Why the IIoT is So Vulnerable to Cyberattacks

BOULDER CREEK, Calif. — We are seeing a number of attacks both on industrial control systems (ICS) and on the operational technology (OT) side of the industrial IoT (IIoT) with increasing frequency.

Why is the IIoT so vulnerable to cyberattacks?

We talked to ICS and OT specialists at major cybersecurity solutions providers, as well as key industry analysts, to suss out the answers.

The consensus was a list of several elements that have combined to create a perfect storm over the last few years:

• a big increase in the number of sensors and devices being connected to each organization’s IIoT, forming a huge potential attack surface
• decades-old OT equipment and control systems never designed for exposure to the internet and, therefore, not designed for security
• a patchwork of OT and control systems from multiple vendors running proprietary and non-updatable software, including human-machine-interface (HMI) computers with access to remote terminal units (RTUs), SCADAmaster (supervisory control computers), and programmable logic controllers (PLCs)
• poor or absent cybersecurity practices and technology, including a lack of either designed for the very different ICS/OT environment, not the IT environment
• lack of budgets, or insufficient budgets, for implementing cybersecurity awareness, monitoring, and prevention technology
• a steep escalation in the numbers and types of attacker