To beat hackers, run to – not from – the Industrial Internet of Things

Cybersecurity predictions for 2019

As we have reached 2019, the energy sector – from electric utilities to oil and gas companies to their suppliers – continues to face a growing number of industrial cyberattacks.

I wrote in my 2018 predictions that energy and critical infrastructure organizations would need to take a serious and practical look at industrial security. This year, through efforts like the Charter of Trust, meaningful progress has been made to build the trusted ecosystems and engage in collective action. We are at a critical junction, compelled by the imperative to address digital security and take advantage of digitalization and the Industrial Internet of Things (IIoT) as our physical and digital worlds converge.

So, when it comes to 2019, let us start with the bad news: More mega attacks against critical infrastructure in the energy sector are inevitable, threatening to affect operations, create financial losses, and even put lives at risk. This reality should further the acceptance that the operational technology (OT) cyber threat has become greater than that presented by information technology (IT).

Now, the good news: The threat level will not result in fear, or even worse, paralysis that deters companies from pursuing digitalization. It will instead illuminate an opportunity. The hard reality is that if we want to secure critical infrastructure, organizations should not hide from connectivity and the IIoT. Rather, they should embrace it, fully.

For 2019, I present eight cybersecurity predictions – and I hope the big takeaway is clear: A growing number of organizations will discover that the tools of digitalization – from edge processing to artificial intelligence – will not only create new business value; they’ll define a new use case and ultimately add resiliency, leading to a higher level of security for all of us.

1. Connectivity will become a necessity. Visibility will drive action.

Overwhelming evidence has shown that, in fact, OT cyberattacks are more likely to originate from insider threat – the inadvertent actions taken by an organization’s own employees, not by hostile outside actors. A growing understanding of the negligent insider will lead many to abandon their industrial connectivity fears, in favor of establishing a transparent operating environment that strengthens resiliency. These leaders will agree that visibility is key: you cannot protect what you cannot see. Those who tackle security and IoT at the same time, build security incrementally, and gain the necessary situational awareness from the edge to the sensor will stay ahead of attackers

2. Trust will be the new oil. 

Each new mega cyberattack in the OT environment, with ominous sounding names like WannaCry, Non-Petra, and Triton, has led to an erosion of trust in our digital future. Against this backdrop, leaders will not try to go it alone. Organizations will join trusted ecosystems where a common vision, rules of engagement, and a common language will unlock unprecedented value. Companies will have the means to communicate, transact, and innovate in a safe, reliable community.

3. Artificial intelligence (AI) will become practical for OT.

More and more companies will come to realize the enormous promise of AI. The number of upstarts will thin out but the solutions offered by the OT native leaders will become more targeted. The idea that AI can only be done in the cloud will become obsolete. In the field, edge detection and forensics will become the norm. The competitive advantage will not just come from the right deployment model but also from context that allows operators to go deeper and gain a broader set of operational insights, from the field to the control room to the enterprise network.

4. Cloud adoption, driven by security, will no longer be taboo. 

As edge intelligence gains, cloud will not lose. Cloud, powered by computing power and the highest standards for security, will reap economies of scale. New insights and patterns will be uncovered, nefarious relationships identified, and malware contained. New and nontraditional data will be sent to the cloud, tagged and mixed and analyzed. This is especially true for industrial security, where traditional detection and monitoring techniques have failed. By combining asset, control, and network level data in the cloud, companies will be able to drive new insights and confidently take action.

5. OT cyber labor shortages will continue. 

As new OT native security technologies come on to the market, the need for humans who can operate and service these machines will become more acute. The demand for industrial security engineer, with deep experience in data science, networks, controls, and turbines, will reach peak levels. The most adversely impacted will be small and medium-sized enterprises, for whom running best-in-class industrial cyber programs will become prohibitively expensive. These organizations will increasingly turn to managed service providers for leverage.

6. Built-to-purpose OT security will accelerate. 

The belief that we can protect critical infrastructure by simply lifting and dropping IT solutions into the OT environment will give way to solutions specifically built by, and for, the physical world. The OT security market will become more robust and less dense, with a number of startups fading through acquisition or failure and IT companies finding the space too difficult to penetrate. A wave of innovation will bring integrated offerings instead of point technologies. Portfolio depth, asset and field coverage, with service at the core, will drive customer buying decisions.

7. Security will drive digital retrofits. 

Eventually the legacy installed base must be replaced or retired. For the foreseeable future, our central challenge will be to find ways to secure heterogeneous, proprietary, serial, and analog environments. This will be done in parallel with driving connectivity to the IIoT. Security will no longer be the excuse. Digital security blueprints will emerge to guide adoption. The focus will be on not only securing machines but also data, which must travel across national and physical boundaries. Energy companies will discover that by looking at security through the IIoT lens, new approaches to security, underpinned by defense in depth, will become more pronounced. For these leaders, getting security right will mean becoming digital.

8. Edge intelligence will gain hold in reshaping the attack surface and staying ahead of attacks.  

Energy companies will increasingly recognize that renewables, distributed energy systems such as microgrids and unmanned sub-stations not only increase efficiency in production and operations but also strengthen resiliency and make them less susceptible to successful attacks. The explosion of IIoT field devices to sense, measure, calculate, and operate will lead to a new and unrecognizable attack surface. It will look like a beehive or brain’s neural network. Much like the modern grid, data will be islanded, clustered, and therefore monitored and secured differently. Leaders will learn how to collect and harvest this data for security. Recognition that an open door on unsecured edge device can lead to the fall of the entire network will compel new monitoring schemes.   

A final note: A broader transformation of the energy industry in the era of mega attacks is by no means inevitable. By innovating with purpose and collaborating closely, we can grow in confidence and better spotlight best practices. This will demonstrate the leadership and strategy required to protect not just individual organizations, but really the broader energy industry and global economy. 

This article was originally published on Siemens Stories.