Internet of Things
Industry must protect IoT controls Industrial systems are moving into hackers’ focus worldwide and pose enormous risks. With the increasing use of intelligent machines integrated into an entire manufacturing network, the risk of hacker attacks is rising enormously. An IT study reveals that many industrial companies are barely aware of this risk and therefore have not implemented compliance rules for the acquisition and operation of IoT equipment. Just over half of the more than 300 business representatives surveyed said they dispose of compliance rules for IoT security at their companies, while 35% have no rules at all. The figures were obtained by the IT company ONEKEY as part of its “IoT Security Report 2022.” (ONEKEY specializes in IT security.) “Connected manufacturing is as efficient as it is dangerous. Plants have many hardware devices that use their own firmware and are more than ever the focus of hackers,” warned Jan Wendenburg, CEO of ONEKEY.
An IT study reveals that many industrial companies are barely aware of this risk and therefore have not implemented compliance rules for the acquisition and operation of IoT equipment. The majority of companies rely on threat analyses (50%) and contractual requirements for suppliers (42%) to secure IoT in astructures. “This settles the question of liability in case of doubt – but companies do not realize that a determined attack on manufacturing equipment can threaten a company’s existence within a few days,” said Wendenburg. Role model process industry The confidence of the more than 300 business representatives surveyed as part of the study in their own IT security measures shows the uncertainty: only 26% consider their own IoT security to be fully
DESIGN WORLD
Internet.of.Things.7-22_Vs3.LL-MS.indd 37
sufficient, 49% only partially sufficient. Almost 15%, on the other hand, consider their own measures to be insufficient or deficient. Even penetration testing is not fully trusted — only 14% see it as an efficient way to test the security of an in astructure; 68% see it as partially efficient. “The problem needs to be addressed at the root, right during the production of devices, machines and endpoints. The IT industry could take a cue om the process industry — the pharmaceutical industry, for example. There, it is a legal requirement to provide complete traceability and transparency for every component of a product. This should equally be standard in the IT sector to eliminate the risks posed by easily hackable firmware in production equipment and other endpoints. Every piece of unknown so ware on a device or a simple component of a device is a black hole with full risk of being attacked by a hacker or entire groups,” said Wendenburg. This so ware bill of materials, also called “SBOM,” is also supported by 75% of the respondents. Study reinforces demand for proof of origin Meanwhile, the damage can quickly run into the millions: 35% of the IT managers and decision-makers surveyed for the study consider an annual damage of up to 100 million euros to be realistic, another 24% even up to 500 million, and 17% more than 500 million euros. “Since the figures were requested between January and February 2022, a far more dramatic picture can be painted now. Since we know that IT attacks are also part of warfare, we must protect ourselves even better. Especially, since we can expect a further increase in industrial espionage as a result of sanctions. Here, too, weaknesses in firmware can favor the intrusion of hackers and can even make them almost invisible, because classic security measures o en fail when hacked via industrial systems or devices,” explained Wendenburg. DW
ONEKEY | www.onekey.com
www.designworldonline.com
July 2022
37
6/29/22 11:03 AM