Industrial automation was founded on centralized supervision and management of industrial processes, field devices, and networks. Software-defined technologies and ubiquitous connectivity are quickly transforming that centralized model. Consider the case of time-sensitive network (or TSN, discussed in Chapter 7, Secure Processes and Governance), where endpoints collaboratively determine their necessary configurations, to synchronize in time. This autonomy addresses the complexity and inefficiencies associated with manual setup, teardown, and so on. An autonomous vehicle is essentially a robot (an AI specimen) on-the-wheels that dynamically learns, decides, and maneuvers without any central supervision.

The industrial internet is ushering in a new era of autonomous operations and decentralized control.

Meaningful evolution and the sustenance of an autonomous world depends on many foundational principles. Security is a prime one among them. As already elaborated...

To ensure the reliability of a hyperconnected and decentralized autonomous ecosystem, adequate security controls must be ingrained in every endpoint. Security must extend across the architecture, from the edge to the cloud. This requires arduous orchestration across various industry stakeholders. Certain industrial protocols have been updated to secure identities using digital certificates or crypto keys. Security vendors are working on tamper-proofing, hardware RoT, digital identity, key management, and so on. However, we may have to tread a long path before these proliferate across industrial deployments to a reasonable degree.

In Chapter 7, Secure Processes and Governance, we discussed how each phase of the product development life cycle needs to adhere to security and safety controls. The responsibility involves multifunctional stakeholders. System developers, integrators, OEMs, and architects all have a role in creating security built into device and network endpoints...

A practical scheme to standardize and regulate IIoT security practices is in need of much attention. Today, there exists an enormous body of safety and security standards for industrial systems. Many of these standards are vertical-specific, and, even within one industry, there are multiple overlapping standards. Secure coding, for example, has standards from MISRA to DISA, CWE, CERT, and more. Efforts to comply with an overlapping set of standards can be suboptimal. Besides, security standards and regulations often emerge with new technologies, such as machine learning, cloud security, and so on.

As the horizon of our autonomous future gets demystified, standard bodies must leverage the increasing visibility to define comprehensive, overarching security governance standards for the industrial internet. While defining such standards, sufficient care should be exercised to optimize them. Industrial IoT innovations are happening at a rapid pace.

Security...

Industrial IoT deployments typically involve several vendors. In Chapter 9, Real-World Case Studies in IIoT Security, the challenges associated with vendor complexity in the case of an automated offshore drilling IACS were discussed. For an industrial user of IIoT, it is a daunting task to coordinate the security postures of the solutions. In addition, there are complexities related to installation, confirmation, and device management that further increase the chances of human errors and insider threats. An overarching collaborative model for pre-deployment security testing of multi-vendor solutions, to coherently define, enforce, and monitor security policies, can minimize risks.

The IIC has an interesting platform for collaboration among IoT vendors, through their testbed program. At the time of this writing, there are nearly thirty testbeds, where any new IIoT technology, service, or product is incubated and rigorously tested to verify its utility before being...

Industrial technologies have evolved along each industry vertical over the years. For example, the energy sector is guided by a specific set of standards and regulations, which may be divergent from manufacturing. These verticals were never designed to interoperate. The industrial internet is driving a massive convergence of these industry verticals, to materialize new IIoT use cases, such as the smart city. IIoT interoperability anchors on security and scalability. We are still at too early a stage to define the necessary mechanics of interoperability, such as protocol gateways and reference architectures.

In Chapter 5, Securing Connectivity and Communications, we discussed the IIC Industrial Internet Connectivity Framework (IIC-IICF), published by the IIC. This framework document provides an important foundation and guidance for building interoperable systems and architectures.

In the power industry, the OpenFMB project is making significant progress in defining nonproprietary...

The lifespan of high-value industrial systems is measured in decades. As the industrial internet penetrates into OT environments, the legacy systems may continue to coexist for the foreseeable future. These legacy systems, though connected using gateways, were never built for ubiquitous connectivity, and are thus weak links in the security chain. Any IIoT use case involving brownfield deployments should take special considerations with respect to these legacy systems, and plan for event and activity monitoring, secure updates, and so on, at a minimum.

Greenfields with state of the art IIoT devices and equipment are evolving from being simple patches, becoming more pervasive. As the number of new, modern devices increases, industrial deployments may hit an inflection point in this migration path. Since these new industrial OT systems are also high-value and are meant to last for many years, new device manufacturers should cautiously build these with hardware-based...

In Chapter 8,IIoT Security Using Emerging Technologies, we discussed a few trending technologies, such as blockchain and machine learning, and their promises to secure the industrial internet.

Currently, we are at an early adoption phase of blockchain for IIoT security applications. The decentralized decision-making model of blockchain is relevant to an autonomous ecosystem. Blockchain also provides an immutable ledger, which can enable tamper- proofing. As a maturing technology, blockchain is yet to address IIoT specific concerns related to computing resources, scalability, data privacy etc. Lot of research and industry consortia efforts, such as the Hyperledger project, may make blockchain a viable IIoT security enabler.

Machine learning based security monitoring and anomaly detection applications are already in the marketplace. ML and robotics are evolving areas, where a lot of research is being directed to develop automated and adaptive security solutions.Cognitive IoT...

Based on my (the author's) discussions with various industrial practitioners, it is evident that industrial business leaders now recognize the vital role of IIoT in defining their organizations' futures. However, the investment risks and complexities associated with IIoT have made them cautious in the adoption journey. Several organizations are performing POCs while actual adoption ramps up.

Top analyst firms expect significant investments in IIoT security in the near future. However, in many industrial sectors, there are still some challenges in sizing up the role of security as an IIoT success factor.

Cybersecurity, managed by enterprise IT teams, is often considered an impediment in the OT environments, especially when there is a service outage due to an IT system crash. An organization's IIoT security strategy needs to drive alignment and integration between the enterprise IT and OT teams. Many traditional enterprises still believe IIoT security myths, such as security by obscurity...