The concept of the Internet-of-Things (or IoT for short) has gained substantial momentum in the recent past, and the world has been populated with interconnected smart objects [1] that form the basis of new applications, such as smart homes, smart buildings, smart cities, and alike, all promising services that make our everyday life easier [2] and safer [3]. These smart objects are embedded computing devices, equipped with sensors (and sometimes with actuators), as well as various communication interfaces, and their smartness stems from combining sensing (and actuating) capabilities with computation and communication. Indeed, they can sense their environment and adapt to it by using computations to make decisions. Moreover, connecting these devices to the Internet makes it possible to extend their local computational capabilities with some cloud-based remote intelligence.

Besides the consumer domain, IoT technologies can quite naturally be used in industrial environments too in order to make factories and other industrial facilities smarter. This trend is referred to as the Industrial IoT [4] (or IIoT) and it is considered to be an important enabler of the Industry 4.0 paradigm [5]. IIoT systems can enhance industrial processes by supporting real-time monitoring and fine-grained data collection that help decision making and the optimization of production processes, as well as the operation and maintenance of industrial equipment. Moreover, such enhancements are useful in essentially all industrial domains, including energy (e.g., electricity, as well as oil and gas) production and distribution, drinking water supply (and the sewage infrastructure), discrete manufacturing, process automation, and all sub-domains of transportation (e.g., road, railway, and maritime).

However, besides being potentially very useful, the introduction of IoT systems into industrial environments also creates risks. In particular, the presence of IoT systems increases the surface through which modern industrial facilities can be attacked by cybercriminals and other threat actors. Consider, for instance, consumer IoT devices and systems, which seem to be notoriously insecure [6]: the media are full of horror stories about millions of vulnerable embedded devices that have already been deployed [7] and that can be potentially compromised and misused. Similar negligence of security in industrial environments would have dire consequences, because successful cyberattacks on industrial facilities could lead to physical damage of expensive equipment and, potentially, to accidents with devastating environmental effects or loss of human life. Hence, the security risk must be properly addressed, since otherwise, the concept of IIoT remains just a dream.

The convergence of Operational Technologies (OT) and Information Technologies (IT) and the resulting interconnectedness of different types of systems that used to be separated in the past have already been exploited by attackers for causing physical damage to equipment and/or disruption of services in the physical world by mounting cyberattacks against industrial facilities. The first eye-opening example was Stuxnet, the “most menacing malware” in history [8], which targeted a nuclear facility in Iran, and caused physical damage to uranium enrichment centrifuges in 2010. This was followed by a cyberattack on a German steel mill [9] in 2014, causing control components to fail and resulting in an unregulated furnace, which then caused massive physical damage to the plant equipment. We can also mention the 2015 and 2016 cyberattacks on the Ukrainian power grid [10] that resulted in unscheduled power outages impacting a large number of customers for an extended period of time. While these attacks may not be associated with compromising any IIoT systems yet, they show the potential consequences of such a compromise. In fact, integrating IoT technologies, not secured sufficiently, into industrial facilities could make things worse, as similar impact could be achieved in a potentially easier way by compromising some components of an insecure IIoT system. As, nowadays, we heavily rely on our industrial facilities, we cannot afford making them exploitable via weakly protected IIoT systems.

So what does security mean in the IIoT context? Well, it means pretty much the same thing as security in any computer-based system: guarantees that the system behaves as expected even in the presence of attackers. The traditional security objectives, such as confidentiality of information, integrity of services, and availability of resources are all implied by the above trustworthiness property, simply because we expect information to remain confidential, services to remain operational and intact, and resources to be available in all conceivable situations. However, a key question is: what kind of attackers should we be prepared for? Given that industrial facilities are often part of the critical infrastructure of entire nations (think of energy production and supply, drinking water, and transportation systems), we should assume the strongest attacker models available, i.e., high profile cybercriminal groups and advanced attacker groups sponsored by foreign governments. Thus, we should think well beyond a script kiddy and we should aim for much more than applying simple security best practices to achieve a basic level of security hygiene. This makes the mission challenging!

In addition, the fact that IIoT systems are built from embedded devices provides further challenges, as many of the existing security measures for traditional IT systems do not carry over to embedded systems. The main reason for this is that embedded devices are (potentially heavily) resource constrained and they do not have the processor and memory capacity needed to host and run traditional security tools. For instance, the size of the malware signature database of traditional antivirus products typically exceeds the available storage on small embedded devices, and the computing overhead of host-based intrusion detection systems is typically not affordable on slow (and perhaps battery powered) microcontroller-based platforms.

Even the application of security measures developed for consumer IoT is problematic in IIoT systems, because those security solutions are typically not designed and implemented with real-time constraints and safety requirements in mind, which are essential in the industrial environment. Indeed, safety has usually higher priority than security in industrial systems that have a cyber-physical nature. This means that no matter what happens, the system must satisfy the safety requirements and its physical part must remain controllable by the cyber part. This usually implies that the cyber part must respect certain timing constraints. The consequence is that security requirements must sometimes need to be weakened and strong security guarantees must sometimes need to be sacrificed for the sake of safety. The real challenge, however, is that, while the priority of safety is clear and understandable, one must realize that safety cannot be achieved without strong security! The reason for this is that if the integrity and availability of safety services cannot be ensured in the presence of attackers, then safety requirements may not be satisfied when the system is under attack.

The bottom line is that we must ensure strong security of IIoT systems used in industrial facilities, withstanding attacks of the most capable attackers, while at the same time, the security measures introduced must be highly resource efficient and they must also respect all safety requirements of the overall system; a real security engineering challenge that excites us (and others in the community), and that needs solutions urgently in order to remove the obstacles for introducing IoT technologies in industrial facilities and taking advantage of their tremendous potential.

[1] https://www.techtarget.com/iotagenda/definition/Industrial-Internet-of-Things-IIoT [2] https://www.forbes.com/sites/bernardmarr/2018/09/02/what-is-industry-4-0-heres-a-super-easy-explanation-for-anyone/ [3] https://www.pentestpartners.com/security-blog/why-is-consumer-iot-insecure/ [4] https://www.wired.com/story/namewreck-iot-vulnerabilities-tcpip-millions-devices/ [5] https://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/ [6] https://www.wired.com/2015/01/german-steel-mill-hack-destruction/ [7] https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/ [8] https://iot-analytics.com/number-connected-iot-devices/ [9] https://medium.com/techops-nexus/smart-home-technology-making-life-more-convenient-and-efficient-beed908c6f08 [10] https://www.bbc.com/future/bespoke/specials/connected-world/government.html