IoT and IIoT Sounds Similar, But are Different Ecosystems

IoT and IIoT Sounds Similar, But are Different Ecosystems

An article by Daniel Ehrenreich, SCCE, Consultant and Lecturer on OT Cyber Security.


You may hardly find a conference dealing with High-Tech solutions which is not mentioning the term; Internet of Things (IoT). Conference presenters outline the huge benefits achievable with IoT and the Industrial IoT (IIoT), talking about potential of tens of billion devices in 2020, making suppliers excited, but, are we sure that all are on the same page related the question: What is IoT? If you not clearly understand this term, you probably belong to majority of people.

What is IoT?

The IoT is an ecosystem, in which a “client” initiates a request for service or information and there is a “server” or several servers, which provide the response. The client can be a computer, tablet, cellular phone or any control device which can request these services.

An important precondition for recognizing if a certain ecosystem as a true IoT or just a direct device-to-device communication is, that the response process utilizes cloud based information and a computerized service.

The IoT ecosystem may serve a wide range of commercial and consumer applications and we already hear about a broad range of definition for IoT: Internet of Travel, Internet of Taxis, Internet of Technology and more. These ecosystems typically utilize low cost “end devices” and applications. In order to qualify a service as a true IoT, please refer to the following topics:

  • The IoT ecosystem creates an enhanced convenience for the user
  • The IoT ecosystem creates improved productivity or production yield
  • The IoT ecosystem reduces the operating and/or the maintenance cost.

Once you confirm the existence of all these criteria, you have an IoT ecosystem.

What is IIoT?

The IIoT is a completely different operation, although IIoT and IoT sounds as similar. Here we exclusively refer to industrial operations and applications, which in the past were known as M2M (Machine-to-Machine) operation. These systems actually enhance the Operation Technology (OT) or Supervisory Control and Acquisition (SCADA) systems. The IIoT concept allows expanding the SCADA process with more sensing devices (smart sensors) and allow deployment of highly efficient and sophisticated control processes.

Special challenges for IIoT

The integration of the cloud based process for IoT ecosystem is straight forward, because the entity requesting the service is connected to the internet and the instruments or devices providing the information are linked to the Internet as well. When dealing with IIoT, the entity requesting the service may be an OT / ICS / SCADA system, but you must realize that these systems are not connected directly to the network, primarily due to cyber security related concerns.

As discussed in my previous publication (“Not all Devices are IoT or IIoT”), those solutions, which are built for direct interaction between the client requesting the service and the one supplying the service, are not considered IoT or IIoT. For example, a home-based air conditioner, instantly activated by a smartphone will not necessarily qualify, since remote activation by itself is not a sufficient condition. Similarly to what is explained above for the IoT, the IIoT ecosystem must also utilize cloud-based information and cloud-based computer processes.

Under such restrictions how can someone consider designing an IIoT ecosystem, which request a cloud based process for optimizing the operation. These OT / ICS / SCADA systems are disconnected or securely connected to the corporate network, which operate as an IT system of the organization. There is a cyber secured isolation between the OT and the IT networks, involving a Demilitarized Zone (DMZ), strong firewalls and in some cases also a Data Diode.

Technology solutions for IIoT deployment

In order to deploy a IIoT as part of an ICS-OT architecture, the role of conducting cloud communication must be transferred to the IT section. In such case the control system must continuously aggregate data on the local conditions measured by the IIoT sensors, and periodically export that data to the IT network. The IT network shall send a request to cloud based operation and obtain the report from the cloud as a response to the inquiry.

Consider an example in which the IIoT ecosystem is monitoring the vibration level caused by a large gas turbine or an electricity generator. The accumulated data referring to the vibration is collected during a specific time window is exported to the IT section for IIoT ecosystem process. In such system, the IT operation will communicate with relevant information source resident in the cloud based database, such as referring to vibration conditions of similar equipment installed worldwide, and based on that it will determine the needed maintenance process.

Summary and Conclusions

Business opportunities created by IoT and the IIoT recently became the mostly debated topic, as they serve a broad range of consumer, commercial and industrial applications. But, according to what was already mentioned, remember that not every controlled device is an IoT nor IIoT.

Deployment of IIoT ecosystems require special consideration and careful collaborative process between the IT and OT sections in the organization. While both IoT and IIOT create enhanced operating and financial benefits, it is important to review the cyber security considerations and new potential vulnerabilities created by these solutions. Use of services offered by cyber security and IIoT experts, will help achieving enhanced performance, user convenience and cost saving without creating undesired cyber security risks which might threaten the organization.

About the author:
Daniel EhrenreichDaniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts, and periodically teaching in colleges and industry conferences on integration of cyber defense with industrial control systems; Daniel has over 25 years’ engineering experience with ICS and OT systems for: electricity, water, gas and power plants as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Daniel can be contacted by email: or tel: +972-54-9151594
The views and opinions expressed in this blog post are solely those of the author(s) and do not necessarily reflect the opinions of IoT Business News.

Related posts