Securing the Industrial Internet of Things

1 May 2019 Information Security, Infrastructure, Industrial (Industry)

The very benefits that makes the IIoT so compelling, makes it equally capable of damaging infrastructure operations and processes through bad actors.

Beginning with the Industrial Revolution in the mid 1700s, the manufacturing industry has undergone several revolutions. However, in today’s age of skyrocketing technological advancements, times are changing at a far more rapid pace, as we see the automation era being replaced by the Fourth Industrial Revolution (4IR).

The 4IR has been driven by several factors. Digital transformation, evolving business models, increased pressures around costs and time to market, have all ushered in this new age and given rise to the Industrial Internet of Things (IIoT), which facilitates unprecedented levels of real-time connectivity, visibility and control across operations.

However, alongside the plethora of benefits, is one major downfall: a dramatic increase in cybersecurity risks. Although the IIoT aims to streamline manufacturing processes, it also endangers Industrial Control Systems (ICS) as they are vulnerable to exploits that can be found freely on the Internet. The vulnerabilities range from basic issues like systems without passwords or with hard-coded passwords to configuration issues, software bugs and hardware vulnerabilities.

“Once a threat actor has the ability to run software on a host that has access to a controller, the chances of a successful attack are extremely high,” says Andre Froneman, business unit manager and industrial cybersecurity adviser at Axiz.

According to Froneman, traditional security is not enough to protect against proliferating cyber threats to both operational technology (OT) and IT systems. ICS on OT networks have totally varying operational requirements that affect the entity’s ability to adapt and respond to evolving cyber security threats.

“This opens up the organisation to new avenues for attackers. ICS cyber security strategies must be designed with asset and operational requirements in mind to protect critical processes without negatively impacting efficiency, productivity and safety. In addition, effective ICS cyber security requires a combination of tools, processes and skills.”

He says to remember that when ICS systems were designed it was with manageability and control with maximum reliability in mind. “Essentially, they were never designed to be attached to the Internet. In this way, these systems now face all the expected challenges associated with vulnerabilities and exploits, but with the additional burden of these systems operating in dispersed geographical environments that can be physically difficult to reach or that can never be taken offline.”

Moreover, all of the equipment that runs these systems is monitored and controlled by industrial controllers (PLC, RTU, and HMI) as well as sensors. They are connected to management systems such as Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (scada) systems

He says consider critical infrastructure facilities, such as electricity, oil, gas, water, waste, and suchlike, that are key to keeping nations up and running. “One can’t simply switch off these facilities, and it doesn’t take much imagination to think about what could happen if control of these systems fell into the wrong hands. Take for example, the air traffic control at an airport such as OR Tambo, the ramifications should hackers be able to control this, defy thought.”

The wide adoption of these systems is due to their benefits – they are dependable, as well as rugged and stable, allowing critical infrastructure facilities to use them for decades at a time. However, the benefits that make them so compelling, make them equally capable of damaging infrastructure operations and processes through malfeasance.

Froneman explains that these systems commonly employ propriety operating systems that have not been subjected to any form of security hardening. In addition, default passwords and baseline configurations make it child’s play for attackers to compromise them. Similarly, the software they use can’t be updated or patched often, due to the limitations of their geographical locations, as well as worries about downtime. The software run is more often than not, legacy software that lacks the appropriate user and system authentication, data authenticity verification, as well as data integrity checking features. Legacy SCADA controllers are also unable to encrypt communications and this can enable cyber crooks to employ sniffing software to find out username and passwords.

These and other flaws give hackers the ability to inject commands and manipulate parameters to modify, delete, or copy information on controlled access systems. “Should a threat actor alter commands sent to the controllers, changing the controller logical sequence or alter the sensors readings, attackers can change the industrial processes themselves,” he explains.

So what can industrial organisations do to protect their data and systems? Froneman says ICS security needs to be built in layers to prevent attacks from both external and internal sources. “There is no one-size-fits-all approach when it comes to securing ICS/ SCADA infrastructures. A segmented, multi-layer defence-in-depth strategy must be designed for their specific and highly tailored needs.”

He says that a good number of attacks suffered by ICS networks happened via IT attack vectors, including spear phishing via email and ransomware on endpoints. “Using a solution such as Check Point Threat Prevention that has features including sandboxing, as well as network and endpoint security, can prevent and eliminate this type of attack before it hits the ICS system. These technologies are also effective when used in OT networks. SCADA vendors release vulnerability advisories for their ICS devices on an ongoing basis, although OT environments are not quick to install and upgrade their machines, leaving systems unpatched, and creating a vulnerability window. Having this type of solution on the OT network, closes that window.”

Froneman says another way of securing ICS systems is by segmenting IT and OT, and applying the principle of least privilege access. “Boundary protection has been cited as number one for several years in a row by US ICS-CERT, and this type of protection should ensure the availability, integrity and confidentiality of this data, and maintain physical network separation between the real time components of the industrial network.”

“To prevent tampering with legacy data that is communicated in open text without encryption on these systems, secure site-to-site VPN tunnels between boundaries interconnects should be created. In addition, security gateways should be installed at all interconnects, guaranteeing that only relevant and legitimate traffic is able to enter or leave the network. All communication, protocols, methods, queries and responses and payloads should be validated using a firewall, application control, IPS and antivirus.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.