F&B and IoT: The Recipe for Cybersecurity Success
Posted by Isaac Haight in Automation
Automation Express 2017 will feature an abundance of IIoT solutions, which includes cybersecurity for your processes. The article below focuses on cybersecurity in the food & beverage industry and the benefits of maintaining a secure, organized and closely monitored system.
F&B and IoT: The Recipe for Cybersecurity Success
Published by: Food Manufacturing
Author: Bindu Sundaresan | Strategic Security Solutions Lead, AT&T
Too many consumers think the Internet of Things (IoT) is all about convenience. Thermostats, refrigerators, washing machines and other household gadgets and appliances provide capabilities designed to make everyday life easier.
Those in food manufacturing and production know IoT advancements play a more essential role. With global population growth and food demands perpetually on the rise, IoT has been valuable for increasing food and beverage production and improving cost efficiencies. Countless devices currently maintain temperatures, alert line workers about malfunctions and even reduce food waste. These benefits will only grow as technology advances.
With all the production benefits and efficiencies IoT can bring, it can also make networks more vulnerable to cybersecurity threats if not deployed safely. Every connected device increases the attack surface by introducing at least one more avenue to access the company network, and therefore, one more connection to help protect. Seasoned cybercriminals are actively seeking ways to find new and unprotected access points to gain access to valuable information and functions within the network.
If security is not top of mind, consequences for food manufacturing can be numerous and significant, and the damage can be far reaching.
What makes food production such an appetizing target for those with malicious intent correlates to the vital role it plays in society. Providing sufficient, safe food for public consumption demands very stringent standards, and rightly so. Even a slight change in a temperature sensor can create a dangerous environment for food production.
These breaches can result in downtime, corrupted products and potentially serious safety issues affecting thousands of consumers. Even the “smallest” breach can devastate a company’s financials and reputation.
In manufacturing specifically, it is a difficult issue. Systems regularly pair connected devices with legacy systems and equipment that were developed without connectivity or security in mind. That is why it is essential to monitor and evaluate each endpoint and device for potential threats and vulnerabilities. According to a survey from our second Cybersecurity Insights Report, “The CEO’s Guide to Securing the Internet of Things,” an alarming 10 percent of respondents cite using their “best guess” as the method through which they track the number of connected devices within their organization.
In order to help secure their information, companies should evaluate devices and their security protocols before connecting them to their systems. If a device is not built with security in mind, it should have security incorporated before it’s connected to any company functions or information. Here are eight requirements you should look for in all devices connected to your network:
Software/firmware update capabilities:Updated firmware helps devices have the most recent security patches and information. Every network connected device should have a means for authorized operators to update the device’s software and firmware (e.g. software overtheair/SOTA and firmwareovertheair/FOTA). The process can be almost completely automated and still provide regular cryptographic checks to safeguard the system from unauthorized download sources.
Simple system reset function:Device management is an essential part of managing the IoT devices within a network. As part of device management, each IoT device must include a way of remotely managing devices. Some of the actions that should be supported by each device are Reboot, Factory reset, Firmware download and Firmware update.
Lack of default passwords:It is no surprise that there are many who would sacrifice security for convenience and efficiency. Default passwords are just that, and are not designed to remain beyond the first use. The best scenario is for the device to not provide the option and require the user to define a unique and reasonably secure password for access from a network interface. Remember, when it comes to passwords, the more complex, the better — even if it takes a little longer to log in.
No ancillary services:A device should only offer the network the same services required to support its core functions. Unnecessary services provide other points of entry and can be even more dangerous if not monitored.
- No backdoors: device should not have hidden or known entry points that can be easily exploited by the device vendor or others. This would require commitment from the organization as it would demand a comprehensive assessment from your IT professionals. This is important because the hackers you are trying to defend against are searching for these vulnerabilities as well.
Post-sale vendor device support:It is not realistic to expect your IT personnel to understand the inner and outer workings of each device. Good vendors will provide online access to operator manuals, access to updates and updated instructions regarding the operation and maintenance of their devices. Support information should include a clear explanation of the product’s support lifecycle.
Established issue reporting process:Vendors should provide contact details or a support forum to which organizations can report any problems with the device or its software. Good vendors mine this information to create patches and update devices based on previously unknown issues.
Basic support labels:Each device should carry a label that helps the authorized operator identify it and find support information.
Aside from the device, the network connection and individual data sets or applications require security as well to help keep a business safe. Then, companies should analyze the overarching patterns in data traffic occurring across their network to better detect unusual or potentially threatening behavior.