Identifying and Quantifying IIoT Risk

As the Internet of Things infiltrates industrial floors, cybersecurity must adapt to mange IIoT risk. Today, many operations in the energy, oil and gas, manufacturing, chemicals, pharmaceuticals, mining, and transportation industries rely on industrial Internet of Things (IIoT) technology. And according to recent reports, that trend is only going to continue.

According to a June 2019 report by Grand View Research, Inc., the IIoT market size is expected to reach $949.42 billion by 2025.

IIoT refers to interconnected sensors, instruments, and other devices networked together with industrial applications. It is used in conjunction with safety controllers, power relays, industrial control systems, and supervisory control and data acquisition systems. Together, this technology helps regulate functions like air quality and water treatment at a range of facilities like power plants, oil refineries and factories.

Around the globe, operations are using this technology to optimize their business operations and reduce costs. As a result of this increased connectivity, they’re seeing a number of benefits including greater productivity and efficiency.

“Having realized that IIoT can help in drastically improving functional efficacies, several companies across the globe are implementing predictive maintenance techniques based on smart sensors and compatible software. Predictive maintenance can particularly aid in limiting the equipment downtime and improving the safety factor,” Grand View Research said in a press release. “The IIoT market continues to evolve in line with the rising preference for cloud integration coupled with the continued adoption of state-of-the-art data analytics tools and smart sensors for facility and inventory management and optimization of logistics and supply chain using smart metering.”

However, in addition to the benefits of IIoT, this technology does carry certain security risks. In 2016, IT service management company Gartner predicted that by 2020 more than 25 percent of identified attacks in enterprises would involve IoT. And many companies report they’ve already experienced an attack on their IIoT.

In May 2019, software company Irdeto released the results of a survey of more than 700 security decision makers. According to the report, eighty percent of these organizations experienced a cyber-attack against their IoT over the last 12 months.

This is largely because many operations are not yet adequately equipped to secure their IIoT technology. Others don’t yet understand the risk associated with IIoT and where vulnerabilities lie.

Here’s a look at the risks associated with IIoT technology and how operations can protect themselves.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

How IIoT Puts Operations at Risk

Cyber attacks on an operation’s IIoT technology can take many forms. A hacker could infiltrate the IIoT to take control of an industrial robot which could potentially damage an assembly line or injure operators. Similarly, an attacker could use a compromised device to gain access to a facility’s larger network and launch a ransomware attack. Additionally, in a denial-of-service attack, hackers could disable a network resource and disrupt operations.

Hackers targeting industrial operations can have a variety of goals. An attacker targeting a power utility could seek to siphon electricity off of the grid. Hackers bent on destruction could use malware to disable critical equipment on a factory floor and halt operations.  However, regardless of the goal, by targeting IIoT, hackers can cause serious disruptions and damage to utility services and manufacturing facilities.

In October 2019, CyberX, a security company specializing in IoT and industrial control systems, released it’s 2020 Global IoT/ICS Risk Report. The report is based on an analysis of real-world traffic from more than 1,800 production IoT/ICS networks across a range of sectors worldwide. It identifies a number of vulnerabilities that can put operations at risk when using IIoT.

“Our goal is to bring board-level awareness of the risk posed by easily-exploited vulnerabilities in IoT/ICS networks and unmanaged devices — along with practical recommendations about how to reduce it,” Omer Schneider, CyberX CEO and co-founder, said in a press release.

Through their analysis, CyberX found that IoT/ICS networks and unmanaged devices are soft targets for hackers. This puts many operations at increased risk of costly downtime, catastrophic safety and environmental incidents, and theft of sensitive intellectual property.

According to the report 22 percent of the sites analyzed exhibited indicators of threats, including suspicious activity such as scan traffic, malicious DNS queries, abnormal HTTP headers, and an excessive number of connections between devices and malware such as LockerGoga and EternalBlue.

“Today’s adversaries — ranging from nation-states to cybercriminals and hacktivists — are highly motivated and capable of compromising our most critical operational systems,” Nir Giller, CyberX GM, CTO and co-founder, said in the release. “It’s now incumbent on boards and management teams to recognize the risk and ensure appropriate security and governance processes are in place across all their facilities to address it.”

According to CyberX, outdated operating systems can put operations at risk. For example, 62 percent of the sites they analyzed have unsupported Microsoft Windows boxes such as Windows XP and Windows 2000 that no longer receive regular security patches from Microsoft, making them especially vulnerable to ransomware and destructive malware. When you include Windows 7 which reached end-of-support status last month, that figure rises to 71 percent. Additionally, 66 percent of the sites are not automatically updating Windows systems with the latest antivirus definitions.

“Antivirus is the very first layer of defense against known malware — and the lack of antivirus is one reason why CyberX routinely finds older malware such as WannaCry and Conficker in IoT/ICS networks,” the report says.

The report indicates that 64 percent of sites have unencrypted passwords on their networks. CyberX analysts also found that 54 percent of sites have devices that can be remotely accessed using standard management protocols such as RDP, SSH and VNC. This puts them at risk because attackers can pivot undetected from a single compromised system to other critical assets.

According to CyberX, it only takes one internet-connected device to provide a gateway into IoT/ICS networks for malware and targeted attacks, enabling the subsequent compromise of many more systems across the enterprise. Of those sites analyzed, 27 percent had a direct connection to the internet.

How to Adapt Cybersecurity for IIoT

What makes IIoT an attractive pathway for hackers is that it makes operations increasingly vulnerable. IIoT has led to more connected endpoints which has increased the number of potential gateways for cybercriminals to gain access to networks and infrastructure systems. And as more facilities adopt IIoT, the attack surface continues to widen.

Industrial machinery often operates with outdated and unique equipment, hardware and software that can no longer be patched. As these components are paired with IIoT devices, they are then exposed to online threats they were never built to guard against. As a result, It is often difficult to update them to meet the necessary cybersecurity parameters.

In order to counteract this there are a number of measures organizations can take to improve their cybersecurity without disrupting their operations, service reliability or profitability.

“Where many of us were blind, we now can see. As IoT/ICS-specific security solutions are installed by more and more organizations, IoT/ICS vulnerabilities that were once invisible are now in plain sight and can be mitigated in a risk-prioritized manner,” the CyberX report says. “It is now well-understood that common ‘IT’ approaches to security hardening — such as monthly patching and regular OS upgrades — don’t usually work for production networks, due to their 24×7 operations and reluctance to make any changes that might ‘break production.”

Experts agree its important to reduce the number of digital pathways to the minimum number necessary. Firewalls and unidirectional diodes can also be used to eliminate unauthorized internet connections.

It’s also important to ensure that those connections that are necessary pass through an administrator-created and monitored “De-militarized Zone.” Any IT/OT connections that do not pass through the DMZ should be eliminated.  Additionally, external connections should be verified with 2-factor authentication and managed by a privileged access control solution.

In order to ensure early detection of attacks, experts recommend continuous monitoring that includes  IoT/ICS specific behavioral anomaly detection. Monitoring should also be integrated with firewalls to help operations quickly repel threats.

Other cybersecurity measures include immediately changing default passwords as soon as  devices come online, removing weak passwords, eliminating unused open ports,  and regular monitoring of USB devices and passwords before they can be connected to the production network. Experts also recommend eliminating flat networks with granular, policy-based segmentation rules and patching Windows, Linux, and controller firmware when possible.

“You can’t prevent a determined and sophisticated adversary from compromising your network — so the best strategy is to eliminate as many vulnerabilities as possible while implementing mechanisms to quickly spot intruders before they can cause real damage to your operations,” the CyberX report says.

Rebecca Addison

Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.