The stakes are high when it comes to defending industrial systems that use IoT technology. How do organizations prepare to protect these interconnected environments? Credit: iStock The Industrial Internet of Things (IIoT) is a segment of IoT that demands the attention of security officers and CIOs – and with good reason. The consequences associated with cyber-attacks on water supplies and power facilities could be dire.Inside every manufacturing plant, aboard every oil rig, and near most any large municipal water facility, thousands of devices control a variety of functions and protect the safety of products and personnel. In recent years, older devices have been updated or supplanted with smarter IoT sensors (increasingly running over wireless networks) that provide more functionality and more intelligence – but that also broaden the threat landscape. Industrial sensors and devices will constitute a substantial portion of the 45 billion IoT devices expected to be in use in 2023, according to Frost and Sullivan.In industrial settings, operational technology (OT) and information technology (IT) are coming together, as IT shops deploy software on top of OT communications to try to improve the efficiency of a plant or facility. This IT/OT convergence means that the potential impact of a security breach can extend well beyond data loss into areas of physical and human risk.For example, a hacker could use a shop floor network to invoke malicious commands, disrupting the behavior of assembly line robots or processes that cause catastrophic safety risks, violate protocols, or result in expensive downtime.A single cyber-attack on an oil and gas plant costs an average of $13 million, according to Frost & Sullivan. In a worse-case scenario, a hack on a city’s water district could change the mix of chemicals being used to purify water. Cyber-criminals could target smart power and water meters, or a city’s network of smart traffic signals.Education comes firstWith so much that can go wrong, plant and other industrial facility operators need to understand these new types of cybersecurity threats and their potential impact on physical operations. The biggest challenge for industrial customers is knowing where to begin with the adoption of cybersecurity. There are many moving parts for the intelligence on the OT side, and downtime is not an option.Part of the education process involves bringing OT and IT teams together to collaborate and build trust with one another in order to find technology and processes to guard against threats.A next step is working with auto-mapping and identification software to learn which devices are most vulnerable on the plant floor, or distributed throughout a water, power, or traffic network. It’s critical to assess industrial controllers such as automation systems, batch control systems, production control servers, printers, OPC (Open Platform Communications) systems, SCADA systems, peripheral devices, cameras, and other sensors. Attacks with Meltdown and Spectre methods have heightened the need to know which controllers are vulnerable.Another critical protection measure is intrusion prevention software that is tuned to operate with the multitude of endpoints found in a manufacturing facility. The software needs to be scalable and it must understand industrial protocols related to such things as human-machine interfaces (HMI) and programmable logic controllers (PLCs). When securing industrial equipment, context is important – meaning that intrusion protection algorithms must understand anomalies such as a temperature drop or an atypical movement of a robotic arm, for example.Solution providers are stepping forward to help IIoT customers with security. AT&T and Cisco, for example, announced plans at Mobile World Congress in February to expand their partnership to develop ways to securely move data from connected devices to secure IoT applications. Their focus is enabling smart city technologies, which affects utilities and other municipal semi-industrial operations most directly associated with IIoT.To learn more about how to protect IIoT environments, visit AT&T IoT security.Matt Hamblen is a multi-media journalist covering mobile, networking and smart city tech. He previously was a senior editor at Computerworld. Related content brandpost Sponsored by AT&T Is Machine Learning Part of Your Security Strategy? Machine learning technology is still an evolving area in security. But it has the potential to be a game changer. By Evan Schuman May 22, 2018 3 mins Data Breach Internet Network Security brandpost Sponsored by AT&T Cloud Security Alerts: Automation Can Fill Gaps in Multi Cloud Approach Security teams can no longer handle the overwhelming number of security alerts. A look at how automation helps bring actionable intelligence amid the noise. By Neal Weinberg May 15, 2018 3 mins Data Breach Internet Network Security brandpost Sponsored by AT&T Securing IoT in Healthcare is Critical IoT devices are exploding, and many are used in healthcare environments. With inherent risks and high stakes, healthcare CISOs need a plan now for securing these devices. By Neil Weinberg May 08, 2018 3 mins Data Breach Internet Network Security brandpost Sponsored by AT&T Can Shadow IT Be Good for Enterprises? Shadow IT was borne out of innovative necessity, often causing security headaches. But there are strategies for controlling it. By Evan Schuman May 01, 2018 3 mins Data Breach Internet Network Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe