GE adds security firm to Industrial Internet May 12 2014

The same cybersecurity issues which threaten consumer and enterprise services will now move to industrial sensor networks

By Caroline GabrielĀ 

The evolution of the internet of things will certainly rely on wireless connections in many cases, but it remains unclear which mixture of technologies will dominate, and which companies will control them. Industrial giant GE's purchase of Canadian cybersecurity firm Wurldtech highlights two things we do know - security challenges will be massive, and the controlling influences will often be firms new to wireless service provision.

While Google plays with thermostats and glasses, GE is having a more profound influence on how machine-to-machine morphs into the ubiquitous internet of things (IoT), notably with its Industrial Internet initiative. This began as an inhouse project to connect all the products, from huge plant machines to appliances, which GE makes. It has now expanded into an industry body, backed by key partners such as Cisco, AT&T and IBM, to create de facto standards.

Security will be critical to success - as Intel and ARM well know, with their intensive projects focused on chip-level protection of IoT devices, sensors and gateways. Wurldtech is a world away from the usual security concerns surrounding consumer web and mobile devices. It supplies solutions to big industrial sites such as oil refineries but Bill Ruh, head of GE's world technology division, says the aim is to harness its systems to protect all kinds of sensor networks. The changes to how consumer goods are distributed, and the way these processes are secured, will now extend to industrial networks, Ruh said.

As these become more prevalent, more business-critical and - crucially - more web-connected, these sensor networks will become targets for cyber-attacks. Wurldtech's CEO Neil McDonnell told TechCrunch that his company takes a two-pronged approach to security. The first layer is to carry out tests for vulnerabilities in systems, with a certification for those which are safe. The second is to customize specific security solutions for each piece of infrastructure - for instance, for a wind turbine the solution would need to defend the item itself plus the wind farm control system and the electricity grid.

McDonnell said that people running industrial equipment do not always have a high level of IT security knowledge and discipline, and there is a need for what he labels 'operational technology security', as opposed to conventional enterprise IT security, which will often have a sophisticated platform for regular patching and so on.