IoT Security: The Visibility of Assets in the Field
IoT security is a complex issue, especially in projects involving hundreds of edge devices in the field. Cloud security and edge security are two very different issues. Edge systems are isolated, and if there is a network disruption the devices need to know how to protect themselves on an individual basis.
At Litmus we’ve seen three risky undertakings from some early IoT adopters. First, they deploy unmanaged edge systems with no control from a central system with no visibility into their deployments or devices. Second, they often think all of the deployed applications are going to be the same, but as machine learning comes into play, the edge devices in the field may go obsolete very quickly so future proofing is an important consideration. Third, they think edge systems will replace legacy systems, when in reality they should sit next to the legacy systems. Legacy systems and edge systems hold different mission-critical assets, and both are needed.
Businesses need to know what those edge devices are doing on their networks, where they are in the field, and thus they need the ability to utilize user management access controls and network management remotely.
Setting up an IoT project with visibility to all assets in the field
In order to set up an IoT project with visibility to all assets in the field, both legacy and edge computing devices, first identify the factory floor network layout on the industrial network. It is important to truly understand how assets are looking across the networks. Are they going to change in the future? They might be low cost and low bandwidth, so do you plan to improve that? Do new networks have IoT and edge applications under consideration? The networks must be isolated, but the assets must have visibility and availability on your IT networks with security in place.
Next, make sure all of the devices are in place with a complete edge computing lifecycle. Start with bootstrapping, to data/device/application management, to updates – all pieces should be covered as part of the agent inside of the edge devices. If you are missing one of these pieces, reconsider before deployment and make sure the complete lifecycle is covered.
Securing edge devices
There are a number of ways to make sure edge devices are secure.
First, there needs to be a black box in production so there are no points of entry available. Authentication should always be required to access the devices. A good edge computing platform will have authentication security and proper username/password controls in place.
Second, the edge must be a self-sustaining system if attacks happen, and if the network or Cloud is unavailable. Build a sophisticated architecture that prevents issues and protects itself using circuit breakers and network protections.
Third, when you are exposing and sending data to the Cloud or to the enterprise, the communication must be encrypted and very well authenticated. Even if the data is being kept locally, communications must still be secure so if there is a vulnerability at the network level you are protected.
Fourth, in the event of security issues there must be a proper audit trail available so you can see what happened and what went wrong. Edge computing platforms will keep track of whether or not a login failed 100 times and what was done to protect it. Those platforms can also shut themselves down so no one can login after a few password fails or other security parameters can be set up.
Fifth, the agents on edge devices are the key to IoT security. At the beginning those agents are performing device management and other roles, but as you progress in an IoT project, industrial networks are vulnerable to cybersecurity attacks. The agents need to have sensors to identify if the networks are being compromised or if the devices are compromised. The agent must be self-sufficient in terms of protecting itself so it can close itself to an attack.
Now, let’s look at where edge security is moving. We are using the intelligent edge for machine learning, collecting vast amounts of data and recognizing anomalies. As these systems mature, we can use that data to see anomalies. For instance, you can see if someone has altered the firmware of a robotic system. As edge computing technology advances, machine learning will be able to help us protect these assets in the case of changes or threats to the system.