Industrial Internet of Things (IIOT) is increasingly being adopted by the manufacturing sector in response to increasing demand for customisation, customer expectations and the global supply chain.

IIOT allows cost reduction, shorter time-to-market, mass customization and improved safety.

• CGI’s study reports that 62% of surveyed manufacturing enterprises are already executing digital transformation pilots and programs.
• Bsquare annual IIoT maturity survey reports that 86% of manufacturers have already adopted IIoT solutions, and 84% of them find IIoT extremely effective.

So, IIOT is helping the manufacturing sector in a myriad of ways, but there are also associated risks with IIOT which firms quick to implement a solution might not be aware of.

• Incorrect installation allowing security holes. This could be a simple as not changing the default passwords or removing unnecessary user accounts that came pre-loaded.
• Legacy systems still in place. Replacing an old system with IIOT might makes sense, and even running the two alongside each other for a short while might be useful but leaving a legacy system might open an organisation up to additional security risk if the legacy system is no longer being monitored or is not being patched.
• Larger attack surface. This means attackers have more systems that they can try and find vulnerabilities within. Considering some IIOT still have weak or no cryptography or authentication and might be using software which is vulnerable to exploits, carrying out research into the security of IIOT is critical.

What can the sector do?

Do the fundamentals well:

• Change all default passwords, enable 2FA wherever possible, have strong access controls, so access is only given on a ned to use basis and this includes programme as well as people
• Consider regular vulnerability assessments to ensure that there are no obvious vulnerabilities that an attack could use. This is key if your “real estate” changes regularly
• Get Cyber Essentials accreditation so you can demonstrate to your employees and supply chain that you are taking cyber resilience seriously

Carry out your research

• What does the IIOT supplier do to maintain their own cyber security and that of their product? Share the National Cyber Security Centre’s device security principles for manufacturers and see which security mitigations they are including in their product
• Do they use 2FA, encryption, secure code repositories?
• Do they have default passwords that can’t be changed?

Whether you use IIOT or not, the ECRC is here to help.

The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex, and Kent).

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

We recommend that all businesses in the Eastern region consider joining the centre as a free core member. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Policing led - business focussed.