Even before the coronavirus outbreak compelled federal workers to shift to remote and telework the question of whether there’s an acceptable balance between connection and security was top of mind for federal CISOs. With the majority of critical systems that allow agencies to meet the mission being part of the Internet of Things (IoT), there’s been a healthy debate about how to be connected while maintaining the high level of security demanded by the federal government.
While the government is unique in both its risk profile and the size of its attack surface, there are useful lessons to be learned from industry, particularly from the manufacturers of the equipment that forms the backbone of these highly interconnected tech ecosystem.
So, when we saw an article on Modern Equipment Manufacturer that addressed this topic, we knew it was something we wanted to share with our readers. Not only does it bring a unique perspective to the conversation, but it also comes with a complimentary eBook that provides even more guidance and thought-provoking insight. You can read the article below and download the eBook at the end of the article. Or, if you’re short on time, just click the button below to download the eBook.
Over the past year, the Modern Equipment Manufacturer has sat down with representatives from a number of different equipment manufacturers. We’ve interviewed companies in the fire protection industry, lighting companies, companies that make products for the treatment of wastewater, and companies that are revolutionizing the HVAC marketplace.
And one of the universal themes that we’ve heard from every single one of them is that today’s commercial and industrial equipment and devices are no longer independent, disconnected boxes. No, today’s equipment and devices are smarter. They’re more connected. They’re designed to be a part of a larger system. And they’re increasingly being managed from single panes of glass – even panes of glass that are accessed and operated remotely.
Today’s equipment manufacturers are building their devices to work with building management solutions. They’re also building them to connect to the cloud. This means that this new generation of commercial and industrial devices are part of the Internet of Things (IoT) – or the Industrial Internet of Things (IIoT) if you want to be more specific.
Unfortunately, according to a new eBook by the Modern Equipment Manufacturer and Sierra Monitor, while the benefits of these smarter, more connected devices are almost limitless, they also create a new challenge for manufacturers. While unconnected devices were inaccessible to hackers, cloud-connected devices are inherently vulnerable to cyberattacks. In fact, some experts estimate that a new IoT device is attacked within five minutes of being powered up for the first time.
However, despite the threat, many device manufacturers are unprepared for – and not focusing on – making these devices more secure.
As NETSCOUT, a leader in application and network performance and cybersecurity solutions, claimed in their recently released 2020 Global Threat Report, “IoT device manufacturers are focused on go-to-market strategies, not security. As a result, devices are being delivered with poor to non-existent security, for which patches are rarely made available.”
And that’s a problem for equipment owners and facility managers because the trend is that an increasing percentage of their devices are going to become cloud-enabled and connected in the not-too-distant future. This means that each new device that they purchase and install can create a new cyber vulnerability for them. And that naturally raises a lot of questions:
- Why are commercial and industrial devices even a target? What kind of threats are they facing and who is perpetrating them?
- Why are these devices so insecure and why aren’t manufacturers working to lock them down?
- What simple steps can manufacturers take to make these devices more secure for their customers?
The eBook, entitled, “Cybersecurity and the IIoT – how equipment manufacturers can protect device data in an increasingly insecure cyber landscape,” hopes to answer some of those questions.
In the eBook, we take an in-depth look at the cyber risks and cybersecurity challenges that these more connected devices create for the equipment manufacturers and their customers. We explore why these devices are so attractive to malicious actors, illustrate why equipment manufacturers are often unprepared to respond to this threat and share how new technologies – including secure gateways – can help bake security into these devices before they even leave the factory.