Industrial IoT is expected to transform manufacturing, energy, agriculture, transportation and other industrial sectors of the economy which, together, account for nearly two-thirds of the global gross domestic product. Unfortunately many of these companies are unprepared for the potential risk and liability that may be brought on by these new technologies, including new threats to public safety, physical harm, and catastrophic systemic attacks on shared public infrastructure. As today’s economy continues to prioritize time-to-market and the profitability of solutions over security, the threat of serious physical, financial and institutional harm grows. Moreover, cybersecurity poses a unique challenge for government regulation of businesses as the process for certifying and enforcing good security practices can be too labor-intensive and costly for governments to address on their own.
Market forces could play a critical role in helping establish and catalyze new norms and best practices for the security of industrial IoT devices and systems. Lower insurance premiums, for example, prompted millions of business and consumers to install fire and security systems. Similiarly, good driver discount programs have created tangible financial incentives for safer and more careful behavior. Though this project, the same incentive structure—tying minimum safety standards and practices to the sale and pricing of insurance policies—will be applied to industrial IoT deployments. In parallel, this approach will also be applied to government stimulus funding and financing programs for industry. Lastly, self-certification could also help foster greater adoption of security measures. Companies that self-certify have the opportunity to stand out in an increasingly competitive industrial IoT marketplace.
Over the course of the last year, more than two dozen companies, governments, organizations and universities have collaborated with the Centre to co-design the Industrial IoT Safety and Security Protocol. This first-of-its-kind policy framework generates an understanding of how insurance can facilitate the improvement of industrial IoT security design, implementation and maintenance practices. It also sets forth a universal set of security best practices that should be incorporated in all industrial IoT deployments. The next step of this project is to pilot these incentive structures with insurance companies, governments and private sector stakeholders, refine the underlying operating models, and then share these outcomes to scale-up adoption internationally and across sectors.