Process sensors are different than IOT and IIOT devices

Dec. 12, 2022
Joe Weiss outlines the difference

December 2022, the US Government Accountability Office (GAO) issued Critical Infrastructure Actions Needed to Better Secure Internet-Connected Devices (GAO-23-105327). According to the GAO report, Internet of Things (IOT) generally refers to the technologies and devices that allow for the network connection and interaction of a wide array of “things” throughout such places as buildings, transportation infrastructures or homes. According to the report, every critical infrastructure sector has its own types of IOT devices. However, control system devices such as process sensors and actuators are not unique and are common to industrial and manufacturing applications.

According to NIST, IOT technology acts as a bridge between OT, which includes sensors and actuators, with IT, which includes data processing and networking. Industrial Internet of Things (IIOT), a subset of the broader IOT, encompasses the connected sensors and other devices to machinery and vehicles. IIOT leverages many of the same technologies as IOT and applies them to industrial and manufacturing environments within critical and other infrastructures.

There is confusion as to the differences between IOT, IIOT and process sensors. I consider IOT devices to be those used in “Fitbits and refrigerators.” IIOT devices generally are wireless devices used for supplemental information for big data analytics, not for real-time control. Process sensors are used in “power plants and pipelines” for real-time monitoring and control of physical processes. Process sensors have direct and indirect connectivity to the Internet but without cyber security capabilities - https://www.controlglobal.com/blogs/unfettered/a-vulnerability-worse-than-log4j-and-it-can-blow-up-facilities-and-shut-down-the-grid/.

The GAO report references many NIST reports but does not address the distinctive cyber security issues with legacy process sensors. Specifically, the GAO report references NIST Special Publication (SP) 1800-10 Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector. The NIST report states “In this project, the focus was on the engineering workstations and not on the manufacturing components. It is acknowledged that many of the device cybersecurity capabilities may not be available in modern sensors and actuators.” The GAO report also does not address the International Society of Automation (ISA) Industrial Automation and Control Systems ISA/IEC-62443 series of standards that includes process sensor and IIOT devices.

According to GAO, the scope of the report was governed by a legislative mandate in The Internet of Things Cybersecurity Improvement Act of 2020, which (along with conversations with GAO’s Congressional clients), dictated the terms of GAO’s review. In a December 5, 2022, e-mail to me from GAO, GAO acknowledged the report did not address the control system cyber incidents in my blog https://www.controlglobal.com/blogs/unfettered/blog/21438102/more-than-17-million-control-system-cyber-incidents-are-hidden-in-plain-sight.

Next steps

The GAO e-mail stated that given the importance of actual control system cyber incidents, GAO anticipates conducting future reviews. This is critical for GAO’s congressional sponsors and other government organizations to understand that process sensors are not being addressed by the term “IOT.”

GAO also needs to clarify that cyber security issues specific to IOT such as consumer labeling are not applicable to process sensors.

There is a need for industry and standards organizations to clearly define the difference between IOT, IIOT and process sensors.

There is a need for industry and standards organizations to address the lack of cyber security and authentication in legacy process sensors and IIOT devices.

Joe Weiss 

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...