Securing IIoT in the manufacturing industry

Courtesy: Brett Sayles
Courtesy: Brett Sayles

The Internet of Things (IoT) was evolving as a concept even before it was defined, with household objects quietly sprouting the ability to connect to the internet.

Many of these devices have enriched lives to varying degrees. Smart speakers or smart doorbells, for example, help power connected homes. Smart fitness trackers help us live healthier lives. Many are still in their infancy to the point where they barely grow beyond the gimmick.

However, the Industrial Internet of Things (IIoT) is growing that and is changing how engineers build these products.

What is the Industrial Internet of Things?

As expected, the IIoT follows a similar principle to the more mainstream IoT. The IoT is a vast network (the actual internet) of connected devices that send and receive data. It typically refers to devices that historically haven’t been connected to the internet, such as the aforementioned speakers, doorbells, and watches.

The concept is the same for the IIoT, but the vision of scale is far grander and speaks of an infinite network of connected devices across the industrial landscape. These ‘things’ can range from smaller sensors to full-scale machines.

The ultimate goal of the IIoT is to drive productivity, efficiency, and automation across a multitude of industries that embrace the design tools of the future.

However, while building this network is well underway, several challenges remain. Extreme computing power is needed to process the vast amount of data these devices will collect, while shortages of the components required to make devices ‘smart’ are holding up supply.

On top of this, one of the biggest challenges plaguing all areas of IT and technology is equally relevant for IIoT: cybersecurity.

What are the risks and challenges of IIoT?

The IIoT opens up a whole new world of challenges for manufacturers simply because it opens up a whole new world of connected devices for cybercriminals to hack. So-called ‘dumb’ devices are unhackable remotely because they’re not connected to a network, whereas everything connected to the internet is a gateway into an organization.

Unfortunately, many of the sensors creating the IIoT were not designed with cybersecurity in mind, meaning protecting them – and the broader network – often has to be done retroactively and through other means.

To confuse definitions somewhat, these ‘smart’ devices are often “headless,” meaning they don’t run operating systems like those found on laptops. Operating systems can run cybersecurity software, so not having these means there is no way to protect the device on the device. This quirk also means it’s virtually impossible for an organization to detect an attack until it has spread beyond the individual appliance and into the wider network.

Once the attack has reached the wider network, the risks posed to the company are the same as if a hacker had entered through a computer – exposing them to a whole world of IT-based threats, including ransomware and distributed denial of service (DDoS).

IIoT device cybersecurity vulnerabilities

Hackers target IIoT devices because of the critical nature of the role they play. Compromises on these devices can wreak havoc on industrial processes, and they generally have enough computing power to cause damage if this power is redirected. In environments with thousands of internet-connected sensors, cybercriminals have many opportunities to exploit.

Attackers typically use a handful of common threats when targeting IIoT devices.

Tampering is when bad actors gain access to the firmware that runs on the sensors. A common oversight among IIoT operators is to not change admin logins and passwords from their factory settings – with the password often being “password.” Gaining access to this software gives hackers open access to the device. After this, they can instigate attacks such as DDoS or SQL injections, which lets them see the data transferred between the device and an associated database.

Spoofing is also common, through what is known as a man-in-the-middle attack. In this case, an attacker will access a poorly protected sensor and incept the data it sends to a centralized database. The attacker can see this data, but it can also covertly modify it and send it on without leaving a trace. This can have a devastating impact on the production process, particularly if it takes a long time to notice there’s an issue.

Meanwhile, an elevation of privilege attack sees cyber attackers change the credentials of an unsecured device or sensor, giving it the power to manipulate parts of manufacturing equipment.

These are just some methods attackers can use to exploit the IIoT and sit alongside the more general risks associated with more comprehensive IT cybersecurity.

Security systems designed for IIoT

When it comes to securing IIoT devices, there is a lot to think about.

Organizations should start by conducting a risk assessment using a common cybersecurity framework such as MITRE ATT&CK. Doing so will give them total visibility of what devices they have connected to a network. All new devices should then be listed in an asset inventory to maintain this visibility and ensure all devices are running up-to-date software.

The two core components of cybersecurity in IIoT are network security and endpoint security.

As with typical IT cybersecurity, all networks should be protected by firewalls. Most cybersecurity experts suggest IIoT devices should be linked to a separate network from other devices such as computers, reducing the risk of an IIoT-focused attack spreading through an organization. All network ports and gateways should be sufficiently secured as well.

Endpoint protection for IIoT devices is tricky for the reasons listed above, particularly because the data these devices transmit is often viewed by people off-site. All endpoints should have watertight permissions and privileges to stop potential hackers from doing more with the device than should be possible.

Solid password policies should be in place and, most importantly, adhered to. Multifactor authentication is also invaluable for ensuring only authorized people can access a device.

– DEP is a CFE Media and Technology content partner.




Keep your finger on the pulse of top industry news