The attacks on industrial IoT systems (IIoT) used manufacturing, energy and chemical operations doubled in 2018 and an estimated of more than one-third get unreported. By targeting industrial systems attackers can do vast amounts of damage, ranging from stealing sensitive data, network shut downs leading to dangerous situations, to industrial systems break downs, causing physical damage.
Many control systems still run on old or bespoke operating systems making them vulnerable, and the main attack vector for these systems is unsurprisingly via the internet through unsecured ports and systems to can gain access to. The comment "protect our fortress with pull-up bridges” methods are outdated. Western Europe, specifically Germany, shows the largest growth in numbers of attacks.
Organizations like the European Cyber Security Organization (ECSO), focused on cybersecurity strategic research and European Union Agency for Network and Information Security (ENISA) supporting policy development and implementation, are a good start, but Europe is insufficiently prepared.
The United States setup USCYBERCOM which plans, coordinates, integrates, synchronizes and conducts activities direct the operations and defense of all domains and ensure US/Allied freedom of action in cyberspace. A new NATO command center is meant to host a 70-strong team fed with military intelligence and real-time inform to deter cyber-attacks and should be operational in 2023.
Mass-scale deployments of industrial IoT systems (IIoT) is essential for European businesses to radically increase productivity and remain competitive in the global economy. This will only materialize if more energy is spent on preventing attacks from happening in the first place and creating a real-time response when an attack takes place to defer the attackers.
A three-prong approach seems the most effective way of addressing this. Firstly, upgrading the infrastructures using secure platforms with advanced end-to-end encryption technology, secondly setting up a centralized monitoring body where all attacks and system weaknesses get mandatorily reported and thirdly a rapid response teams with cyber security experts to fend off the attackers.
We believe layering this structured method with an independent distributed incentive approach, using white hat or ethical hackers (as already institutionalized by companies like google recently) to proactively improve current setups. By providing them tax breaks directly correlated to the issues found, we improve security faster and get more experts capacity behind this.