What threatens the industrial Internet of things and how to protect yourself from it
The Internet of Things (IoT) is one of the key technologies of the Industrial Revolution 4.0. It has a bright future in the industrial sector, which could be thwarted by a growing number of cyber threats. But there is a solution. Let’s talk about it in this article.
“Robots work hard”: Internet of Things in Industry 4.0
Back in 2008, the number of IoT devices exceeded the number of inhabitants of the Earth, and in 2012, the mass introduction of the Internet of Things into the industrial sector began. Today, industrial IoT (industrial IoT, IIoT) is an automated remote control system for transport and complex equipment of factories and power plants, the basis of the life of “smart cities”.
How the Industrial Internet of Things works
“Things” (for example, factory equipment) produce information using sensors and sensors. This data is sent to the controllers (microprocessors) for processing. Controllers transmit data over wireless networks to data centers (cloud storage). The data in the clouds is processed, and based on it, signals are sent back to the “things” through the networks about certain control actions.
IoT is one of the key technologies of the near future in the concept of Industry 4.0. For half a century, cyber-physical systems have been introduced in industrial production – those in which digital and physical entities are combined. But the development of IoT is not limited to this. Now production is often managed distributed: all data comes via the Internet, and a person does not participate in their transfer.
According to the founder of the concept, the Swiss economist and founder of the Davos Forum Klaus Schwab, cyber-physical systems will have to be combined, transmit data to each other in real time, have the ability to self-adjust and self-learn. But one of the biggest obstacles to Industry 4.0 is the lack of security guarantees when connecting industrial networks to the Internet. At the same time, even today, production infrastructure that is not directly connected to the Internet is increasingly facing cyber threats that have come in other ways.
IoT and industry are perfect targets for hackers
The emergence of a concept similar to the modern Internet of Things, back in the 1920s. predicted by Nikola Tesla. He also believed that the “electronic brain” of the future will inevitably learn to negatively influence people. According to the scientist’s forecast, electric waves will be able to disable equipment, military vehicles.
The “electronic brain” of the 21st century, fortunately, is not yet capable of independently manipulating technical systems and thus harming people, and, fortunately for us, it is still very far from its creation. But people, having adopted high technologies, have been doing this for a long time, and in the context of the Internet of Things, Tesla’s forecasts become especially relevant.
Statistics show that over the past five years, the number of cyber threats to the Internet of Things has increased by almost 700 (!) times.
Growth in new IoT malware samples from 2015 to 2020
“One Hundred Thousand Refrigerators Will Hack Bank of America”
Wynton Gray Surf
“Father of the Internet” (an outstanding scientist, one of the authors of the TCP / IP protocol), 2015
Today, memes like “Killer Fridge” and “Toaster Destroyer” don’t seem scary, but rather funny. But imagine, for example, medical equipment connected to the Internet, suddenly out of order due to outside influence. Quite a different feeling, right? Unfortunately, such incidents are already happening. For example, in April 2021, the media reported on the shutdown of radiological equipment in Connecticut, USA, which occurred as a result of a cyber attack on the Swedish manufacturer Elekta.
On the other hand, the fact that industry as such is becoming an increasingly attractive target for intruders no longer seems to raise questions.
Here are just a couple of examples:
2019 – LockerGoga ransomware penetrated the industrial network of the aluminum company Norsk Hydro. 22,000 network computers in 40 countries were affected. Production and work of offices at 170 facilities of the enterprise were stopped. According to an official statement on the company’s website, the total financial damage from the attack was about NOK 550-650 million (approximately $60.5-71.5 million).
2021 – US pipeline operator Colonial Pipeline was hacked. As a result, deliveries of gasoline, diesel and aviation fuel were disrupted. The US Department of Transportation has declared a state of emergency in several states. Bloomberg, citing sources in the company, reported that Colonial Pipeline paid the cybercriminals a $5 million ransom that the blackmailers demanded for unlocking the equipment.
Summing up, we can say that today hackers are attracted by large cyber-physical systems, which include IIoT. The potential benefit to criminals when exposed to them is high. As well as the likely damage to the business: even small downtime and unplanned stoppages of production cause a decrease in its efficiency and lead to losses.
Who is to blame is clear. But what to do?
It will always be more efficient and profitable to prevent a threat than to deal with the consequences and compensate for the damage. Today, there are not only powerful security solutions on the market, but also tools to put cybersecurity at the heart of IT solutions.
In the case of the Internet of Things, it should be borne in mind that it is difficult and costly to put up means of protection or to endow each of its huge number of components with cyber immunity, both in terms of time and other resources.
Cyber security needs to be taken care of in advance. One way is to put it at the heart of digital solutions, . Cyberimmune products based on it are resistant to the vast majority of not only existing, but still unknown information security risks. The principle of operation of such products is not to patch holes as a result of a successful attack, but to prevent their occurrence by default.
To protect IoT systems, many information security companies create
IT product with cyber immunity. With inherent resistance to cyberattacks, it protects data from compromise by securely transferring data via universal protocols directly from the field (machines, pumps, robots) to the cloud storage and processing platform. In addition, the gateway plays the role of a data diode: information passes through it in only one direction – from devices to the IIoT (Industrial Internet of Things) platform. This means that the equipment cannot be connected from outside.