Industrial IoT drives efficiency and reduces cost by allowing the real-time monitoring of assets without human intervention. Real-time monitoring increases availability of equipment by alerting operations of situations that need immediate attention. IoT enables optimized maintenance scheduling by collecting data from the assets.
Security is a primary concern for most companies when considering an IoT strategy. There are three main aspects in securing IoT devices; control, data integrity, and obscuring data.
Undoubtedly, the most important aspect of IoT security is to deny malicious actors the ability to make changes to any settings. A purposely incorrect setting can cause downtime, equipment damage or failure, or large liability.
Similarly as important, the data from an IoT device must not be altered. At first glance, this might not seem as critical as securing control operations, but an incorrect reading may cause an operator to take actions with catastrophic results.
For example: An operator may see a low pressure reading on a system and take action to correct it. If the actual pressure is already at or above the desired level, the operator’s action may cause equipment failure.
For safety and competitive reasons, it is desirable to only allow authorized users access to any monitoring data.
As the number and types of deployed devices increase and become more widely distributed, managing them becomes exponentially more difficult. Manually provisioning hundreds or thousands of devices is logistically difficult, prohibitively expensive, and error-prone. Misconfiguration is a leading cause of cybersecurity incidents. Reconfiguring and updating devices in the field is another challenge that must be adequately managed.
Configuring the last-mile connection for many IoT devices, especially if they are widely dispersed, is also a challenge.
Creating a dedicated LAN at a single site might be expensive, but is achievable. Doing the same over multiple locations or for mobile devices would be prohibitive.
For both security and management, the ability to use microsegmentation on the IoT network is advantageous.
In larger installations, the devices in one role do not need the ability to directly communicate with the devices in another role. Using a microsegmentation approach allows fine-grain control of device interconnection.
For example: the equipment on the manufacturing floor should be isolated from the rolling stock.
The Xaptum Edge Network Fabric (ENF) is a fully-routable, IPv6 network overlay that isolates clients from the public Internet and each other through a parallel network this is fully secured. Unlike the public Internet, which was designed for sharing information, the ENF only connects devices and endpoints that are expressly granted permission.
The ENF uses industry-standard, end-to-end encryption. From the outside world, the devices are invisible and cannot be scanned.