Network connectivity has fundamentally changed the world as we know it. In the last four decades, connected computing has fueled a global economy centered around the internet and internet-based applications, and most notably the World Wide Web. It has redefined human communications and our experiences with shopping, banking, and travel. However, when this same connectivity concept extends beyond the human boundaries to otherwise dumb devices and machines, the value latent in these machine data creates unprecedented opportunities, much of which we are probably only anticipating at this point and are yet to harness completely.
The present era of smart connected machines has ushered new markets with enormous growth potential, especially with almost every industrial company being under pressure to exploit the benefits of digital intelligence. In the last five years, most industrial verticals, notably manufacturing, transportation, retail, and healthcare, have begun to embrace connected technologies at scale. These technologies collectively is known as the Industrial Internet of Things (IIoT).
Securing IIoT deployments against cyber threats, however, remains a major challenge. The consequences of an IIoT security breach are much more severe than compromises of traditional IT deployments. In the case of a hack in IIoT systems, in addition to the usual IT-based fallouts such as reputation damage and financial loss, there could be loss of life and/or environmental damage. Since IIoT systems interact with the physical environment, the security paradigms of e-commerce and IT infrastructures significantly differ in the cyber-physical domains in terms of attack vectors, threat actors, and impact.
Nevertheless, while cyber-insecurity is the undeniable flip-side of connectivity, security-by-obscurity is no longer an option. The benefits of industrial data and cloud connectivity offer enormous advantages that cannot be ignored. Industries will embrace these new technologies and must therefore balance them with adequate safety and security controls.
For any connected industry use case, security is a business and moral imperative. Much research, innovation, and investment are being directed world-wide to secure connected industries. This book combines these developments to provide a comprehensive understanding of IIoT security, and will equip the reader with practical know-how and tools to tackle both its technical and business aspects. Readers will find the important concepts and techniques needed to plan, design, and build resilient IIoT systems and can benefit from the experiences of IIoT security experts on these topics.
In this chapter, we shall establish a solid foundation by discussing the following topics:
Security is a foundational element of IIoT adoption. Before diving into the paradigms of the IIoT security framework, let's first define and fathom the expanses of IIoT.
The Internet of Things in itself is gaining a pervasive scope, resulting in the many ways that it is defined and described. The Internet Engineering Task Force (IETF), states that "in the vision of the IoT, "things" are very various such as computers, sensors, people, actuators, refrigerators, TVs, vehicles, mobile phones, clothes, food, medicines, books, etc." (Minerva, Biru, and Rotondi 2015 (https://www.tandfonline.com/doi/full/10.1080/23738871.2017.1366536) Minerva, R., A. Biru, and D. Rotondi. 2015. "Towards a Definition of the Internet of Things (IoT)." IEEE Internet Initiative, Torino, Italy, 1. (Google Scholar)).
However, for the scope of our discussion in this book, we shall primarily lean on the following definition of the Internet of Things, which has been excerpted from (IEEE-IOT):
"An IoT is a network that connects uniquely identifiable "things" to the internet. The "things" have sensing/actuation and potential programmability capabilities. Through the exploitation of the unique identification and sensing, information about the "thing" can be collected and the state of the "thing" can be changed from anywhere, anytime, by anything."
(https://iot.ieee.org/images/files/pdf/IEEE_IoT_Towards_Definition_Internet_of_Things_Revision1_27MAY15.pdf)
This definition mentions the collection of information about the thing and also the possibility of changing the state of the thing from anywhere, anytime, and by anything. In other words, the connected things are, by design, vulnerable to harvesting and subjugation without the need for authority. This highlights the importance of security to protect IoT, a topic that will be delved deeper into in the rest of this book.
From a functional perspective, IoT is essentially an enabler to digitize and interconnect physical assets. By embedding the communication protocol stack and software logic (or smarts), otherwise dumb entities such as appliances, sensors, actuators, or any device or machinery can intelligently communicate data without any human intervention. The enormous quantity of data (rather big data) generated by things can be analyzed to gain data-driven insights and to offer value-added products and services.
