Edge computing can greatly improve the efficiency of gathering, processing and analyzing data gathered by arrays of IoT devices, but it’s also an essential place to inject security between these inherently vulnerable devices and the rest of the corporate network.
First designed for the industrial IoT (IIoT), edge computing refers places placing an edge router or gateway locally with a group of IIoT endpoints, such as an arrangement of connected valves, actuators and other equipment on a factory floor.
Because the lifespan of industrial equipment is frequently measured in decades, the connectivity features of those endpoints either date back to their first installation or they’ve been grafted on after the fact. In either case, the ability of those endpoints to secure themselves is seriously limited, since they’re probably not particularly powerful computing devices. Encryption is hard to cram into a system-on-a-chip designed to open and close a valve and relay status back to a central control pane.
IIoT can be a security blind spot
As a result, IIoT is a rich new target opportunity for malicious hackers, thanks in large part to the difficulty of organizing and gaining visibility into what’s happening on an IIoT, according to Eddie Habibi, CEO of PAS Global, an industrial cybersecurity company who has been working in the industrial control and automation for about 15 years.
A lot of connected IIoT devices have known, exploitable vulnerabilities, but operators might not have the ability to know for certain what systems they have on their networks. “The hardest thing about these older systems that have been connected over the past 25 years is that you can’t easily do discovery on them,” he said. Operators don’t know all the devices they have, so they don’t know what vulnerabilities to patch.
It’ll be decades, Habibi said, before many IIoT users – whose core devices can date back to the 1980s and even the 1970s – update this important hardware.
Edge networks provide security
That’s where the edge comes in, say the experts. Placing a gateway between the industrial endpoints and the rest of a company’s computing resources lets businesses implement current security and visibility technology without ripping and replacing expensive and IIoT machinery.
The edge model also helps IIoT implementations in an operational sense, by providing a lower-latency management option than would otherwise be possible if those IIoT endpoints were calling back to a cloud or a data center for instructions and to process data.
Most of the technical tools used to secure an IoT network in an edge configuration are similar to those in use on IT networks – encryption, network segmentation, and the like. Edge networking creates a space to locate security technologies that limited-capacity endpoints can’t handle on their own.
Mike Mackey is CTO and vice president of engineering at Atonomi, makers of a blockchain-based identity and reputation-tracking framework for IIoT security. He said edge computing adds an important layer of trust between a company’s backend and its potentially vulnerable IIoT devices.
“[N]ow you’re adding network translation to the end-to-end communication between that IoT device and whatever it’s ultimately communicating with, which, today, is typically the cloud,” he said.
Other experts, like Windmill Enterprise CEO Michael Hathaway, also highlighted that widely used cloud-based backends pose problems of their own. Enterprises are losing control over their security policies and access with every new cloud service they subscribe to, he said.
“Enterprise customers can be very nervous about hooking up an automation system directly to the Internet – it needs a last layer of intelligence and security,” Hathaway said.
Consequently, some of the most effective IIoT implementations can be those that leave the existing structures and networks in place – hence the popularity of the edge architecture, which works both as a buffer and a link between the IT network and a company’s operational technology.
Russ Dietz, chief product security officer at GE Digital, said that old-yet-irreplaceable technology already on the factory floor plays an enormous role in shaping the IIoT infrastructure laid on top of it.
“Over time, we might migrate to a fully digital world where we blend those two together, but because industrial is going to live in this very long-tail environment, we have to be able to provide separate trust for both of those,” he said. “So we may weight how much we trust sensors in a different category than how much we trust a control system.”
Edge networks must fit unique sets of needs
According to Hathaway, it’s important to recognize that not all edge solutions are created equal, and that different businesses will have different requirements for an edge computing deployment. An automotive manufacturer might need to track a lot of process-oriented data and rate information about productivity, while an oil-production facility is likely to need to track things like pressures and volumes through a vast array of pipelines.
“You can’t possibly have provided a cookie-cutter solution,” said Hathaway, adding that, while the tools and approaches used will have commonalities, everyone’s security needs will be different.
The eventual hope for most IIoT deployments is that they provide enough machine-generated data to help businesses make smart decisions for the future, according to Simon Dowling, CTO of industrial automation company ORI.
Protecting the data those machines send back for analysis – whether at the edge layer or back in the cloud or data center – is of paramount importance.
“As we’re moving towards a world where there is – whether it’s industrial IoT or it’s more commercial/consumer-focused IoT – a level of expectation that these devices will provide more meaningful action,” he said.
And if businesses want to stay on top of cybersecurity threats, they have to realize that it’s not simply a matter of pushing out updates and getting the latest and greatest technology up and running on their systems, said Aruba/HPE vice president of strategic partnerships Mike Tennefoss. It’s also understanding the way those updates and additions will tie into the operational technology stack.
“Security is the heart and soul of IT, and what you see happening is that IT systems and processes of cybersecurity are pushing down deeper and deeper into the operational technologist’s realm,” he said.