As the Industrial Internet of Things (IIoT) continues to be embraced by more companies, the sector has come under increased attack from hackers, according to Jim Wallace, Sales Manager at Balluff Australia and member of Open IIoT. Data from the Australian Bureau of Statistics shows cybercrime against businesses has doubled from one in 10 businesses in 2020, compared to one in five in 2023, indicating that increased opportunity has attracted a significant growth in cybercrime.
Open IIoT is a collective of several of Australia's key automation brands which includes SMC Corporation Australia & New Zealand, ARGUS, NORD DRIVESYSTEMS, Beckhoff Australia, Balluff. They are committed to advocating for IIoT and facilitating higher industry 4.0 implementation across Australia. The group is alarmed by the significant rise in cybersecurity threats in the past two years.
Wallace explains the devastating consequences of successful attacks on IIoT networks, stating: "Once a hacker gains entrance into an IIoT network they can gain control of any exposed devices connected to the system and use this interconnected gateway to compromise other devices and even the network itself." The result can leave a manufacturing facility crippled for days and incur costs potentially amounting to hundreds of thousands of dollars.
Given the above, Wallace emphasises the need for an IIoT-specific security framework. He is adamant that to secure such networks, businesses must adopt a security strategy that completely diverges from that of the enterprise data network. He advises beginning by implementing robust authentication mechanisms to ensure only authorised users and devices can access the IIoT system, as well as defining and vigorously enforcing standard authorisation policies for access to sensitive data and functionalities.
Other security measures include ensuring all data travelling on the IIoT network is end-to-end encrypted and accessible only to designated personnel equipped with an encryption key. Segmentation, a strategy to limit access by assigning specific devices to designated parts of the network, also prevents hackers from gaining access to the whole network. "To bolster network defence, scrutinising inbound data traffic identifies potential DDoS attacks, while monitoring outbound traffic empowers IT staff to swiftly pinpoint compromised devices and take immediate defensive actions," Wallace adds.
Wallace heralds the importance of maintaining the integrity of stored data, recommending the use of mechanisms like checksums or hash functions to detect any unauthorised modifications or tampering with the stored data. Also crucial in this regard is the implementation of a strategy for securely disposing of obsolete data to ensure it can't be compromised. In the event of a worst-case scenario resulting in a widespread loss of data, a robust data backup and recovery strategy should be in place, with frequent testing to ensure the effectiveness of system recovery.
Wallace goes on to advise manufacturers to adopt a 'security-first' mindset to their everyday processes, which includes regular employee training on cybersecurity best practice. Adding additional layers of protection such as multi-factor authentication passwords, continuous system monitoring, clear incident response plans and careful scrutiny of IIoT vendors' security measures are all part of this security approach. "Remember that IIoT data processing and storage must be compliant with regulatory standards to protect privacy and proprietary information. In Australia, these regulations differ from state to state, so I recommend consulting with an expert," he concludes.