The Security Implications of IIoT

By Michael Rothschild, Director of Product Management, Indegy
The adoption of industrial internet of things (IIoT) technologies in manufacturing environments is unleashing major efficiency improvements and operational cost reductions. Along with these benefits, IIoT is also opening up operational networks to security threats they never faced in the past.
For example, attacks such as Lockergoga, BlackEnergy, VPNFilter, and Wannacry are just a few of the recent malware campaigns that have affected critical infrastructure and industrial operations. The actors in some cases were rogue factions including nation states that hacked into industrial networks and caused havoc.
However, the threat from within is also omnipresent and highly significant, as insiders have ‘the keys to the kingdom’ — or at least know how to find them. Some studies show that insider threats account for more than 50 percent of all industrial cyber security incidents.
The IIoT Threat
While IIoT holds tremendous promise for improving manufacturing via the networking of smart devices that can communicate and coordinate with one another via the Internet, the downside is that few vendors and customers are fully aware of the potential security risks associated with the technology.
The introduction of IIoT in many cases has delivered more efficiency, but the controls needed to protect this potential new attack vector is lacking. In fact, the current lack of security standards for IIoT devices, can create holes that can impact both IT and OT environments. Let’s consider the leading IIoT security threats.
Default Passwords
Many IIoT devices are pre-configured with a default password, which is clearly a time-saver for IT staff. However, this benefit is also a major security flaw. When hundreds of thousands of devices share the same default password, attackers can easily compromise organizations that have neglected or intentionally decided notto change it.
Missing Patches
This is another huge problem area for organizations, because many IIoT devices cannot be patched or vendors do not issue patches for known vulnerabilities.
Too Many Devices to Manage
Simply performing an inventory assessment of the sheer number of IIoT devices in an infrastructure can serve as a wakeup call. Many security administrators are not aware of the sprawl that can take place once IIoT goes mainstream in an OT environment. While these numbers can be significantly larger than originally anticipated, the ability to track manufacturers, version numbers, patch levels, etc., not to mention vulnerability disclosures can become a full time job. It simply becomes too much to manage.
Lateral Creep Of Security Incidents
Regardless of the IIoT device type, all of them can be used by attackers as a stepping stone to compromise IT and OT networks. Once inside the network, a hacker can do extensive damage to IT and OT infrastructures and move laterally between them; it’s just a matter of finding the weak link in the chain.
IIoT Security Measures
Fortunately, the following best practices can mitigate many IIoT risks.
Fight OT Threats With OT Technology
IT threats can plague OT networks, especially when introducing IIoT. Nevertheless, it is crucial to also employ OT security for OT environments. This involves employing a hybrid detection mechanism which can search for known threats using signature based detection, anomaly based detection for unknown threats, and policy based detection which triggers alerts when OT based functions violate pre-set “rules”.
Asset Management
Identifying and mapping all devices in the OT environment and keeping an up-to-date inventory of them — even of those that aren’t actively communicating over the network is a vital first step. Ideally, this should include collecting granular information on each device, such as firmware versions, PLC backplane configurations, and serial numbers.
Risk and Vulnerability Assessment
As there are so many potential attack vectors to defend, it’s best to focus on the greatest sources of risks and vulnerabilities. This involves automating the process by which new vulnerabilities are identified and processed. A vulnerability management system can generate periodic reports of risk levels for each asset in the industrial control system (ICS) network. When new vulnerabilities are discovered or disclosed, a mechanism should be in place to identify affected devices, remediate threats and verify a fix has been successfully applied.
Device and Configuration Management
Monitoring and managing changes in the ICS environment to ensure that device and system configurations are secure and well documented is essential. This requires maintaining a continuously updated list of the version numbers of all installed software and firmware, and comparing it regularly against a list of known vulnerabilities.
Meanwhile, regular scanning of OT networks can detect unknown devices and unintended changes made to them.
The best solutions issue notifications whenever a new vulnerability appears. They also combine network monitoring with active device queries to provide in-depth vulnerability assessments. For example, they provide information on current device firmware versions and associated CVEs, list open ports, and calculate accurate, up-to-date risks.
Security policies should also be enforced to control which devices can perform certain (privileged) actions such as a code or firmware download to industrial controllers. In addition, policies should mandate that certain devices do not access the internet.
Finally, in addition to implementing these best practices to address IIoT risks, unifying IT and OT security can protect industrial control networks from threats regardless of how they originate.
About the Author
Michael Rothschild is director of product management for industrial security vendor Indegy. He has more than 20 years of experience in IT security with Thales, RSA, SafeNet (now Gemalto), Dell, Juniper Networks and Radware. In his spare time, Michael volunteers as an Emergency Medical Technician.

Check out our free e-newsletters
to read more great articles.
MORE ARTICLES
-
The Death of the Family Album: Specifying the right cleanroom environment
By Mark Howard, EU Automation
It is vital to understand how cleanrooms truly operate if you are to get the best out of yours. This article... -
Inside the Rise of 5G Industrial Automation Networking
By Bill Lydon, Automation.com
5G is starting to make the goal of wireless industrial automation a reality. Companies are already starting to... -
The Push and Pull of Composite Manufacturing
By Robert Glass, Exel Composites
From window and door manufacturers to the professional tree surgeon, weighing up material options usually comes... -
Augmented Intelligence
By Mark Howard, EU Automation
Augmented intelligence is one of the few technologies named on the Gartner Hype Cycle for Emerging Technologies,... -
PLC Programming Preference Survey: Insights & User Comments
By Bill Lydon, Automation.com
The PLCopen organization and Automation.com conducted a joint survey of PLC programming preferences. Here are some...
RELATED
-
Verizon helps Virginia shipbuilding company implement 5G service
With 5G’s increased bandwidth and ultra-low latency, NNS will be equipped to meet network connectivity demands and will test new ways its...
-
Kinedyne announces John Seliga as Vice President of Finance
A certified public accountant, Seliga holds a master’s degree in business administration from Cleveland State University and a bachelor’s...
-
Senseye partners with ATS Global to accelerate smart factory strategies
ATS will support Senseye's clients with the design, implementation, or integration of automated machine data systems such as historians or...
-
Industrial Internet Consortium and oneM2M release whitepaper on Advancing the Industrial Internet...
The joint whitepaper, “Advancing the Industrial Internet of Things,” written by the IIC and oneM2M, demonstrates how these two IoT...
-
ARC Advisory Group Report: ABB leads DCS market for 20th consecutive year
According to the report, ABB’s presence in many end-user industries was a major factor in this success. The DCS market saw its main growth in oil...