The widespread application of the Industrial Internet of Things (IIoT) has created multiple security concerns and confusion, according to a report by the SANS Institute.
The report highlighted concerns surrounding what constitutes an endpoint and unrealistic perspectives around protecting systems and data. While more than half of the respondents of the survey carried out by SANS Institute reported that the most vulnerable points of their infrastructure were data, embedded systems, firmware or general endpoints, the results still indicated confusion over the definition of an IIoT endpoint.
Visit Innovation Enterprise's Chief Data Officer Summit in New York, December 12 & 13, 2018.
"The discrepancy in defining IIoT endpoints is the basis for some of the confusion surrounding responsibility for IIoT security," said Doug Wylie, director of the industrials and infrastructure business portfolio at SANS Institute.
"Likely, many practitioners are not adequately identifying and managing the numerous assets that in some way connect to networks and present a danger to their organizations. For this reason, it is important for company IT and OT groups to agree to a common definition to help ensure they adequately identify security risks as they evolve their systems to adapt to new architectural models," Wylie added.
Additionally, 40% of the survey's respondents said that they applied and maintained patches and updates to protect their IIoT devices and systems, and 56% noted that their difficulty in patching represented one of their company's greatest security challenges. Almost 40% said identifying, tracking and managing devices represented another significant security challenge.
The survey also revealed the difference between the OT, IT and management perspectives on IIoT security. Just 64% of OT departments reported to being either "somewhat confident" or "confident" in their ability to secure their IIoT infrastructure, while 83% of IT department respondents and 93% of company leaders felt the same.