ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

All Posts

What Is IoT Security?

History of Security

Security has been important to human society for a long, long time. But as time passed, what needed security and how it was secured has changed drastically. Within the last human lifespan, a new form of security has emergedcybersecuritywhich is changing more rapidly than traditional security ever did. Hacking has evolved from replicating dialup tones to make long-distance calls for free, to executing sophisticated nation-state-sponsored campaigns over the course of months.

Industrial Security Meets the Internet of Things

Every new technology and technology trend represents a new attack surfaceor a trend in change of attack surfacefor malicious actors. The figurative king of current technology trends is the Internet of Things (IoT), a term used to describe the devices now being connected to the Internet in numbers so large the human brain literally cannot comprehend it. During 2020, an estimated 31 billion devices will have been installed and connected to the Internet. If each of those devices were one grain of rice long and arranged in a line, the line would wrap around the earth’s equator nearly six times. The same trend is occurring within industrial systems, termed as the Industrial Internet of Things (IIoT). That massive influx of devices certainly affects the attack surface for malicious actors, and the way we secure those systemsbut how?

Applying Security to IIoT

Experts are currently grappling with this exact question. In fact, the International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) are considering expanding the ISA/IEC 62443 series of cybersecurity standards for industrial control systems with standards specifically for guiding security implementations for IIoT systems.

If that occurs, many meetings and discussions will be held to develop a consensus-driven answer to the question. In the mean time, certain truths can be agreed upon. Chief among those is that IIoT, and the enhanced connectivity it causes, blur the lines between systems—physically, geographically, and logically in the network. Securing the perimeter of a system is no longer sufficient; defense in depth must be used. 

In essence, building a wall for the attacker to climb over is not the right approacha "moat" is needed, so wide and with mud so thick that attackers cannot run through it. That approach requires a combination of foundational system design practices (such as segmenting and filtering traffic within a network), advanced security technologies (such as intrusion detection systems), cybersecurity training and awareness for everyone from the operator to the executive, and policies and processes for maintaining the systems and security programs.  Ultimately, proper IIoT security is a combination of all security best practices developed to date, applied consistently and uniformly throughout the enterprise.

This article is a product of the International Society of Automation (ISA) Smart Manufacturing & IIoT Division. If you are an ISA member who is interested in joining this division, please log in to your account and visit this page.

Jacob Chapman
Jacob Chapman
Jacob Chapman has a background in automation engineering, project management, account management, industrial networking, and ICS cybersecurity within the food and beverage, pharmaceutical, and energy generation sectors, among others. Jacob currently leads the industrial IT and cybersecurity solutions and services at Grantek, which help manufacturers develop their facility infrastructures, including their industrial network architectures, local and cloud computing systems, and cybersecurity programs. As Grantek’s leader in the space, Jacob maintains involvement and leadership positions in international societies and standard bodies - including the Cybersecurity Committee Chair of ISA’s Smart Manufacturing & IIoT Division, a Registered U.S. Expert to TC65 of the IEC, and a member of the ISA99 standards development committee.

Related Posts

What are the Biggest Mistakes You Have Seen? Part 3

The following discussion is part of an occasional series showcasing the ISA Mentor Program, authored by G...
Greg McMillan Jul 1, 2022 5:30:00 AM

How is Automation Changing Chemical Plants?

Automation is becoming a gamechanger in various industries. Decision makers need to figure out how best t...
Emily Newton Jun 28, 2022 5:30:00 AM

ISA Commemorates International Women in Engineering Day

Since 1982, women have earned almost 10 million more college degrees than men. However, despite this stat...
Steven Aliano Jun 23, 2022 5:30:00 AM