We live in an increasingly interconnected world, where we humans not only talk to other humans but also with electronic devices. Simultaneously, these very devices are able to communicate with each other. This scenario leads us to reflect on one of the aspects that is becoming increasingly important in our society, namely that of security or cybersecurity.
According to Gartner’s forecast, by the end of 2020 about 20.4 billion devices will be connected to the Internet in what has now become a reality that is on everyone’s lips: the internet of things (IoT).
As we have come to understand, the IoT is not simply a connection between a smart TV and a laptop, but much more. This network, with deep, far-reaching roots, not only massively impacts the consumer world, but also the industrial world. Just think of the interconnection between household appliances, photocopiers, coffee machines, metal bending machinery, blast furnaces: everything is connected. Each of these machines or appliances is potentially capable of communicating with others.
The use of IoT devices is significantly improving the quality of business operations and/or the ability to intervene in, maintain and manage industrial plants – or workplaces in general. For example, we think of smart thermostats that can regulate the temperature of a room autonomously on the basis of how many people are in it, or voice assistants like Alexa and Google and how they’ve become a sort of “butler” at everyone’s beck and call. Or even systems capable of autonomously regulating the traffic in a city, helping to reduce pollution.
Since the spread of the Internet, most of us have experienced the severity of a cyberattack: a virus that damages our PC, photos stolen from our cell phones and so on. We understand well, then, how these IoT devices – regulating and controlling vital aspects of our daily lives or productive capacity – may in turn be as vulnerable to cyber attacks as our antivirus-equipped Pcs (if not more so).
Let’s try to imagine what could happen if a cyber criminal took control of the automatic system that regulates a city’s traffic, or if he altered the operation of a metal melting furnace. Or even locked all the smart locks in an office, trapping people inside. Any connected IoT device, if not adequately protected, can be an open invitation to cyber criminals who can steal data or cause harm to people or things.
This does not mean, of course, that the IoT should be rejected or shelved, but simply that the approach to the design of this type of equipment must be done with a security-by-design perspective.
The term ‘security-by-design’ indicates that, in addition to functional requirements, the design and development of hardware and software must also take security into account. In recent decades, scientific and industrial research has made significant progress in this direction, creating and making available multiple tools that can be applied from the design phase, through testing, right up to the deployment and management of equipment in the field.
Here at Meteca, we are investing in training to understand these issues that we believe are of vital importance to our products and customers. In order to better understand how security should be developed in the industrial sector, we recently participated in a training course on the ISA/IEC 62443 Standard applied to IACS components held by Security Pattern Srl, a company based in Brescia, whose aim is to help the creators of connected smart devices to design, implement and use their systems with a sustainable level of security.
Obviously we will continue training and development in these areas, to ensure that our products are as safe by-design as possible..To find out more about Meteca and our products, don’t hesitate to contact us.