What is the Extended Internet of Things?
The Extended Internet of Things (XIoT) is defined by Claroty as “a holistic umbrella term that encompasses all cyber-physical devices connected to the internet.”1 An organization’s XIoT can include a variety of cyber-physical systems serving various functions such as industrial (operational technology [OT] and industrial control systems [ICS]), medical (connected medical devices), and commercial environments (building management systems and enterprise Internet of Things [IoT]). The digital transformation for XIoT has happened rapidly, as automation offers swift improvements in operational efficiency, performance, and service quality. The downside to this is that the adoption of technologies has far outpaced the development and application of cybersecurity solutions for these cyber-physical systems and connected XIoT assets. This leaves organizations at urgent risk of cyberattacks due to widespread security vulnerabilities. The following are some measures that organizations can take to protect themselves from cyberthreats to XIoT2:
Secure foundation. While new technologies are exciting and offer numerous benefits, the cybersecurity threats associated with early adoption should not be overlooked. Consider operational technology (OT) as another branch of information technology (IT) and ensure that OT XIoT is built by IT professionals on a strong cybersecurity foundation.
Operational resilience. Consider cyber risks to OT environments as you would consider threats to other devices and systems. An OT XIoT cyberattack could cause significant downtime as well as have impacts for financial performance, production, machinery, and procedures. Ensure that your organization has designed a strong cybersecurity program encompassing OT XIoT that addresses these concerns from the standpoints of prevention, mitigation, and disaster recovery.
Secure remote access. OT networks have exploded since the pandemic, increasing connectivity with a remote workforce, third-party vendor devices, and the wider internet. Often, remote access technologies have been adopted even though they are poorly secured. With the network perimeter for operational environments being difficult to define, it is critical that organizations adopt the zero-trust approach through least-privilege access enforcement.
Network segmentation. Segmentation is a recommended strategy for preventing XIoT cybersecurity incidents. Organizations should configure virtual zones that can be easily managed remotely. Zones can be given specific policies tailored to their particular needs in that zone, and the ability to inspect traffic, including OT protocols, should be reserved.
1 Claroty, 2022, “Let’s Talk About X: Extended Internet of Things (XIoT) FAQ”
2 Sharma, 2022, “3 Measures for XIoT Cybersecurity”