Industrial IoT – Security, Deployment, Vendor lock-in, Hybridisation

Author: Mike Watts, Service Operations Manager

Date: 4th June 2020

The whole world of the “Internet of Things” (IoT) has become pervasive, with IoT fast becoming the principle subject of many technology related conversations. With IoT being defined in many ways, the definition in its most general seems to be “Any network capable device or object with interfaces, electronics, sensors or software for the enabling of the exchange of information or communication with other devices”. As you can imagine the scope of this is exponential, from most basic of home uses through to complex industrial control systems. With the ever increasing mass deployment of IoT devices the proposed number to be deployed by 2025 is circa 75 billion.

With this staggering number and the pace of development, where does this leave us from a security and technology front? With new tech spinning up faster than traditional security reviews can accommodate. To my mind, the questions are:

– How good can the development processes be with vastly accelerated timescales?

– How do we ensure our Technology and Network Security in this new world is as secure, if not more secure than it was before?

– If we are moving forward, how do we ensure the Confidentiality, Integrity and Availability of our data assets.

This is especially the case when we are looking at working with ‘Industrial IoT’; choosing whether to implement new systems, integrate with existing or convert legacy to the new world of the IoT.

What has recently driven me to delve into this world has been the requirement to review and improve our environmental monitoring architecture. After re-evaluating our use of current technologies; the amount of different systems and architectures that need to integrate in order to deliver a high quality service is staggering. Some of which are the necessities for operating within an ex-MoD premises; way below ground-level with built in Faraday cages, three plus metre thick concrete walls and interior security modular panel walling systems; suddenly this was going to be more complicated than initially thought.

With a clear understanding of the physical environment constraints and the required outcome; first thing to start with was to identify and review which technology is available off the shelf and meets the remit alongside operational and deployment cost considerations. With buildings like these, deployment methods have got to be a consideration – therefore minimising physical infrastructure and starting with options for wireless IoT technology.

There are a huge variety of sensors and configuration options, but when you get under the covers and start looking into security and compatibility with other products it started to become an issue as each vendor seemed to be doing it differently. In addition, if you want a secure solution, you are quickly looking at vendor lock in. While this is acceptable for some solutions as this makes support and integration standardised; it is difficult to identify a vendor to deliver our needs cost effectively, without single points of failure, and vastly increasing operational overheads. For example, monitoring and battery swap-outs increase our staff workloads. Although powered units are an option, if you are going to run power and power supplier to the units, it also makes sense to run data which defeats the purpose of wireless.

OK, so wireless is out for distribution. Back to the scope – What are we trying to achieve? – Improved methods of environmental monitoring, in a standardised and consistent manner. Reviewing again today against what we have in place, let’s look at options being mindful of systems and processes already in use. Taking these options, then drawing up a pros and cons list for each; you can start to reduce the number of protocols in place as one can deliver the same as another or something else has been superseded. We start to see clear leaders in terms of choices for our technology requirements.

We had now got the scope for our Field Bus Protocol for collation of data and presentation management protocol. These two protocols would allow us to build an Environmental Monitoring Network with the use of standards and unification as clear objectives. These allow us to build a Hybrid Environmental Monitoring Network utilising tried and trusted industrial protocols that have clear and known methods to protect the Confidentiality, Integrity and Availability (CIA) of our systems, but with a new integration layer that allows for all of these ‘IoT’ systems to be deployed in a consistent manner whilst minimising effort and custom configuration.  

For our use case, it transpired that full ‘IoT’ deployment wasn’t the best route; but rather an integrated hybrid approach allowed us to have the dynamic functionality of an IoT solution, whilst minimising the risk and ensuring the CIA for our infrastructure.