• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Internet of Everything   »   How Will Companies Deploy Industrial IoT Security Solutions?

How Will Companies Deploy Industrial IoT Security Solutions?

  • Posted on:July 18, 2019
  • Posted in:Internet of Everything, Internet of Things, Security
  • Posted by:
    William "Bill" Malik (CISA VP Infrastructure Strategies)
0

Industrial IoT (IIoT) devices will comprise the majority of the billions of IoT devices deployed over the next decade. How will the information security market meet this onslaught of technology?

The consumer market is not a useful guide for this analysis. Consumers buy in small quantities and choose to deploy information security tools piecemeal. Few consumers buy smart phone security products, usually after experiencing an incident. The industrial market is more sensitive to risk.

Industrial-scale IoT devices must have low price points. Once an enterprise decides to deploy a fleet of IIoT technology, they seek out the lowest price product that will meet their needs. This puts pressure on manufacturers to keep costs low. IIoT device manufacturers will not spend extra resources designing, installing, testing, and configuring effective security measures voluntarily. Government regulation will change this reluctance, but until forced to do so buyers will have to secure their devices after installation.

What will the IIoT security market look like? Given the low purchase price and vast scale of deployments, there will be a negligible aftermarket for individual IIoT device security software or hardware. The market will focus on aggregation points, concentrators, gateways, and network access devices.

Consider a solar panel farm. The largest solar farm now under construction, the Egyptian Benban solar park near Aswan, will cost about $4 billion, and should come on-line in 2020. Ten times larger than New York City’s Central Park, it will generate 1.8 gigawatts using 5 million panels. Each panel has an inverter and a sensor, and every 16 panels has a PLC (programmable logic controller). This farm will have 10 million edge IIoT devices and 312,500 PLCs.

How would you secure over 10 million IIoT devices? Assume the control systems are centralized. By protecting the external gateway only, you spend the least, but if any problem gets in, the plant could be disabled or destroyed. Segmentation costs more, but reduces the attack surface and impedes the spread of malware.

What is the optimum number of cells? There is no hard and fast rule. The cost of a device increases with its capacity, so having a few large cells would require powerful security appliances. More cells will reduce the impact of a breach, and lessen the load per appliance, allowing a lower price point. With one appliance for every thousand PLCs (covering 16,000 panels, meaning 32,000 IIoT devices) the configuration would need over three hundred appliances, with monitoring and control through an appropriately configured automation and management hub. The appliance cost would be miniscule compared with the total cost of the overall configuration.

The full security configuration would include the engineering and architecture skill to design and site the appliances, the architecture and deployment of the management hubs (dual for high availability), and the training for ongoing operations and maintenance. IIoT security vendors will work through channel partners with expertise in the specific vertical industries they serve.

Project managers for large industrial IoT deployments should work with their IT channel and OT engineering teams to identify the most cost-effective sourcing and deployment options for comprehensive, effective IT/OT security.

What do you think? Let me know, either in the comments below or @WilliamMalikTM.

Related posts:

  1. Securing the Connected Industrial World with Trend Micro
  2. Mobile data security solutions market gaining more attention
  3. Companies must assess the credentials of DLP solutions
  4. Executive urges UK companies to adopt data recovery solutions

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.