As a majority of industries upgrade to smart systems and processes, industrial cybersecurity will be more proactive policy than a reactive operating model
While traditional manufacturing industries were not designed with security in mind, the proliferation of networks and devices, disparate communication channels, and the use of off-the-shelf software has thrust industrial cybersecurity into the spotlight. Safety and security concerns associated with the high levels of connectivity and integration are surfacing as the concept of the Internet of Things (IoT) takes shape in the industrial networks and manufacturing plant floors. The alarming frequency of sophisticated and targeted advanced persistent threats has given further weight to the safety argument across both process and discrete industries.
As the IoT concept transforms plant architecture, defence-by-default security strategies is expected to give way to defence-by-design solutions. As a majority of industries upgrade to smart systems and processes, industrial cybersecurity will soon make the inevitable shift from a reactive operating model to a proactive design philosophy. In-built security solutions that can sense, adapt, modify and respond to threats based on various ecosystem parameters are likely to gain traction.
Creating industry- and application-specific solutions will also be crucial as information technology (IT) solutions continue to stream into the operational technology (OT) space. Solution providers in the IT and the OT ecosystems must join hands to deploy end-to-end cybersecurity solutions for industrial systems. "Partnerships among government, industry and research institutes will be vital in forming robust, industry-based standards that will speed up the development of comprehensive security management solutions," says Frost & Sullivan Industrial Automation and Process Control Senior Research Analyst Sonia Francisco.
Keeping Hackers Out of Connected Cars
Historically, vehicles had been closed systems; there was no need for a detailed security model. However, with the evolution of technology, vehicles are now communicating with other vehicles and outside infrastructure. In 2014, over 50 percent of the vehicles sold in the United States were connected. However, the number of ways cars can be hacked has grown quickly, as automakers roll out new vehicles more screens and navigation, entertainment and communications systems in response to consumer demand. In July, well-known hackers Charlie Miller and Chris Valasek demonstated how certain functions of a 2014 Jeep Cherokee could be remotely controlled while it was being driven. The hackers exploited a vulnerability in the vehicle's infotainment system which connects to the Internet via a mobile data connection. The demonstration compelled the automaker to issue a software fix for 1.4 million vehicles.
Growing concern about the lack of security in vehicles has compelled two US senators to propose the Security and Privacy in Your Car Act (SPY Car Act), The act aims to direct both the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to set industrywide benchmarks to protect driver safety and privacy. The legislative action focuses on hack mitigation and data privacy standards, and will ultimately require a "cyber dashboard" rating system for vehicle security and privacy protection. However, with no current method of identifying whether a car has been hacked, OEMs face a two-fold challenge: securing future vehicles and retrofitting security for existing fleets.
Frost & Sullivan believes the inevitable malicious attempts will target a vehicle that is already on the road. With the potential for fatalities a reality, auto OEMs will now need to focus on this issue. "Automakers must collaborate with the security community, become educated, and implement a holistic approach," says Frost & Sullivan Automotive & Transportation Industry Analyst Doug Gilman. In the interim, the Alliance of Automobile Manufacturers (AAM)—an alliance of twelve automakers including Ford, General Motors and Mercedes-Benz—has announced that it is creating an information sharing and analysis center (ISAC). The Auto ISAC will serve as a central hub for intelligence and analysis, and enable timely sharing of cyber threat information and potential vulnerabilities in motor vehicle electronics or associated in–vehicle networks. Automakers from around the world will receive the threat information distributed by the Auto ISAC.
The ISAC will eventually expand to include auto component suppliers and strategic partners like telecom