Most companies do not have a clear strategy for how they are applying IoT, Mark Weatherford, former Deputy Under Secretary for Cybersecurity at the Department of Homeland Security, said at an exclusive roundtable Smart Manufacturing convened recently in Chicago.
That is a big problem.
“The things that we’re building today are completely different than the things we’re going to build 12 months from now,” he said. “The innovation cycle around IoT is dramatic, it’s revolutionary. Those of us who are on the security side of things are trying to plug fingers in all of these holes.”
In general, cyber defense “is an infant,” said Ken Modeste, director of connected technologies at UL. “It’s going to grow up. You will see significant changes over the next few years.”
Taking that maturity to the next level requires progress in three key areas, Modeste and other participants in the private roundtable said:
The three core cybersecurity areas are interrelated: malware buried in the software supply chain could allow an advanced hacker to exploit weaknesses in IoT devices, potentially affecting safety at a plant.
Manufacturing executives need to consider those possibilities in concert and not in isolation, the experts said.
If cybersecurity is still an infant in the manufacturing industry, what will cause it to grow up?
For some organizations, standards won’t be enough.
“Somebody told me something a long time ago in this business and that is companies don’t buy security, they buy compliance,” Weatherford said.
For publicly traded firms where the buck stops with the shareholders, showing return on cybersecurity investments is still key, the experts said.
While no respected executive would demand to see a return on investment before prioritizing safety, they still do so when it comes to cybersecurity issues that can affect safety, the experts added.
One way cyber defense may gain greater steam in the industry is if it can be shown to be a source of competitive advantage the way that quality products are, Amanda Quick of MxD said.