As technology continues to advance and more of the world, including manufacturing plants and products themselves, becomes connected, understanding the risks associated with industrial internet of things (IoT) deployments is increasingly important.
Organizations considering launching a manufacturing or industrial IoT initiative, or connecting existing technology for automated and remote monitoring or access, will need to consider all of the potential risks and attack vectors associated with those decisions.
In this article, you will learn about the key risks associated with industrial IoT, including:
Denial of service attacks
Man-in-the-Middle or Device “spoofing”
What is industrial IoT?
Industrial IoT (also known as IIoT) refers to a network of connected industrial devices found on things like plant manufacturing equipment down to small sensors inside of manufactured devices. These sensors are typically used to collect information on past performance or efficiency and share that data back to a centralized source.
Why is IIoT Security so important?
Depending on the application, a breach in an industrial IoT environment could result in risks ranging from leaking of important information that is critical to the way your business works or a device is manufactured, to compromise of the product you produce or damage to your industrial controls.
Take a physical product, like bolts, for example.
If a hacker gained access to the network for your bolt manufacturing plant and changed the machine settings that controlled the strength of that bolt, it could easily cause bolts to fail and your products to fall apart under stresses it should normally be able to withstand.
That could mean a person dies when your product fails.
While the risks vary depending upon how you use IIoT devices in your organization, the threat is real no matter the level of concern. Protecting your organization, and the people who use your products should be paramount.
Risks associated with industrial IoT
There are a variety of risks associated with a cybersecurity compromise in industrial IoT. Each of them is described in more detail below.
Device hijacking occurs when a malicious actor takes control of an IoT endpoint device or sensor, often without the owner being aware that a breach has occurred.
Depending on how “smart” your endpoint devices are, device hijacking can vary in terms of how big of a risk or concern it poses.
If an endpoint or IIoT sensor is compromised by ransomware or malware, a bad actor may be able to control the activity of the endpoint device itself. This is especially concerning if that endpoint or device has automated functionality, controlling manufacturing (like the bolt example above) or controlling the function of an internet-connected product in the field.
This can often happen if you fail to update your industrial IoT devices properly. This also may be the starting point for an attack that goes after your entire network by starting at an endpoint and using that device to gain access to your centralized network.
As many devices in manufacturing plants or within warehouses rely on older or legacy technology, that may not be able to be updated at all, connecting them to the network opens a lot of doors at the device level.
Using a hardware-based VPN solution is often the only way to provide security to both the IoT device itself and the data or information that it transmits, which is also compatible with older or legacy technology.
Similar to an “eavesdropping” style attack, data siphoning is focused on the data being transmitted by an industrial IoT device rather than an end-user.
In this case, attackers eavesdrop on the network traffic going from the endpoint device back to the primary network to gather information they shouldn’t have access to.
This particular type of attack is most concerning when the data your industrial IoT device is sending is very sensitive or could be a problem if it fell into the wrong hands, making it of most concern to highly regulated industries like defense, healthcare, and aerospace.
It is also concerning if the device is sending information that may allow a competitor to gain access to important IP.
In this case, making sure all data being transmitted is appropriately encrypted (potentially even with quantum resistant cryptography) and protected is incredibly important.
Denial of service attacks
Another common risk with industrial IoT devices is the potential for a distributed denial of service attack across all devices or across the internal network itself.
In this case, attackers may use the device itself, or the centralized network, as a way in and then flood the endpoint devices with so much traffic that they cannot complete the work they were intended to do.
Essentially, an attack like this just renders the industrial IoT endpoint devices about as useful as bricks.
This is critical for organizations that rely on those devices being functional for production to continue, or for products to work properly in the field. In this instance, a security solution that completely obfuscates the device from the outside world, and all of the networks it speaks to, is especially attractive.
This risk involves an attacker using an industrial IoT device as the door into the central network where important and sensitive data is stored.
Because the attack surface is very large for many industrial IoT devices, due to the legacy technology concerns we mentioned above, it makes them a prime target to use as the “doorway” to larger corporate networks.
Attackers can simply use them as a way to gain entry to your enterprise network and gain access to data you are looking to keep protected, including:
Client or partner data: Any information about your clients or partners, including their passwords, their customers, or their internal systems.
Personally identifiable information: This can be personal or identifying data about your customers or other employees.
Intellectual Property or Trade secrets: Anything that is vital to how your company or its customers or partners works that would be negative if it found itself in the hands of your competitors.
Health data: Any health or personal data protected by HIPAA regulations.
Financial data: Information about finances for your company, your clients, partners, or your customers including bank details and login information.
As discussed above, the best way to protect industrial IoT devices from becoming an entry point is to properly secure the devices themselves. Using a hardware-based VPN solution is often the only way to accomplish this that is also compatible with older or legacy technology.
Another common concern, particularly with devices out in the field, is theft of the physical devices themselves. This risk is largest when endpoint devices are storing important information that may cause concern if that information falls into the wrong hands.
Often, IoT deployments protect from this risk by avoiding storing any sensitive data on the endpoint devices themselves and relying on the network or cloud-based infrastructure they connect with to hold that information.
Man-in-the-middle or device “spoofing”
This risk involves the potential of an attacker placing themselves between the industrial IoT endpoint device and the cloud or centralized network, and “pretending” to send data as the device.
This is of largest concern if the traffic coming from an endpoint device might be used to change production information or control a product in the field.
Take the bolt manufacturing example discussed earlier. If an attacker pretending to be an industrial IoT sensor sent back false information that caused the production equipment or machines to change calibration or manufacturing processes, that might result in faulty bolts being produced.
In this case, using a hardware-based security solution can create a root of trust, allowing the central network to know, without a doubt, if information is coming from a real endpoint device or someone else.
As you consider embarking on an industrial IoT initiative, keep in mind the security risks you’ll have to protect your organization against. Knowing about these risks shouldn’t necessarily stop you from undergoing the initiative, but will allow you to select a deployment strategy that will help you mitigate them.
Different security measures are built for technologically different purposes or applications. Some tools and products are meant to help you diagnose and detect problems, whereas some tools are meant to help you prevent attacks from ever happening in the first place.
Make sure you have the right balance of both types of protection in your plan.