When you connect manufacturing machinery to the internet, you've created a potential gateway for hackers to exploit. Here's a look at the risks you might be facing.
Who would have thought a bunch of DVRs could slow down -- and in some cases, bring down -- popular websites such as Netflix, Twitter and Spotify? But, as has been widely reported, DVRs and cameras were just two types of internet of things (IoT) devices hit by the malware Mirai that turned into botnet-spewing weapons. The result was a massive distributed denial-of-service (DDoS) attack, crippling U.S. internet traffic in October.
An article covering this topic entitled, "Where the Industrial IoT Vulnerabilities Lurk in Your Plant" was recently published in TechTarget. The author, Albert McKeon, interviewed Jeff Williams, Co-founder and CTO of Contrast Security on how manufacturers may safeguard IoT technology. Jeff is quoted in the section labeled, “Truth about Industrial IoT Vulnerabilities,” alongside experts from Deloitte, Infoblox and Lanner Electronics. Below is an excerpt from the article as well as Jeff's quote.
Excerpt from Where the Industrial IoT Vulnerabilities Lurk in Your Plant starts here:
The Truth about industrial IoT vulnerabilities
Security and monitoring experts are split on how vulnerable IIoT is.
"In the manufacturing industry sector, things are a lot more secure, relative to the cheap, vulnerable consumer IoT devices," said James Piedra, a network platform specialist for Lanner Electronics, which works in the IoT industrial arena. "IoT sensors used in manufacturing connect wirelessly to a gateway, which can run security and monitoring software like a firewall or log -- or, even better, the IoT gateways sit behind dedicated firewall appliances."
But Jeff Williams, the CTO and co-founder of Contrast Security, believes manufacturers have to worry because they're relying on a mix of old ICSs with newer IoT devices that have various origins and, thus, different security features. "Some IoT devices are made on assembly floors, while others are made in little labs," he said. "There are a zillion different processes to make those things, so software is the one piece that's vulnerable. I look at it as a software problem; there's the vulnerability to allow hackers to get into a device.
A Deloitte survey of 225 manufacturing industry cyber risk executives found that 45% of them used sensors and smart products, but, overall, only half of them had isolated or segmented their ICS networks. Until security standards take hold, IoT and ICS will remain vulnerable and will leave hackers plenty of wiggle room, said Deloitte's Peasley.
"They'll be knocking on doors and using multiple techniques," Peasley said. That includes scanning the social media profiles of manufacturing employees to look for hints at what products they use at work. Hackers can then cross-reference those IoT and ICS products, find and exploit their vulnerabilities, and enter the manufacturer's environment. "They can then maybe increase administrative privileges and then get into an internal network -- then sabotage or steal information on production processes and the production line," he said.