Securing the Industrial Internet of Things
Startups like Resin.io are taking cues from the smartphone industry to enhance cybersecurity for the soon-to-be $150 billion industrial IoT market.
This program was produced by the Marketing Department of WIRED and Ars in collaboration with CA Technologies.
Tech-savvy homebuyers and fitness buffs equipped with heart-rate monitors aren’t the only markets for internet-connected devices. The industrial Internet of Things is also growing rapidly, as major manufacturers bring connected machines online and capture the data those machines transmit. By some estimates, the industrial IoT market could exceed $150 billion by 2020, with more than 20 billion connected units sold.
As traditional manufacturers rush into the industrial IoT marketplace, rolling out connected jet engines, healthcare equipment and other hardware, they’re facing a challenge that didn’t exist when they just made physical products: How best to secure these digital assets?
“If security vulnerabilities pop up, you can't secure what you can't update.”
— Bryan Hale, president of Resin.io
Lessons from the Smartphone Industry
“Not a lot of people have started to give thought to how to properly manage the software running on these devices,” says Bryan Hale, president of Seattle-based startup Resin.io. “If security vulnerabilities pop up, you can’t secure what you can’t update.”
Applying lessons from the mobile phone industry is one path forward. The startup, which employs about 35 people and has raised $12 million from investors such as Ericsson and General Electric, helps manufacturers that produce a diverse mix of products—from smart locks to the industrial lighting inside skyscrapers—solve cybersecurity issues.
To do that, Resin.io uses its open-source software to lay down a virtualized operating system on top of the industrial devices. Once running, the software allows the end user to manage the device, update its features and functionality as needed and—crucially—protect the device from security vulnerabilities. Like a mobile phone user, the system manager in charge of connected industrial equipment needs only to initiate an update. Resin.io’s software handles the rest, with some help from containers, small packages of code that contain everything needed to run an application. Because Resin.io’s software is also container-enabled, updates to connected devices wrapped in virtual packages are quickly and easily deployed.
“Data comes in [to IoT industrial equipment], gets analyzed and then some action is taken. That’s where we come in, on the update side,” Hale says.
Security Through Open Systems
Cybersecurity is a priority concern for manufacturers, especially those who make critical infrastructure. The hurdle for many is figuring out how best to manage those risks. The challenge is that industrial manufacturers still cling to an assumption that cybersecurity solutions should be created in-house, says Scott Morrison, senior vice president at CA Technologies.
“Industrial machinery needs to break from the proprietary world and move toward open systems that support containers in order to do the same things that worked so well to secure mobile devices,” Morrison says.
Consider smartphones: By and large, the baseline technology remains the same. Google, for example, created the Android operating system and then made it available to phone manufacturers. Different manufacturers produce different phones with different functionality, but the baseline Android OS was already designed to be secure. People using Android phones can make updates, but their decisions are limited to which apps to update and when to initiate the updates. They can't toy with the baseline tech. The same sort of approach could be taken with industrial IoT equipment.
“We shouldn’t think of industrial IoT as something special. We should think of it as secure devices on the internet that operate like mobile devices,” Morrison says.
That’s the appeal of Resin.io’s approach. The company’s software uses Linux, an open-source operating system, as the baseline tech for manufacturers who need to deploy updates and maintain security.
“This is something that’s really topical in industrial IoT,” Hale says. “We’re only going to hear more about it going forward.”