The Industrial Internet of Things (IIoT) is made up of interconnected sensors, instruments and other devices networked together with ICS/SCADA systems controlling water utilities, transportation systems, electric grids (the power grid) and other critical infrastructure systems.
The Industrial Internet of Things is a natural progression of the Internet of Things. Connected gadgets are becoming increasingly popular in our homes. They make our lives easier, more convenient and more fun, but also add a level of extra worry for those who think about the possibilities.
From your Amazon Echo to your IP security camera, they are all potentially vulnerable. When we take this to an industrial scale, the consequences become potentially much greater.
The essential nature of IIoT devices is that they are connected to Internet-based cloud services. The safety and the protection of a country’s critical infrastructures is a national security issue and so with this in mind, the safety of using IIoT devices should be closely examined.
An attack can come from anywhere. Of course, there may be a party with a political, environmental or personal reason to infiltrate a system, but also we cannot rule out that someone may try to do so just for a challenge, just for the hell of it, for no ultimate reason that could ever have been predetermined.
Consider the case of the Ukraine power grid cyber attack in 2015. The power structure was compromised and control over the SCADA systems landed in the wrong hands, resulting in almost a quarter of a million people having no power for their homes or businesses.
Given the extreme complexity involved in managing urban infrastructures, there is no blanket solution for bringing all systems online at once.
High-ranking government offices including the US DHS (United States Department of Homeland Security) struggle to predict with any degree of accuracy the likelihood of an attack, or the scope of such an attack on IIoT networks, and the effects of such an attack on SCADA systems.
SCADA is an acronym for Supervisory Control and Data Acquisition.There are major differences between what happens if an IT system goes down versus what happens if a SCADA system goes down. SCADA systems are responsible for some critical urban infrastructures and many other kinds of industrial processes, integral to the smooth running of towns, and even countries.
There is a growing threat to the functionality of SCADA systems. An attack can affect urban online systems, infrastructures, power grids, water utilities and many more vital systems. The increasing frequency with which cyber attacks are taking place is cause for concern.
This is particularly alarming as it pertains to the IIoT and so it is of upmost importance that we ensure that IIoT devices cannot be compromised or mis-operated from compromised cloud services, resulting in physical problems. The repercussions of such problems could be huge and could put lives at risk.
For instance, an attacker could take down power to a town. Of course, it’s annoying when you have no power at home, but imagine a hospital with no power for the life support systems, or a city with no power for traffic lights. Suddenly the situation gets very serious very quickly.
SCADA systems generally monitor and control multiple PLCs (programmable logic controllers). PLCs form part of the Industrial Internet of Things. SCADA systems are typically used in electricity distribution networks and water systems.
Most SCADA systems are polled; a central master station sends requests every one to three seconds to distant PLCs requesting the current values of physical properties such as temperatures, pressures, flows, and equipment on/off statuses.
For example, when a PLCs measure a 1 degree change in the temperature of oil in a pipeline, the PLC reports the change the next time the central SCADA master asks the PLC for the current value of that measurement point.
It comes as no surprise that more industrial systems are going online every day. This naturally lends itself to increased security threats as increased connectivity offers increased opportunities to communicate attacks as well as to communicate legitimate data. Security is not the primary focus of OT. Yet, unbeknownst to many outsides of the field of system safety, operational technology and information technology are inextricably intertwined. There are several ways in which enhanced security can be provided to operational technology systems using IIoT devices, notably:
By the NIST 800-82r2 definition of “unidirectional gateway” the gateways are physically able to send information in only one direction – most commonly from a protected IIoT installation to the Internet. In addition, gateway software replicates servers and emulates devices.
Over the years, SCADA systems have been targeted by individuals, corporations, and governments seeking to inflict harm or damage on the operational structures they manage. The following examples are some that have been reported:
It is clear that the protection of industrial systems, networks and communication channels is sacrosanct, insofar as SCADA systems are concerned. The security of SCADA systems is increasingly important and differs markedly from corporate IT security. For example, the primary risk differences between SCADA and corporate IT can be summarized as follows:
SCADA systems are expressly focused on safety, while corporate IT focuses on confidentiality and integrity.
Securing SCADA systems and their new IIoT components will therefore continue to be a high priority for industrial enterprises.
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…
Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…
A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…