The integration of Cybersecurity and IoT (Internet of Things) in industries is the main responsible for creating cyber-physical systems. They are formed by the combination of networked physical structures, with cybernetic components, sensors, and actuators. These elements interact in a process monitoring cycle, providing information to support human interventions that affect the operation of a given machine or system.
The growing concern about cybersecurity is directly related to technological evolution and the integration of IoT systems in the industry. This is because the combination of these items expands the attack surface for cybercriminals, opening the door for companies to be attacked.
Cyber attacks, present in systems managed by software, have become more sophisticated since their emergence, which boosts the area of Cyber Physical Security (CPS). Cybersecurity aims to protect computer systems, applications, devices, and data from ransomware and other malware, phishing scams, data theft, and other threats.
According to Sheilla Valverde, Master in Computer Engineering, Information Security and Intrusion Detection Mechanisms from UFP (Fernando Pessoa University) and Postgraduate in Cryptography and Network Security from the Fluminense Federal University, “to ensure security, it is necessary to think of a strategy that covers the seven cyber layers. This encompasses the digital and physical world”, they are:
- Physical layer: protects the infrastructure from unauthorized access and physical damage;
- Network layer: focuses on the security of network communications, using firewalls and VPNs;
- Perimeter layer: protection of network borders, preventing external threats;
- Endpoint Layer: protects end devices from malware and other threats;
- Application layer: uses secure development practices, penetration testing, and continuous monitoring;
- Data layer: protection of data stored and in transit, using encryption and access control;
- Human layer: includes training and awareness of users;
“Protection starts at the physical level and ends at the application layer, and each of them can suffer a different attack. So, security starts in the physical structure of the company until the execution of tasks.” — Sheilla Valverde, postgraduate in Cryptography and Network Security.
Overview of Cybersecurity and IoT in the industry
Innovative IoT solutions are gaining more and more strength within factories and industrial plants, contributing to the search for operational improvements. Despite the countless benefits, the adoption of these technologies is not happening at the speed expected by the market. This is influenced by possible safety issues that can occur if proper care is not taken.
Industries seek to connect all manufacturing areas to achieve improved performance. However, in this process, it is possible to find lines that use older technologies, resulting in a lack of standards. Thus, when implementing IoT systems, one may encounter difficulties in maintaining end-to-end cybersecurity.
To solve the issue of difficult integration of legacy systems with new technologies, a study by McKinsey (2017) suggests the implementation of new solutions. They can be based on the use of isolated networks, which work independently, or through redundant sensors, which take control in the event of failures.
Motivated by these challenges, many industries are developing their own solutions internally, aiming at integrated monitoring even with legacy systems. However, it is important to consider that this is a process that requires a high level of expertise, safety knowledge, and ongoing maintenance to generate value. Often, the difficulty in including tools focused on cybersecurity is due to the increase in the cost of solutions.
To change this scenario, when an IoT is developed, it must focus on robust security applications to ensure data transmission without attacks, regardless of technological maturity. In this way, there is integration between systems without compromising security.
“Thinking about industry is thinking about cybersecurity and privacy. It is to ensure the proper functioning of the operation, without errors and leaks.” — Sheilla Valverde, postgraduate in Cryptography and Network Security
From Layer to Code: Integrating Cybersecurity into IoT Architecture
The adoption of IoT in the industry has evolved from point applications to highly connected environments, driving the digitalization of factories. However, taking full advantage of this technology depends on integration with cybersecurity from design to implementation. According to McKinsey (2023), this convergence is essential to accelerate IoT adoption in a secure and intelligent way.
The main challenges include interoperability, complexity, and vulnerabilities, especially in application software and human-machine interfaces. With the increase in interconnectivity between IT and operating systems, the need for secure cyber-physical environments based on authentication, confidentiality, integrity, and resilience grows.
Companies are willing to invest 20% to 40% more in secure IoT solutions, which could lead the market to reach $500 billion by 2030. Thus, cybersecurity is no longer a differential and becomes a fundamental condition to enable more integrated, protected, and prepared solutions for the industrial future.
Also according to McKinsey (2023), the convergence between IoT and cybersecurity should occur at three levels: architectural, parallel design, and software. At the architectural layer, it is recommended to embed secure code in all technological layers, from hardware to firmware.
In parallel design, the principle of privacy by design is adopted, ensuring protection from the platform to the cloud. At the software level, integrated solutions must protect the ecosystem as a whole. To mitigate risks in the IIoT environment, practices such as multi-factor authentication and role-based access control, use of encryption, continuous firmware and software updates with security patches, real-time monitoring with intrusion detection, protection against DDoS attacks with firewalls and traffic limitation, as well as compliance with regulations such as the LGPD and the IoT Cybersecurity Improvement Act stand out.
These measures are essential to ensure safe, resilient operations in line with regulatory requirements.
Convergence between Cybersecurity and IoT: Framework and Opportunities
For companies developing IoT technologies, in addition to regulatory compliance, it is possible to pursue voluntary compliance standards to further strengthen cybersecurity. An example is SOC 2, developed by the American Institute of Certified Public Accountants (AICPA). Although not mandatory, adherence to SOC2 demonstrates that those responsible have adequate internal controls for security, availability, processing integrity, confidentiality and privacy. This is an important competitive differential, SOC 2 certificates must always be up to date and adapting their practices according to technological evolution.
In addition, this type of certification ensures compliance with international standards, indicating robustness to serve industries in various sectors at scale. Similarly, it takes in-house expertise to understand and implement compliance requirements, which are complex. This knowledge prevents failures in the implementation and maintenance of these standards.
In the context of IoT technology providers, having these certifications means offering a service that reduces risk and increases operational efficiency. For industries, it is essential, as it ensures the privacy of sensitive data and strengthens a culture of security.
“To provide IoT solutions, it is necessary that those who produce them are aware of the importance of security, and, above all, that they already grow and develop with well-established security policies. From this, it is possible to see the next steps, identify what needs to be improved, it is a process of continuous improvement.” — Sheilla Valverde, postgraduate in Cryptography and Network Security.
Learn more about ST-One.