Microsoft continues to assume process sensors are secure and authenticated as input to the Azure cloud- they are not.
At the March 21-22, 2017 Microsoft IoT conference in San Jose, Microsoft stated sensors were assumed to be authenticated and secure (https://www.controlglobal.com/blogs/unfettered/the-gap-in-ics-cyber-security-cyber-security-of-level-1-field-devices/). According to Microsoft, secure, authenticated sensors are the first part of assuring the IoT cloud would be secure. Unfortunately, legacy commercial and industrial process instrumentation, actuators, and drives are neither authenticated nor secure, making cloud security questionable for control system applications.
The October 25, 2018 Microsoft IoT in Action Conference in Santa Clara, CA provided many case histories of IOT implementations and benefits. This year, Jane Landis, VP Marketing, Emerson Automation Solutions provided an industrial automation perspective on IoT. Unfortunately, what hasn’t changed is the lack of understanding by Microsoft and their Azure Cloud partners that legacy process sensors, actuators, and drives have no cyber security or authentication nor the ability to be secured. This pokes a hole in the cloud process if the process sensor input can’t be trusted.
Joe Weiss
