The Industrial Internet of Things (IIoT) has opened many security concerns, confusion about what constitutes an endpoint and unrealistic perspectives on protecting systems and data, according to the 2018 SANS Industrial IoT Security Survey report.
More than half of those taking the SANS survey reported that the most vulnerable aspects of their infrastructure are data, firmware, embedded systems or general endpoints. At the same time, respondents indicated that the debate continues over the definition of an IIoT endpoint.
"The discrepancy in defining IIoT endpoints is the basis for some of the confusion surrounding responsibility for IIoT security," according to Doug Wylie, Director of the Industrials & Infrastructure Business Portfolio at SANS Institute. "Many practitioners likely are not adequately identifying and managing the numerous assets that in some way connect to networks and present a danger to their organizations. For this reason, it is important for company IT and OT groups to agree to a common definition to help ensure they adequately identify security risks as they evolve their systems to adapt to new architectural models."
The survey uncovered other potential endpoint issues. For example, only 40 percent said they apply and maintain patches and updates to protect IIoT devices and systems, and 56 percent noted difficulty in patching as one of the greatest security challenges. Almost 40 percent said identifying, tracking and managing devices represented another significant security challenge.
Finally, the survey unveiled big gaps between the OT, IT and management perceptions of IIoT security. Only 64 percent of OT departments reported being somewhat-confident or confident in their ability to secure their IIoT infrastructure, as opposed to 83 percent of IT department respondents and 93 percent of company leaders.