Endpoints leave industrial IoT vulnerable... Err, what's an endpoint?
Of over 200 respondents to a new survey, more than half report the most vulnerable aspects of their IIoT infrastructure as data, firmware, embedded systems, or general endpoints.
But at the same time the survey by information security training organization SANS Institute reveals an ongoing debate over what actually constitutes an endpoint.
The report finds that most organizations globally are forecasting between 10 and 25 percent growth in their connected devices. This growth rate will cause the systems connected to IIoT devices to double in size roughly every three to seven years. This will ultimately result in increased network complexity as IT and OT become more connected, demand for bandwidth grows, and the need for personnel skilled in best security practices related to the design, build and operation of IIoT systems increases.
According to Doug Wylie, director of the industrials and infrastructure business portfolio at SANS Institute, "The discrepancy in defining IIoT endpoints is the basis for some of the confusion surrounding responsibility for IIoT security. Many practitioners likely are not adequately identifying and managing the numerous assets that in some way connect to networks -- and present a danger to their organisations. For this reason, it is important for company IT and OT groups to agree to a common definition to help ensure they adequately identify security risks as they evolve their systems to adapt to new architectural models."
Among other findings are that 32 percent of IIoT devices connect directly to the internet, bypassing traditional IT security layers. Almost 40 percent of respondents say identifying, tracking and managing devices represented a significant security challenge.
Just 40 percent report applying and maintaining patches and updates to protect their IIoT devices and systems, and 56 percent say difficulty in patching as one of the greatest security challenges.
The survey also uncovers a wide gap between the perceptions of IIoT security by OT, IT and management, with only 64 percent of OT departments claiming to be confident in their ability to secure IIoT infrastructure, compared to 83 percent of IT departments and 93 percent of business leaders.
The full report is available to download from the SANS website.