Sending shockwaves through the manufacturing sector, the virus infection incident seen in early August at Taiwan Semiconductor Manufacturing Company (TSMC) has fueled great concerns among manufacturers over how to tackle information security (InfoSec) problems when entering the IIoT (industrial Internet of Things) manufacturing environment.
TSMC has indicated that the virus infection incident was mainly caused by human errors seen in the process of software installation at new fab equipment, leading to the spread of the variant virus of WannaCry to part of its fab tools and computer systems.
The incident has indicated that even TSMC, a paragon manufacturer long noted for stringent computer security management, can hardly 100% stall virus infection, not to mention small- to medium-size enterprises usually short of information security resources to counter malware invasions or hacker attacks.
For enterprises operating in the IIoT environment, information security protection is no longer just a job for IT engineers, and it requires concerted efforts from all the departments including production management, information management, marketing, financial and even general affairs. Enterprises must enhance their information management, inject an accurate IIoT InfoSec concept into employees and work out standard operating procedures (SOP) for employees to follow, so as to effectively block InfoSec loopholes and possible threats from any channel.
Gartner has predicted that there will be as many as 20.4 billion IoT devices in use by 2020, with total hardware expenses estimated to hit US$3 trillion. GSMA has also estimated the global production value associated with IIoT applications at manufacturing plants to reach US$3.7 trillion by 2025, with 4.1 billion IIoT networks to be seen in the Greater China region - about one third of the global total.
Heavy global spending on InfoSec protection
With growing IIoT applications, enterprises are investing heavily on IIoT InfoSec protection. Gartner's latest statistics show that annual global spending on InfoSeC products and services is estimated to reach US$114 billion in 2018, up 12.4% from 2017, and to surge 8.7% on year to US$124 billion in 2019.
Nevertheless, many companies already incorporating IIoT applications have not actualized their InfoSec protection strategies, as the discrepancies between the standard protocols for OT (operation technology) and IT (information technology) have made OT-IT integration difficult to achieve.
In the IIoT era, more devices used in offices and factories, as well as personal devices will have their own IP addresses with network connection capability. In the office, for instance, PC, smartphones, network printers, network phones and cameras, and even illumination systems or punch clocks are all possible entry points for hacking attacks
In building IIoT InfoSec protection system, enterprises must manage to achieve perfect connections between manufacturing and information systems, focusing their efforts on four major aspects: conducting a clear check on all the equipment assets; establishing modes of possible security threats; making constant updates to InfoSec systems, modes of security threats and SOPs; and maintaining close contacts with related institutes, such as Critical Intelligence, Infragard, IoTSF, ISAXC, OWASP and SCADAHacker, so as to get the latest InfoSec information and solutions.