Publication

Cybersecurity, Encryption & the Internet of Vulnerable Things.

 



The IoT Domino Effect: Vulnerable Things, Vulnerable Networks, Vulnerable Supply Chains

With environments getting “smarter”—smart cars, smart homes, smart cities—society places increasingly more trust in its devices to communicate with one another. This hyperconnectivity brings irresistible advantages to manufacturers and end users, but multiplies the number of access points for cyberattacks.

In the race to harness device-to-device communication, the basis for the Internet of Things (IoT), organizations often adopt new technologies first and adapt cybersecurity on an ad-hoc basis. The result? A patchwork of security systems and processes scattered across an organization’s footprint.

One vulnerability compromises the company’s entire network. For original equipment manufacturers (OEM) belonging to a larger supply chain, that surface area grows, compromising partners and end products too.

Herein lies the crux of IoT technology: While it unlocks new levels of automation, data insight and optimization for manufacturers, it also lets a single cyberattack achieve unprecedented levels of destruction.

Cybersecurity Risks in Smart Manufacturing

For an illustration of the risk domino effect, consider smart cars. Not only do their electronics communicate with the outside world, but these vehicles also rely on interconnected internal systems in constant communication. A software weakness in an infotainment system, for example, becomes a doorway into the vehicle’s other electronic mechanisms—including the transmission, steering, GPS and beyond.

Thanks to consumer products—such as wearable devices, smartphones and cloud-based voice services (e.g. Amazon Alexa)—connected devices have come to the forefront. But they are active in the background too, transforming how industries operate. Combined with advancements in ultra-high-speed, low-latency connectivity, they have reinvented production lines and supply chains, giving birth to Industry 4.0.

In the frenzy to harness Industry 4.0’s competitive advantages (operational insight, automatic decision-making, production line optimization, etc.), some manufacturers have embraced new technologies without properly addressing cybersecurity. In doing so, they not only put themselves at risk, but the entire supply chain and its many collaborators.

A security breach for one automotive OEM, for example, interferes with the production schedules of every partner throughout the supply chain, delaying the completion of the automobile itself—delays for which the OEM can be held financially liable.

Largescale manufacturing hacks have crippled production, halted wages and damaged brands:

  • Clorox: In 2023, a cyberattack led to a first-quarter loss by upending IT systems, forcing them offline and ultimately leading to product outages.

  • Norsk Hydro: A global aluminum manufacturing leader was hit with a cyberattack that encrypted crucial portions of its IT network and affected thousands of servers. The hackers would only hand over the encryption key if the ransom was paid. Norsk Hydro refused, accepting over $70 million in losses and switching to pen and paper for weeks.

Encryption by Design

In a world where safety and security rely on the decision-making of machines, cryptography gives equipment an essential layer of safety. Within large, rapidly innovating companies, it’s common for each team to develop its own encryption policies and practices, leaving cybersecurity gaps and redundancies.

For them, starting with a clean slate and a security-by-design approach is no longer feasible. With various locations and processes for encryption key management, transitioning to a unified system might feel impossible.

As organizations turn to market solutions for help, they need encryption key management systems (KMS) that fortify and unify their existing practices. To do so, KMS providers must integrate with the entity’s legacy systems by offering the following:

Where long supply chains or large footprints are concerned, providers must also guarantee end-to-end encryption to keep data secure throughout the manufacturing process.

Under the surface, devices are constantly at work, transferring data and granting permissions almost instantly, all without human intervention and unbeknownst to users. The right KMS solution ensures that these devices make the right decisions.

While IoT has enjoyed waves of popularity since it was coined 25 years ago, its influence continues to grow. Society will become increasingly more dependent on the discretion of devices, particularly with the rise of smart cities and automated driving. Encryption provides a method of policing device interactions and decision-making without direct human intervention.

Regulators understand the implications of cybersecurity breaches within this interconnected landscape. Increasingly more comprehensive security policies continue to enter into force, encouraging organizations to prioritize cybersecurity and leverage cryptography.

In the future, we expect to see manufacturers’ encryption key management strategies move from the periphery and intertwine with the core business. The safety of entire production lines and supply chains rely on the encryption key management of each partner.

Complex deployment needs? Unsure where to start? Talk to one of our KMS experts.


Publications

White Paper 2024

Ask to get it

Publications

Cybersecurity, Encryption & the Internet of Vulnerable Things

Read it

Publications

KMS as a Path to Compliance for OEMs

Read it

Publications

Embracing New Technology Without Sacrificing Security

Read it

Publications

A 360° Approach to KMS

Read it

Keys&More
by Incert

About us

More about
Incert