Industrial IoT to equip new era of corporate intruders coming in through devices
It’s tough to imagine life without the internet and the many devices and gadgets it supports and connects. Everything -- from smartphones and computers to your home’s lights and refrigerators -- will soon be connected by the Internet of Things (IoT). Along with taking care of our mundane needs, the state-of-the-art IoT solutions and products will also cater to many industrial requirements. The myriad factors of Industrial Internet of Things (IIoT), also known as Industrial Internet, can connect multiple devices –- both legacy and modern systems –- together, to derive business intelligence in real time. According to market research firm IndustryArc, the IIoT market is expected to reach an impressive $124 billion (Rs 8.43 trillion) by 2021. As more and more companies across various domains are increasingly embracing IIoT and using it to their advantage, the trend poses some serious security threats.
What if one of these ordinary, benign devices is hacked to access private and valuable information stored in another connected device? This is not completely unlikely. In a Distributed Denial of Service attack in 2016, large parts of the US and Europe experienced internet disruption. The attack was traced back to a large number of compromised and insecure smart home devices that were used to shut down several major websites.
Security threats posed by IIoT
IIoT represents a classic paradox -- as its popularity rises, so do the inherent risks. According to a study by IT research and advisory company Gartner Inc., there will be 6.4 billion connected things globally by the end of 2018 and this number is likely to reach 21 billion by 2020. Sounds good for IIoT companies. But at the same time, it has sent alarm bells ringing among cyber security experts. To show the effects of security being compromised, consider the example of scores of homes that went without water when multiple water supply plants were hacked around the globe, between 2011 and 2016. The hackers also succeeded in infiltrating the US power grid a whopping 17 times between 2013 and 2014. As IIoT is estimated to witness a phenomenal growth, one cannot deny the fact that it is a gold mine for cyber attackers. All the above-mentioned attacks point to a larger global problem. Here’s a look at some of the security threats posed by IIoT:
Unsecured industrial devices
As numerous companies are rapidly adopting IIoT products and solutions, machines and devices are not working in isolation any longer. Increased digitisation and integration of more and more devices make the IIoT ecosystem vulnerable and susceptible to cyber risks. As these devices spawn huge volumes of data and sensitive information, lack of a robust security architecture can result in serious operational and financial damage.
Lack of data security
Data generated from myriad IIoT devices offer a goldmine of opportunities to businesses. The cloud provides an easily scalable model to store and analyse this data for best results. However, this data are not entirely secure in transit and during storage. One way to secure data is to create multiple levels of encryption but that can slow down systems when they handle large amounts of data.
Security ignored by developers
IIoT applications and devices are developed across different geographical zones and are not governed by any industry standards or regulations. Due to the competitive nature of the field, security is not always a high priority for developers or other decision makers. Businesses can’t afford to be late to the market and pay little or no attention to security vulnerabilities that may get detected very close to the time of the product’s launch. As a result, security is loosely bolted to the application or device, leaving wide loopholes that can be easily misused by hackers.
Lack of updates
While computers and cell phone operating systems receive regular security updates, this is not usually the case with IIoT devices. Such a device may have been safe when you first bought it but could become compromised with hackers discovering new vulnerabilities. Companies may offer firmware upgrades, but that often stops when they focus on developing a new product, leaving you with outdated hardware that is potentially risky.
How to secure IIoT devices
Need we elaborate more the security concerns surrounding IIoT devices? Little effort and a change in approach to the development process can easily secure these devices for future use. Here’s a look at a few steps to safeguard IIoT devices and their applications:
Avoid default passwords
Many devices have fallen prey to hackers in the past due to default passwords. The use of long, complex passwords is the first step to prevent any kind of hacking. Experts suggest that you use a variety of numbers, symbols and varying letter cases in your passwords to keep your data and devices safe.
Automate testing process
Developers must place testing at the start of the development process and make security a high priority. By automating the testing process, they can prevent IIoT devices and applications from becoming a security risk and also save time and money.
Use encrypted software and firmware
While interconnectivity of IIoT devices offers many advantages, even one weak IIoT device can act as a rotten apple, leading to the leak of valuable data from other devices. Viruses are used to send out unencrypted information and hijack other devices connected to your network. By using encrypted software and hardware, you can prevent any such leaks of sensitive information from IIoT devices.
Towards a safer future
In order to nip security issues with IIoT devices in the bud, there needs to be a radical change in the development process. Developers must check each device thoroughly for all possible lacunae and loopholes at preliminary stages to rule out any future misuse. Even as tech companies and governments across the world are waking up to the IIoT security threat, the first line of defence begins with you. Each user must take time to go over security features carefully and adhere to them. It’s vital to remember that, as consumers, if you don’t demand security, manufacturers will never prioritise it. As the web of the internet spreads wider, IIoT promises endless opportunities, but its inherent security risks must be recognised and addressed to promise a safer future for all stakeholders concerned.
Kunal Kislay, a graduate from IIT Mumbai, is co-founder and CEO of Integration Wizards. Views are personal.