What is Industrial Endpoint Cybersecurity?

October 2023

Industrial Endpoint Cybersecurity

Dimitrios Pavlakis

Head of Next Generation Technologies

In order to properly examine the market landscape for industrial endpoint security and industrial cybersecurity in general, there needs to be a precise definition of the types of endpoint devices that are found in the greater industrial market.
 
Additionally, many ICS equipment, endpoints, devices or connected devices are misattributed with various features or clustered together with other similar types. Prominent examples of this includes the categories of ‘sensors and actuators’, ‘PLCs and RTUs’, ‘gateways and routers’. This section will examine the breadth of devices in IIoT and ICS, providing clear, real-case examples when required.

Industrial Endpoint Security

 
In our new research, we define industrial endpoint security as:
 
‘The processes that govern secure communications, monitoring, management, and operations of industrial endpoints on virtualised or dedicated hardware.’
 
The prime example for industrial applications would primarily include LAN (Local-area Network) and WAN (Wide-area Network) connections. This is not to assume that there is a general consensus regarding what industrial endpoint security ‘should’ actual entail since certain cybersecurity providers will (naturally) emphasise different security or management elements that fit their market strategies or R&D output. However, keeping this definition simple yet restrictive within certain boundaries should be enough to expand and build upon it when considering specific use cases and applications.
 
Perhaps unsurprisingly, there is also a general lack of consensus regarding what should be considered as an endpoint. This is of vital importance since the scope of the device profiles that need to be considered under the greater cybersecurity umbrella will ultimately form the key requirements for protecting said devices, as well as their overarching cybersecurity service. By natural extension, shifting device management and security requirements will also shift the network architecture of industrial systems in the long term.

Defining IT, IoT, OT Endpoints

 
Merging multiple definitions by various cybersecurity service providers and industry leaders, Juniper Research defines endpoints as such:
 
‘An IT, OT or IoT endpoint is defined as any physical or virtual device that is connected to a network in order to send and receive information.’
 
This information exchange includes anything ranging from standard data traffic to exchange of digital certificate keys and all related connectivity or management operations. However, note that in its simplicity, this definition hides certain variables that need to be addressed. Not only are there major differences in the specifications and device profiles between IT, IoT and OT endpoints but also, in certain cases, service providers and device manufacturers may disagree regarding what an endpoint actually is.
 
Certain low-digital-footprint devices like sensors may not be counted as endpoints for the purposes of any overarching service like an EDR due to their lack of an OS, storage capacity or compute power. However, agentless deployment monitoring systems can monitor all connected endpoints but, as the name suggests, do not require a software agent in the actual device, gateway or industrial router.
 
Juniper Research includes the categorisation of gateways as industrial routers as part of industrial endpoints, however VMs (Virtual Machines) are not counted as industrial endpoints. As mentioned in the next section, VMs can be used to virtualise SCADA (Supervisory Control and Data Acquisition), data historians, or certain HMIs (Human Machine Interfaces) but are not counted as actual physical endpoints. Similarly, very low-tier sensors without the ability to hold an OS, memory, or storage capacity will not be counted within industrial endpoint cybersecurity.

Information Technology

 
In IT settings, among others, key indicative endpoint points will include:

• Desktop computers
• Laptops, smartphones
• Server units

Using Microsoft’s definition along with other prominent vendors and industry alliances like the Industrial IoT Consortium, certain organisations would also count VMs as an industrial endpoint – a fact that escapes the specification datasets and service outline of certain security providers.

Internet of Things

 
Given that IoT is the conceptual amalgamation of various connected applications in multiple end-markets, endpoints can consist of several and quite diverse devices including, among many others:

• BAS (Building Automation System) endpoints and HVAC (Heating, Ventilation, Air Conditioning) units, and physical access control (eg smart cards, biometric terminals).
• Smart home devices, eg connected appliances like smart-TVs, fridges, thermostats, etc.
• Some vendors count networking devices like routers and gateways as endpoints, while others do not (Juniper Research counts routers and gateways as endpoints).
• Surveillance cameras and monitoring equipment.
• POS (Point-of-Sale), ATMs (Automated Teller Machines) and related devices.
• Various smart city connected devices, ranging from smart traffic and smart lightning devices, water and utilities smart meters, and environmental sensors among many others.

Note that healthcare endpoints and sensors also share similarities with industrial devices and, depending on the application, can be classified under the OT as well as the IoT categorisation.

Industrial IoT and ICS

 
IIoT has received increased attention over the last 10 years, due to the increased number of cyberattacks targeting ICS – a direct outcome of the transition from traditional closed-loop industrial systems and into more connected options. In the most all-inclusive definition, endpoint devices include the following:

• Certain vendors do not count low-level devices like sensors, automated pressure valves, actuators and motors, while others do count them as endpoints (Juniper Research does not count very low-level tier sensors as endpoints).
• More complex devices that can still be found at the bottom level of industrial operations like robotic arms, relays and assembly line devices.
• Network connectivity devices like switches, routers and gateways (same endpoint categorisation principle as mentioned above).
• Processing and core control units like PLCs (Programming Logic Controllers), RTUs (Remote Terminal Units), field controllers, VFDs (Variable-frequency Drives), etc.
• Mid-level supervisory units like HMIs (Human-machine Interfaces) and high digital footprint devices like engineering workstations or laptop devices.
• Secondary, non-ICS security or monitoring devices, surveillance cameras used for security and computer vision, access control terminals, etc.

Note that contrary to IT endpoints, OT and IoT devices and sensors may include the incorporation of RTOS (Real-time Operating Systems) used in precise calculation and execution of various tasks and functions across industrial, automotive, healthcare, smart grid among other environments.