The dangers of an insecure IIoT system
Wired detailed the frightening consequences of vulnerable computer-based systems in its 2008 article Industrial control systems killed once, and will again, experts warn. With the expansion of “smart devices” into the automobile and medical industries, those predictions are more pertinent than ever, and it has become obvious that fortifying security for the IIoT is of utmost importance.
Gartner predicts that by 2020, more than 25% of identified attacks in enterprises will involve IoT, although IoT will account for less than 10% of IT security budgets.
“The effort of securing IoT is expected to focus more and more on the management, analytics and provisioning of devices and their data,” said Ruggero Contu, research director at Gartner in a statement. “The future of cloud-based security services is in part linked with the future of the IoT. By 2020, Gartner predicts that over half of all IoT implementations will use some form of cloud-based security service.”
Considerations and approaches to taking on the security issue
IBM, in its report IBM point of view: internet of things security, offers some background on the security state of an industrial IoT system:
- Defense in depth – have multiple layers of defense in the solution.
- Devices are “in the wild” and now part of the attack surface.
- Devices that were isolated before are now connected, which considerably broadens the potential significance of any security breach
- Fail-safe modes of operation must be assured for devices, even if they become isolated from communication with other parts of the environments.
According to Cisco, a major disruption of the traditional model brings it’s own set of challenges. The following lists some security difficulties and considerations in designing and building IoT devices or systems:
- Typically small, inexpensive devices with little to no physical security
- Computing platforms, constrained in memory and compute resources, may not support complex and evolving security algorithms.
- These devices are designed to operate autonomously in the field with no backup connectivity if primary connection is lost
- Mostly installed prior to network availability which increases the overall on-boarding time
- Requires secure remote management during and after onboarding
- Scalability and management of billions of entities in the IoT ecosystem
- Identification of endpoints in a scalable manner
- Management of Multi-Party Networks
- Crypto Resilience
- Embedded devices may outlive algorithm lifetime
- Crypto algorithms have a limited lifetime before they are broken
- Physical Protection
- Mobile devices can be stolen
- Fixed devices can be moved
- Tamper Detection techniques and design
- Always On: High Poll rate, more energy, quick detection
- Periodic Poll: Less energy, slower detection
- On-event Push: Minimal energy, no detection
The elements of an IoT solution will not be single-use, single-ownership, according to Cisco. The devices and the control platform on which data will be consumed and shared could have different ownership, policy, managerial and connectivity domains, and will be required to have equal and open access to a number of data consumers and controllers concurrently, so it is important to establish the appropriate identity controls and build trust relationships between entities to share the right information.
Cisco also claims that there are competing, complex security requirements to be deployed on a platform with potentially limited resources:
- Authenticate to multiple networks securely
- Ensure that data is available to multiple collectors
- Manage the contention between that data access
- Manage privacy concerns between multiple consumers
- Provide strong authentication and data protection (integrity and confidentiality) that are not easily compromised
- Maintain availability of the data or the service
- Allow for evolution in the face of unknown risks
The company goes on to name various categories of security threats that IoT can be vulnerable to including:
- Common worms jumping from ICT to IoT: Generally limited to things running consumer O/S: Windows, Linux, iOS, Android
- “Script kiddies” or others targeting residential IoT: Unprotected webcams, stealing content, breaking into home control systems
- Organized crime: Access to intellectual property, sabotage, and espionage
- Cyber terrorism: Nuclear plants (For example, Stuxnet virus), traffic monitoring, railways, critical infrastructure
A framework provided by Cisco
The figure above shows a framework to secure the IoT environment and is comprised of four components:
Authentication
“At the heart of this framework is the authentication layer, used to provide and verify the identify information of an IoT entity. When connected IoT/M2M devices (e.g., embedded sensors and actuators or endpoints) need access to the IoT infrastructure, the trust relationship is initiated based on the identity of the device. The way to store and present identity information may be substantially different for the IoT devices.”
Authorization
“This layer builds upon the core authentication layer by leveraging the identity information of an entity. With authentication and authorization components, a trust relationship is established between IoT devices to exchange appropriate information. For example, a car may establish a trust alliance with another car from the same vendor. That trust relationship, however, may only allow cars to exchange their safety capabilities.”
Network Enforced Policy
“This layer encompasses all elements that route and transport endpoint traffic securely over the infrastructure, whether control, management or actual data traffic. Like the Authorization layer, there are already established protocols and mechanisms to secure the network infrastructure and affect policy that are well suited to the IoT/M2M use cases.”
Secure Analytics: Visibility and Control
“This secure analytics layer defines the services by which all elements (endpoints and network infrastructure, inclusive of data centers) may participate to provide telemetry for the purpose of gaining visibility and eventually controlling the IoT/M2M ecosystem. With the maturity of big data systems, we can deploy a massive parallel database (MPP) platform that can process large volumes of data in near real time. When we combine this technology with analytics, we can do some real statistical analysis on the security data to pick out anomalies.”
Test your security
Security testing techniques apply to devices as they apply to any other software systems, according to IBM. The company provides a checklist for ensuring security fortifications:
• Code analysis, ethical hacking, and other techniques apply to devices and device-side code.
• Hostile environment testing extends beyond physical hostile conditions to include communications and networking hostile conditions.
• If the code is correct, as validated by testing, the attack surface shrinks.
No perfect solution
There is no way around it, virtualization and IoT systems add further security vulnerabilities that already exist in our connected world. Both Cisco and IBM agree there can be no 100% secure setup against an attack, but following the steps in this article will significantly reduce the potential of a breach, and at the very least give peace of mind that steps were taken to achieving a protected system.