Addressing Common Industrial IoT Cybersecurity Risks For Control Systems
Addressing cybersecurity threats introduced by IIoT technology and devices can quickly seem overwhelming. However, an understanding of the risks can lead to some straightforward countermeasures.
There are several reasons why industrial networks may come under attack, including access to proprietary information, monetary gain (selling valuable data, holding systems ransom), and general disruption. Cyberattacks on an industrial internet of things (IIoT) system can be costly regardless of the motive, invariably leading to expensive downtime, recovery costs, and the potential for dangerous operating conditions.
Figure 1. Every IIoT device increases the attack surface for a network, opening up more entry points that malicious actors can use. Image used courtesy of Pixabay
And while some products, such as Emerson’s Plantweb, actively include safety measures to protect industrial networks, vulnerabilities remain.
Common IIoT Security Vulnerabilities
Vulnerabilities in IIoT control systems can take many different forms. For example, more and more industrial control systems are being connected to the internet without the right kind of security to keep them safe. Legacy devices and systems still in use are also connected to the network, despite being outdated and unsecured. And so, many of the devices used in IIoT are difficult to manage and monitor closely.
Because of the high levels of interconnectivity inherent to IIoT, there is also a larger attack surface compared to traditional industrial control systems. When IIoT is integrated with control systems, there are far more endpoints, and each one can serve as a potential gateway into the system. This increase in endpoints cannot be avoided, and the existence of each new endpoint increases the attack surface and likelihood of an attempted attack.
Figure 2. PLCs, SCADA systems, DCS, and HMIs can be at risk for cyberattacks. Image used courtesy of Pixabay
It has become common for attacks to be leveled against SCADA systems, distributed control systems (DCS), PLCs, and HMIs . The results of these attacks can be dangerous and expensive.
IIoT Platform Cyberattacks
There are certain types of attacks that take advantage of the vulnerabilities posed by IIoT devices.
Distributed Denial of Service (DDoS) Attack
With the Distributed Denial of Service (DDoS), an attacker is used to flood a target from multiple sources (hence the term distributed). Because such an attack comes from so many different places, it is extremely difficult to get under control. Authentication, encryption, and access control are key to preventing these attacks.
Device hijacking is particularly disturbing because an attacker can use it to assume control of a device and launch other attacks from it or cause it to malfunction. Access control and device identification can go far in preventing these attacks.
During a man-in-the-middle attack, the attacker either spoofs or interrupts the communications between two systems. In addition to the dangers of data being intercepted by an outside attacker, the transferred data and instructions can be used to disrupt a single device or an entire facility. The best countermeasures for this type of attack include authentication and encryption. In addition, some IIoT devices include a secure boot to ensure that only OEM-generated or otherwise trusted code will be executed.
Malware is a type of software application that takes advantage of endpoints with no authentication in place and can open up your system to disruption and data theft. Even more disconcerting is ransomware, a subdivision of malware, where data, devices, and systems can be taken hostage.
Addressing IIoT Cybersecurity Risks
There are a number of steps that can be taken to reduce vulnerabilities posed by IIoT devices.
The first step toward mitigating the dangers of IIoT lies in a risk assessment that looks for what can go wrong, how likely it is to go wrong, and what is the potential impact if it does go wrong. This includes IIoT devices and sensors as well as information technology (IT) and operational technology (OT) communication channels. Once the risks have been identified and prioritized, measures can be taken to mitigate them.
Figure 3. Even the sensors monitoring conveyor belts can threaten your network’s security if authentication and access control are not in place. Image used courtesy of Pixabay
Reliable Cybersecurity System
The foundational defense against potential IIoT attacks is a reliable cybersecurity system that includes monitoring tools, intrusion detection, and a network firewall. Special attention should be given to endpoint devices: improperly secured endpoint devices may be subject to data manipulation and tampering, preventing network monitoring from detecting a threat or intrusion.
Regular software maintenance is even more important in the world of IIoT. Fixes, patches, and updates are difficult to schedule, especially when devices or machines must be restarted. Still, they serve as a good first line of defense against IIoT-related cybersecurity attacks. This is also true of firmware, where updates may be introduced to address potential security risks. For instance, Schneider Electric released a patch for their PowerLogic Smart Meters because pre-authentication integer-overflow vulnerabilities were discovered that could potentially allow an attacker to reboot the meter or execute code remotely.
Authentication, Encryption, and Access Control
Authentication, encryption, and access control have already been discussed, but their importance cannot be overemphasized. All network communication channels must be secured, including remote access, external communication, and the transmission of data and instructions between IIoT devices and control systems.
Secure IIoT Implementation
IIoT has expanded the attack surface for many facilities, but certain measures can be taken to reduce the risk and impact of cyberattacks. Risk assessment, software and firmware maintenance, authentication, encryption, and access control are critical, alongside firewalls, intrusion detection, and monitoring tools.