Apr 16, 2021

Future-proofing IoT manufacturing through security-by-design

Tom Canning
5 min
Designing manufacturing IoT security from the start will allow organisations to distribute important security updates automatically and remotely
Designing manufacturing IoT security from the start will allow organisations to distribute important security updates automatically and remotely...

The Internet of Things (IoT) is now part of our daily lives, and smart devices are littered throughout most homes and businesses. In the space of a few years, the presence of a smart hub has gone from being a rarity to a necessity. In 2018, YouGov found that 23% of Britain's 66.44 million people had a smart item, whilst a more recent survey found that 47% of US-based Millennials have at least one smart home product within their homes. Behind closed doors, the IoT has really taken off. Take the retail industry, where by 2025, the connected ecosystem will be worth over $35 billion. The manufacturing industry will see even greater disruption, and is projected to grow exponentially, experiencing what’s known as Industry 4.0. 

As Industrial IoT (IIoT) uptake continues to surge, however, businesses are struggling to fight against rising cybersecurity threats. The Honeywell Industrial USB Threat Report revealed that from 2019-2020, the number of threats capable of causing major disruption to operational technology systems more than doubled, from 26% to 59%. The pandemic has led to an increase in attacks, with bad actors looking to take advantage of vulnerabilities and businesses left unable to keep up with existing infrastructure issues. Research from Keeper Security, in collaboration with the Ponemon Institute, found that nearly three in five (57%) of UK manufacturers faced a cyber attack in 2020. The industry cannot continue on this trajectory, with security being treated as nothing more than a mere afterthought. IoT deployments too often act as just one part of a wider cost-saving or productivity-enhancing exercise; Combine this with a lack of systems management or awareness of individual devices, you quickly have a situation where safety and security is no longer a central consideration. 

Enter security-by-design

Moving forward, the industry needs to be more holistic when it comes to integrating smarter systems. After all, smarter does not mean more secure. Individual devices cannot be deployed and then forgotten about, as every single device represents an entry point for cyber villains to attack. Designing security from the start will allow organisations to distribute important security updates automatically, remotely and from a position of governance and control.

Building with a security-by-design mindset starts with choosing a robust operating system (OS). Open source remains the OS of choice, with Linux renowned for its stability and security, while offering freedom to developers and software engineers to manage it and prepare for future market demands. It can also allow engineers to stay flexible and to keep on top of the evolving risk. Software maintenance is key, not just to avoid missing out on market opportunities related to devices, but to extend the lifetimes of hardware on the factory floor. 

Shedding away the traditional hardware centric mindset, manufacturers must look to protect and future-proof individual deployments, seeking out mechanisms that can address updates and prepare for vulnerabilities. In the past, once a device was deployed into the field - for example, to help monitor performance and boost efficiency on a factory floor - there were minimal mechanisms to quickly deploy any new feature updates or address any newly discovered weaknesses. 

In the event of an attack, the response should not create downtime for production lines. Instead, manufacturers should aim to maintain the factory floor in an operational state as they deploy a stream of software updates. In the case of being prepared for software failure, it is no longer a reality that you can develop software once and expect it to be secure and bug-free forever. Software will fail, so it’s about safeguarding when it does, to avoid substantial costs.

Guarding against software failure 

Rollback features can help guard against software failure by giving hardware components, such as security cameras and other connected machinery on the factory floor, an added layer of reliability. Manufacturers can look to leverage the power of containerised software, like snaps, that enable developers to easily push software updates automatically and roll back in the event of failure. Snaps effectively supports both the OS and associated IoT software applications in a secure and modular packaging format. If a security vulnerability is discovered in the code used by an application, the application publisher is notified so the snap can be rebuilt quickly with the supplied fix and pushed out in a controlled and managed fashion. It greatly reduces the likelihood of an improper update breaking a device or degrading the user experience. Looking at smart manufacturing, rolling out a security patch seamlessly without disrupting the production line can lead to significant benefits like efficiency and reduced downtime. 

Putting trust back in technology

On many factory floors, the onus is still on the end user to protect individual IoT devices. This is not sustainable, nor remotely efficient. Businesses need to take a long, hard look at where the burden of security lies, and seriously consider putting trust in IoT applications to support and manage networks. That way, managers can be confident that they’re future proofing through technology, which can automatically remediate any security issues, absolving customer responsibility. 

It’s no longer a case of one size fits all in the smart era of Industry 4.0. Device hardware is not static and manufacturers must recognise that the future does not lie in this form of vulnerable hardware, but instead software-defined capabilities. As attacks continue to accelerate, more action is needed in order to protect and future-proof the manufacturing industry. It will take investment and a real commitment to change how the industry thinks about security related to smart infrastructure. The billions of existing IoT devices were not deployed overnight, and the security problems they inherent will not be fixed overnight either. 

By Tom Canning, Vice President of Global Sales IoT and Devices, Canonical

Share article

Jun 15, 2021

IT Employees Predict 90% Increase in Cloud Security Spending

Elise Leise
3 min
Companies that took the initiative on cloud platforms are trying to cope with the security risks, according to Devo Technology’s report

As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio

But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in. 


Why Are Cloud Platforms Taking Over? 

According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings. 

Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix. 

Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help: 


What are the Security Issues? 

Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats. 

The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats. 

How Will Companies React? 

They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes. 

After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’. 

The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’. 

Share article