At the recent Smart Industry 2016 event in Chicago, a colleague told a story that encapsulates some of the challenges I’ve been thinking about with respect to the Internet of Things and edge computing. The story involved a company with a large wireless network for monitoring pipelines, and how one day it found itself with a seven-figure wireless bill – far, far above its usual rate. After some investigation, it became clear that intruders had hijacked the network and used it as their own Internet pipeline. Cost aside, the fact that an intruder was able to use the connectivity without authorization dramatically raised previously overlooked concerns.
What the story illustrates is how IoT devices and the networks that connect them can be hacked or hijacked in the same way as traditional PCs and servers, with results just as damaging. Given that, the story also highlights the need to protect these IoT devices and networks just as we have always sought to protect our enterprise IT environments.
To address the issue, we need to think about how various IoT devices are connected. Typically, they funnel data into a network over which the data travels to some sort of compute infrastructure, perhaps taking multiple steps along the way at various collection points before it reaches its ultimate destination. If we think of edge compute as the PC and server assets deployed close to the devices associated with the IoT then we can call the networks supporting them and the links to the devices themselves the edge network.
The problem is, the edge network that supports the IoT environment is often not protected against intrusions and cyber-attack in the same way traditional IT infrastructure is. Clearly, it should be.
In many cases, the fact that IoT edge infrastructure lacks protection is an extension of the old turf battles between IT and OT (operational technology) groups. In a factory environment, for example, machinery and control networks were firmly under OT control. That was fine, as long as the networks were self-contained, with no connection to the outside world. As such, they didn’t need all the security policies and management processes that the IT group put in place for the business networks.
However, an IoT environment is inherently connected, which changes the equation entirely. Now all that edge equipment and software is essentially an extension of the enterprise IT network – and needs to be treated as such.
This should lead to implementing applications for OT using IT standards and policies around how software and equipment is deployed, from physical enclosures to who can perform upgrades and when. Virtually all enterprises have standards in place for how they deal with and manage IT infrastructure. Now they need the same for IoT edge infrastructure.
Doing so entails addressing everything from the racks that equipment sits on to firewalls and software standards that make the systems secure and manageable. It also means ensuring clean, reliable power, with the use of UPS systems to protect critical components – especially the “brains” of the IoT connected enterprise. This includes the IoT enabled devices themselves as well as any servers or networks responsible for collecting data or controlling processes (a topic I’ve touched on previously).
The need for power protection for such control systems is especially important because gleaning data from such systems is most important when things go wrong, to provide for a safe and effective shutdown, maintain critical process data and help troubleshoot the problem and avoid it in the future.
In short, edge networks in an IoT environment need to be treated like the IT infrastructure that it is. In many cases, that will require cooperation between the OT groups that are responsible for much of the IoT infrastructure and the IT groups who know how to protect such systems. And it will require tools to ensure the entire infrastructure is highly manageable, right down to the rack, PDU and UPS level.
It’s clear that the IoT is becoming critical to business success. To learn more, check out the free Schneider Electric “IoT 2020 Business Report,” which details the results of our survey of more than 2,500 business decision-makers on their vision of the IoT. It includes predictions for the future of IoT, ways that it delivers immediate value and some keys to success.