Just as the number of connected consumer “things” is increasing, so too are industrial “things” such as pumps, valves and remote terminal units. They get integrated into standard technology platforms, and connected to the Internet in pursuit of tantalizing operational efficiencies such as predictive maintenance and smart metering.
This means that the operational technology (OT) in our manufacturing plants, power grids and water treatment facilities become vulnerable to threats faced by all other networked technologies, increasing the surface area of risk available to threats from bad actors. The delivery mechanisms for critical services become potential targets, from energy production, transmission and distribution to assembly lines and robotics.
IoT security gets help from ML and AI
Many security technology overlaps exist between IoT and IT, however, IoT security involves monitoring physical devices, connections, authentication and data transfers at far greater volume than is common in IT today. Considering the scale of IoT, trying to secure its data and devices is essentially a challenge beyond human capabilities, both physical and economic. For example, even if you had the number of skilled resources it would take to analyze the data produced by IoT devices, would the cost of those resources overshadow any benefits derived from the initial IoT investment? Enter machine learning and artificial intelligence, that scale beyond those physical and fiscal boundaries.
Cognitive computers work best when they have large amounts of data to train on. IoT provides an extremely large population from which to draw measurements. In a system designed and trained to look for the smallest inconsistencies among millions of transactions, a hacker’s behavior and actions could stand out like the sore thumb. By training intelligent systems on data at IoT scale, future deviations from normal are easier to see. This also adds new tools to your IoT cyber arsenal – algorithms and data science. If you take a closer look at the cybersecurity market, all the major players have added machine learning and data science to their offerings.
IT security tools for IoT?
Using cognitive computing can add another layer of defense, by feeding its outputs into security information and event management (SIEM). Key to IT security for many years now, SIEM can span entire environments and provide tools for detecting and remediating security incidents. It will remain key to IT, IoT and OT security going forward because as the number of connected things increases, so too will the need to quickly and intelligently sift through all of the information they produce.
Running SIEM on high-performance computers, like the BullSequana HPCs, employs sheer computational power via usage of high-density CPUs, GPUs and memory to detect the unusual and unwanted activity among an increasing amount of noise. As anomalies are detected, this data can be pushed as security updates to gateways and endpoints, worldwide and in near-real time. In reverse, connected things can push their data to the cloud/data center to be analyzed by intelligent back-end servers enabling you to build a composite view of your entire surface area.
The risks are real when it comes to securing IoT. Breaking it down and applying IT principles and tools where they make sense can make IoT security more manageable and scalable.