Challenges of IoT-Enabled Devices in Operational Technology (OT) Environments

Introduction

The advent of OT is revolutionizing how industries operate with the help of IoT. Devices for IoT, launched by OEMs, have started shipping critical operation data directly to their suppliers’ cloud platforms. This provides for more integration and automation with improved operational efficiency and maintenance, but at the same time poses serious threats to the existing security mechanisms such as that of the Purdue Model.

How IoT Bypasses the Purdue Model

Purdue Enterprise Reference Architecture has been at the very heart of OT network demarcation for the past several decades. It outlines the environment of industrial control systems in a pyramid-style structure with demarcations between operational technology and information technology. However, the following challenges are posed by IoT-enabled devices for this model:

1. Direct Communication with the Cloud: IoT devices directly communicate with the Level 1 (control centers) or Level 2 (managerial centers) and send the data straight to the cloud without passing through the intermediate layers of Purdue, meaning that levels of segmentation are weakened.

2. Cut-off Data Streams: These devices are usually placed and used outside of the regulated OT networks, meaning a great number of data streams are left unmonitored, paving the way for exploitation.

3. Vendor-Specific Configurations: The deep integration of proprietary hardware and software often requires OEMs to provide unsupported communication standards that add a further layer of integration difficulty with existing OT environments.

Challenges Introduced by IoT in OT

IoT devices operating within OT settings disrupt the environment in the following ways:

1. Wider Attack Surface: The incorporation of IoT devices means that even the most protected OT systems can and will face cyberattacks since they are often the weakest link in the trust chain.

2. Limited Camera Visibility: Most organizations are unable to keep track of their IoT devices and therefore monitor and quantify them, creating inefficiencies within their security measures.

3. Weak Encryption: Direct transfer of data without any encryption, or even weakly encrypted data through OEM clouds, breaches security systems.

4. Compliance Violations: The installation of IoT bypasses violates various security mandates such as the NIST CSF and IEC 62443 because there are no standard limits set.

5. Patch Management Difficulties: Lack of robust update mechanisms effectively mean that IoT devices will remain easy targets for existing exploits.

What Can Be Done

Through a robust triad of policies, technologies, and cooperation strategies, organizations can fix these issues:

Improved Micro-Segmentation: Restrict data flows to IoT devices to optimize the use of software-defined networking.

2. Focus on IoT Device Management: Establish asset management and vulnerability scanning applications for ongoing surveillance of IoT devices in a set timeframe.

3. Install Secure Devices: Use IoT security gateways as mediators of communication between OT devices located in factories and clouds to which data is channeled through the IoT gateways.

4. Set Policies within Organizations: In the process of establishing appropriate policies within organizations, put in place and enforce the use of strong encryption protocols.

5. Working with OEMs: Work more closely with OEMs on how device firmware is developed in order to ensure that all security requirements are adhered to and all laws are followed.

Future Strategies

To reduce exposure in the OT space and utilise the advantages that come with lot, users need to take the following steps:

1. Do away with Trust Assumptions: Replace the assumption of implicit trust with zero trust where such a model is never trusted but always verified, more so in loT-enabled communications.

2. Ensure Compliance with Certain Frameworks: Ensure that initiatives to integrate loT within the company targets the sandboxes framed by cybersecurity strategies such as NIST CSF, IEC 62443, MITRE ATT&CK for ICS to mention but a few.

3. Engage in Active Surveillance and Information Gathering: Tap into OT based SOC functionalities enabling active engagement in surveillance presence of lot devices deployed and respond appropriately to questionable unusual activities.

4. Conduct Thorough Training: Conduct thorough training aimed at familiarising personnel with loT deployment, its likely vulnerabilities and correct ways of handling the technology safely.

Summation

The increased reliance of businesses on loT-enabled devices can be considered rewarding, but often needs some other core reworking to happen. Organizations that understand and address the challenges that arise out of loT and embed effective security measures and collaborate with OEMs will optimize their operational technology as well as unlock the loT opportunities wider than before.