ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

What Is IoT Security?

History of Security

Security has been important to human society for a long, long time. But as time passed, what needed security and how it was secured has changed drastically. Within the last human lifespan, a new form of security has emergedcybersecuritywhich is changing more rapidly than traditional security ever did. Hacking has evolved from replicating dialup tones to make long-distance calls for free, to executing sophisticated nation-state-sponsored campaigns over the course of months.

Industrial Security Meets the Internet of Things

Every new technology and technology trend represents a new attack surfaceor a trend in change of attack surfacefor malicious actors. The figurative king of current technology trends is the Internet of Things (IoT), a term used to describe the devices now being connected to the Internet in numbers so large the human brain literally cannot comprehend it. During 2020, an estimated 31 billion devices will have been installed and connected to the Internet. If each of those devices were one grain of rice long and arranged in a line, the line would wrap around the earth’s equator nearly six times. The same trend is occurring within industrial systems, termed as the Industrial Internet of Things (IIoT). That massive influx of devices certainly affects the attack surface for malicious actors, and the way we secure those systemsbut how?

Applying Security to IIoT

Experts are currently grappling with this exact question. In fact, the International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) are considering expanding the ISA/IEC 62443 series of cybersecurity standards for industrial control systems with standards specifically for guiding security implementations for IIoT systems.

If that occurs, many meetings and discussions will be held to develop a consensus-driven answer to the question. In the mean time, certain truths can be agreed upon. Chief among those is that IIoT, and the enhanced connectivity it causes, blur the lines between systems—physically, geographically, and logically in the network. Securing the perimeter of a system is no longer sufficient; defense in depth must be used. 

In essence, building a wall for the attacker to climb over is not the right approacha "moat" is needed, so wide and with mud so thick that attackers cannot run through it. That approach requires a combination of foundational system design practices (such as segmenting and filtering traffic within a network), advanced security technologies (such as intrusion detection systems), cybersecurity training and awareness for everyone from the operator to the executive, and policies and processes for maintaining the systems and security programs.  Ultimately, proper IIoT security is a combination of all security best practices developed to date, applied consistently and uniformly throughout the enterprise.


This article is a product of the International Society of Automation (ISA) Smart Manufacturing & IIoT Division. If you are an ISA member who is interested in joining this division, please log in to your account and visit this page.

Jacob Chapman
Jacob Chapman
Jacob Chapman has a professional background in automation engineering, project management, account management, industrial networking and ICS cybersecurity within the food and beverage, pharmaceutical and energy generation sectors, among others. In his role as Director - BD & Alliances at Nozomi Networks, he leads the organization's strategic partnerships with OT OEMs and technology vendors.

Within the ICS cybersecurity community, he participates in international societies and standard bodies, including serving as an advisory board member to the ISA Global Cybersecurity Alliance (ISAGCA), a member of the Cybersecurity Committee of ISA’s Smart Manufacturing & IIoT Division and a contributor within the ISA99 standards development committee.

Related Posts

Onward and Upward to 2025: Proud of a Great Year

As my year as president of the International Society of Automation (ISA) comes to a close, I wanted to ta...
Prabhu Soundarrajan Dec 20, 2024 10:00:00 AM

How Did Automation Professionals Benefit from ISA in 2024?

The International Society of Automation (ISA) is proud to be the professional home of thousands of member...
Kara Phelps Dec 17, 2024 9:30:00 AM

Ensuring RCM or DCS Redundancy and Its Security in a Complex Industrial Environment

In industrial automation, remote control managers (RCM) or distributed control systems (DCS) are critical...
Ashraf Sainudeen Dec 13, 2024 10:00:00 AM