Lloyd’s Register Foundation issues a report about industrial IoT

The Lloyd’s Register Foundation published a report titled Foresight review of cybersecurity for the Industrial Internet of Things (IIoT). The report outlines the benefits of IIoT and the forces that promote the adoption of IIoT technologies. The report highlights that as IIoT advances, organisations will have to deal with traditional cybersecurity risks, new cybersecurity risks (arising from interconnectedness, new forms of data, and new technologies) and industry-specific risks. According to the report, existing security standards and guidelines are relevant for IIoT. However the capabilities needed to follow them are not sufficiently developed. The review suggests a set of guiding principles that could increase the pace of operational cybersecurity developments. These guiding principles should assume worst-case scenarios such as failure as a basis for developing a security strategy, the existence of insider threat within systems, and the potential for systemic risk within the supply chains. This review identifies several practical next steps for organisations using IIoT today: (1) to consider the following – harm consequences when planning risks management, failure of security controls, the use and vulnerabilities of IoT supply chains, and future scenarios in risk assessments; (2) to use techniques that can provide an organisation with a continuous assessment of its position as opposed to periodic assessment; and (3) to invest in forensic readiness processes and training for staff on IoT standards and good practice. The report concludes with a call for conducting follow-up research concerning risk control performance, liability models, practicalities and implications for IoT markets, and international co-operation in developing trust in the supply chain for IIoT devices and software.