New report says current cybersecurity is inadequate to protect IIoT systems
Lloyd’s Register Foundation report says current security technologies can’t handle existing or emerging threats.
The Lloyd’s Register Foundation, a UK charity dedicated to research and education in science and engineering, has released a report detailing the impending threat posed by cyberattacks to critical infrastructure. Titled the Foresight review of cyber security for the Industrial Internet of Things, the report specifically focuses on the inherent risks for Industrial IoT (IIoT) by identifying the technology’s key risks and gaps in operational cybersecurity. In addition, the Foresight report calls on IIoT community to urgently adopt guiding principles to increase resilience to cyberattacks.
“Over the last few years, we have seen a rise in deliberate attacks aimed at critical infrastructures across the globe,” said report co-author and BlueVoyant Executive Chairman International, Robert Hannigan. “As adoption of IoT in the industrial sector continues to grow, clear action and guidance is needed. Our report frames the context of IIoT, the imminent problems facing key infrastructure as they increasingly rely on connected systems and possible solutions to safeguard against cyber incidents.”
According to its authors, the report’s core finding is that the emergence of new security threats to IIoT environments will outpace the current rate of change. In addition, the report argues that cybersecurity capabilities either do not scale, have not been tested or simply don’t exist yet. It also points to the approaching tipping point for recovering from cyberattacks, and the challenges for mindset, regulation and insurance that can build preventative security practices.
In addition to exploring cybersecurity challenges, the report also offers actionable findings, including:
- Always consider harm consequences when planning how to manage risks
- Consider how security controls may fail as you increase use of IoT devices
- Use techniques that can provide continuous, near real-time assessment as opposed to periodic assessments
- Consider how your supply-chains are using IoT: consider their failure to maintain cyber security as risk to your security risk management plans
- Invest in forensic readiness processes
- Include a consideration of future scenarios in your risk assessments
- Invest in training for staff on IoT standards and good practice
- Collaborate to establish a device interface protocol for sharing security monitoring information