![]()
The IIoT digitally transforms industrial and enterprise operations by adding smarts and connectivity to machines, people, and processes. IIoT converges technical advancements in multiple areas, including:
- Innovations in network connectivity (low energy wireless, edge and cloud technologies)
- Low-cost sensing and computing with machine learning
- Sensor-generated big data
- Machine-to-machine (M2M) communications
- Automation technologies those have existed in the industry for many years
IIoT is also interchangeably referred to as the Industrial Internet, a term originally coined by General Electric (GE). GE defines the Industrial Internet as (GE-IIoT) "the convergence of the global industrial system with the power of advanced computing, analytics, low-cost sensing and new levels of connectivity permitted by the internet."
GE's Industrial Internet refers to the third wave of innovation in industrial environments, the first two waves being the industrial revolution, followed by the Internet revolution, as shown in the following diagram:
Figure 1.1: Industrial Internet—the third wave of industrial innovation; Source: Adapted from https://www.i-scoop.eu/industry-4-0/
Industrie 4.0 is a digital transformation project that was launched (https://www.i-scoop.eu/industry-4-0/) by Germany in 2011 and widely referenced in Europe (ISP-4IR). It refers to connected cyber-physical systems (discussed later in this chapter). The Industrial Internet concept is comparable to the fourth revolution, as illustrated in figure 1.2.
Industrie 4.0 is primarily focused on the digital transformation of manufacturing by leveraging technologies such as big data/analytics and IoT. This transformation is catalyzed by the convergence of information technology (IT) and OT, robotics, data, artificial intelligence, and manufacturing processes to realize connected factories, smart decentralized manufacturing, self-optimizing systems, and the digital supply chain in the information-driven, cyber-physical environment of the fourth industrial revolution, sometimes called 4IR (ISP-IIoT):
Figure 1.2: Industrie 4.0 as the fourth Industry Revolution (4IR); Source: Partially adapted from DKFI 2011 www.dfki.de
According to top analyst firms, over the next decade, the number of connected machines is estimated to be in the order of tens of billions, while through accelerated productivity growth, the global gross domestic product (GDP) is estimated to expand in double digits. Increases in efficiency, data management, productivity, and safety are the core drivers for IIoT adoption.
Interestingly, this wave of digital transformation in various industry verticals is also a key driver for safety and security technologies in order to realize reliable systems and architectures.
![]()
The value of sensor-embedded connected devices took a giant leap with the ubiquity of smartphones. Hand-held mobile phones morphed from being just a data and voice communication device to a versatile commodity that assists in navigation, news, weather, health, and so on. The iPhone itself boasts of a number of sensors for proximity, motion/accelerometer, ambient light, moisture, a gyroscope, a compass, and so forth. Apple watch, Fitbit, Amazon Echo, and so on have heralded a whole new era of smart, personal wearables, along with ingestible and home controls, thus opening up entirely new market segments. These home and personal devices together are most commonly understood as the Internet of Things.
However, these same principles when applied at scale—in enterprises and industries—multiply both in terms of complexity and benefits. The Industrial Internet Consortium (IIC) was established in March 2014 with the mission to accelerate the industrial adoption of IoT, by creating standards to "connect objects, sensors and large computing systems." This formally delineated IIoT from consumer IoT, the latter being more focused on personal and home automation gadgets and appliances, and dealing with different security postures when compared to IIoT.
In this book, the term IIoT refers to scalable internet of things architectures that are applicable to enterprises across a wide variety of industry verticals, such as energy, water, farming, oil and gas, transportation, smart cities, healthcare, building automation and so on, and will be referred to by its short form, IIoT.
In many contexts, the use of the term IIoT is limited to being a connectivity enabler, just like the internet enabled the connection ...
