponsored campaigns over the course of months.

Industrial Security Meets the Internet of Things

Every new technology and technology trend represents a new attack surfaceor a trend in change of attack surfacefor malicious actors. The figurative king of current technology trends is the Internet of Things (IoT), a term used to describe the devices now being connected to the Internet in numbers so large the human brain literally cannot comprehend it. During 2020, an estimated 31 billion devices will have been installed and connected to the Internet. If each of those devices were one grain of rice long and arranged in a line, the line would wrap around the earth’s equator nearly six times. The same trend is occurring within industrial systems, termed as the Industrial Internet of Things (IIoT). That massive influx of devices certainly affects the attack surface for malicious actors, and the way we secure those systemsbut how?

Applying Security to IIoT

Experts are currently grappling with this exact question. In fact, the International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) are considering expanding the ISA/IEC 62443 series of cybersecurity standards for industrial control systems with standards specifically for guiding security implementations for IIoT systems.

If that occurs, many meetings and discussions will be held to develop a consensus-driven answer to the question. In the mean time, certain truths can be agreed upon. Chief among those is that IIoT, and the enhanced connectivity it causes, blur the lines between systems—physically, geographically, and logically in the network. Securing the perimeter of a system is no longer sufficient; defense in depth must be used. 

In essence, building a wall for the attacker to climb over is not the right approacha "moat" is needed, so wide and with mud so thick that attackers cannot run through it. That approach requires a combination of foundational system design practices (such as segmenting and filtering traffic within a network), advanced security technologies (such as intrusion detection systems), cybersecurity training and awareness for everyone from the operator to the executive, and policies and processes for maintaining the systems and security programs.  Ultimately, proper IIoT security is a combination of all security best practices developed to date, applied consistently and uniformly throughout the enterprise.


This article is a product of the International Society of Automation (ISA) Smart Manufacturing & IIoT Division. If you are an ISA member who is interested in joining this division, please log in to your account and visit this page.

Jacob Chapman
Jacob Chapman
Jacob Chapman has a background in automation engineering, project management, account management, industrial networking, and ICS cybersecurity within the food and beverage, pharmaceutical, and energy generation sectors, among others. Jacob currently leads the industrial IT and cybersecurity solutions and services at Grantek, which help manufacturers develop their facility infrastructures, including their industrial network architectures, local and cloud computing systems, and cybersecurity programs. As Grantek’s leader in the space, Jacob maintains involvement and leadership positions in international societies and standard bodies - including the Cybersecurity Committee Chair of ISA’s Smart Manufacturing & IIoT Division, a Registered U.S. Expert to TC65 of the IEC, and a member of the ISA99 standards development committee.

Related Posts

Ask the Automation Pros: Achieving the Best Cascade Control

The following discussion is part of an occasional series, "Ask the Automation Pros," authored by Greg McM...
Greg McMillan Dec 6, 2024 7:00:00 AM

ISA's Position Papers from 2024: Collect Them All

The International Society of Automation (ISA) frequently releases positions on global issues affecting th...
Kara Phelps Dec 3, 2024 7:00:00 AM

Integrated Control System (ICS) for H2 Gas Generation

Abstract "H2 gas" refers to hydrogen gas (H2), which can be used as a clean energy carrier, meaning it ca...
Ankeet Anil Kaji Nov 26, 2024 7:00:00 AM