Defending the Industrial Internet of Things

In 2016, hundreds of thousands found themselves without power following a cyberattack on a major Ukrainian energy plant north of Kiev. The attack targeted a specific digital relay with malware that resulted in broad system failure.

In 2016, hundreds of thousands found themselves without power following a cyberattack on a major Ukrainian energy plant north of Kiev. The attack targeted a specific digital relay with malware that resulted in broad system failure. Specifically, the exploit succeeded by compromising "[f]irmware used by Serial-to-Ethernet converters — which connect industrial equipment to computer networks." This digital relay and the subsequent intermediating firmware are perfect examples of a growing trend known as the Industrial Internet of Things. The Ukrainian plant failure also stands as an early example of IIoT devices being exploited as a security vulnerability. But what exactly is the Industrial Internet of Things and how can critical infrastructure stakeholders approach cybersecurity to avoid networking security incidents such as this?

What Is the Industrial Internet of Things?

For many years, the Internet of Things (IoT) has described the proliferation of network connected devices – traditionally sensors. Everything from thermostats to security cameras, smart lightbulbs to heart monitors are becoming internet devices and assigned independent IP addresses. The IoT phenomenon has focused on commercial products and serving individuals by augmenting consumer IT networks. In parallel, however, a similar phenomenon is being seen within industrial settings far removed from consumer products. In particular, sensors within operational technology (OT) networks are being integrated into other networks to increase efficiency within industrial control systems. This is the Industrial Internet of Things (IIoT).

Of course, industrial systems have long relied upon complex networks of sensors. Historically, however, these sensors have lacked networking capabilities – or simply been contained within a discrete OT system. Recent trends, however, have led to an increased demand in network-connected sensor systems. There are many reasons for this demand. For example, enterprises are pushed to collect larger, faster, and more accurate data sets to increase efficiency and producers are working to collapse distance between production and end user requests. Whatever the cause, modern industrial demands are being aided by network connected sensors of all shapes and sizes. Furthermore, the leading accounting firm PricewaterhouseCoopers estimates that IIoT will "dwarf the size of the consumer IoT by several magnitudes." This is supported by a 2020 study within the Journal of Computers & Electrical Engineering which found that "in 2023 the share of IIoT in the global market will be approximately 14.2 trillion US Dollars."

Networking Security Implications

From this macro trend comes three specific implications for industrial network operators: merging OT and IT systems, an expanded vulnerability surface, and an increase in the importance of asset visibility and monitoring capabilities.

The merging of OT and IT systems more closely together

In the past it was not difficult to distinguish between operational and information technology systems. It was possible to draw simple distinctions between operational technology on the factory floor and information technology on computer databases. Where interaction was necessary, it was often limited. As sensors are expected to communicate directly with IT systems, however, this is no longer the case. The IIoT trend is changing the networking paradigm by making each sensor into an information processing unit. As a result, there is more difficulty in making clear distinctions between OT and IT systems, and the respective cybersecurity teams will need to collaborate more closely.

Expanded vulnerability surface

Before the rise of IIoT, it was possible for most operational technology systems to be self-contained. Many OT devices were not intended to communicate with external networks. While this limited functionality, it also limited the threat surface of most industrial operations. Within the emerging paradigm, each new network-connected sensor becomes a potential entry point for a cyberattack. This was seen in Ukraine, where a smart digital relay was leveraged to translate an attack from the "computer networks" to the "industrial equipment."

An increased need for asset visibility and monitoring

Prior to the IIoT model, there were fewer "entrances" and "exits" within a single OT network. Communication into and out of the OT network was, therefore, easier to manage. In the IIoT model, however, each individual sensor becomes a gateway into the OT network. For this reason, asset owners must create an exhaustive inventory of OT devices. The alternative is to risk the growth of "shadow IT" or unindexed connections within a system. This in turn could develop into a critical threat vector that can be used by malicious actors.

In short, the IIoT is an exciting development within industrial environments. At the same time, security stakeholders need to understand the important networking security implications. Ignoring any of these risks could destroy the productivity gains of the IIoT model due to the costs of a cyberattack. To help mitigate this, OT cybersecurity teams must implement the five foundational security controls:

  • Hardware inventory of all assets
  • Software inventory for all assets
  • Configuration management
  • Vulnerability monitoring
  • Event log management

Industrial Defender is already safeguarding IIoT systems around the world by automating OT asset inventory and data collection, managing asset configurations, visualizing which assets are vulnerable to attack, and monitoring the network and endpoints for security events.

 

Mathias MESICH