Flaws in Industrial IoT Underline Importance of Secure Connectivity
According to the leading analyst firm Gartner Group over 50% of major new business processes and systems will incorporate some element of the Internet of Things (IoT) by the year 2020. The potential for IoT to revolutionize existing business models is very exciting. Industrial manufacturers are clearly in a hurry to capitalize on this virtual world of opportunities where new revenue streams flow from managing and servicing customers’ equipment remotely.
But before everyone gets carried away it is important to pause for a moment to consider how with the rush towards digitalization there is also a risk that IoT growth will outstrip cybersecurity considerations.
IoT is the new Klondike: fortunes may be won and lost
IoT promises the world’s major enterprises improvements in efficiency, automation and information on an unimaginable scale. Already we are seeing the technology make significant inroads into almost every corner of industry from supervisory control and data acquisition (SCADA) systems used in energy and manufacturing; to factory control systems, medical equipment and connected cars.
But there is a downside. If commercial enterprises are excited about IoT’s potential to make new fortunes, then cybercriminals and hackers are equally buoyed by the prospect of exploiting IoT security flaws to harvest data that brings them information, and ultimately riches, at everyone else’s expense. For big brands especially, there’s a lot to lose. The first IoT litigation cases have appeared in the US, placing organizations’ duty to customer care under the microscope.
A world of new vulnerabilities
Alongside IoT, a world of new risks are emerging. A January 2016 report on securing the Internet of Things by Telefónica discusses the potential for conflict between engineers and their requirement for industrial control systems to run 24/7 without interruption and the IT department’s desire to preserve data integrity at all costs.
According to the MIT Technology Review network administrators often overlook heating and cooling systems as a way for hackers to attack organizations. Elsewhere Senator Ed Markey’s detailed report into connected cars found most manufacturers were unable to describe effective means to secure the data while Kaspersky researchers have shown how easy it is to hack a hospital and its medical devices.
Security sidelined in race to market
Security threats from IoT devices are no different from any other network threat. It’s simply the case that IoT device development is totally outpacing measures to regulate their security. On top of this, systems that were once self-contained are suddenly being connected. The race to be first to market among IoT manufacturers is also affecting compatibility issues. However, not all devices are equal and there is no guarantee that they will be compatible with other devices or even earlier generations of the same device. Manufacturers are aware of this.
Some of the bigger manufacturers have resorted to asking the general public to be their test facility. GM, for example, this month announced a new bug bounty program aimed at publicly crowd-sourcing the notification of vulnerabilities in the increasingly complex cyber-systems within its connected cars.
IoT need not be the weakest link
Hackers and network intruders see IoT as the weakest access point into the network. The easiest and most reliable method of protecting machine-to-machine (M2M) connections is via VPN. Comprehensive VPN software solutions fit easily into the existing infrastructure and require no additional hardware. Moreover, data traffic is secured at the device itself ensuring no unencrypted traffic ever leaves the machine. There are three areas to take into account when setting up a VPN in an M2M environment:
- Connections – decide whether the application requires on-demand or always-on access as well as command line or API control
- Authentication – secure authentication can be achieved by some form of software/hardware network certification
- Centralized Management – a central way to remotely configure IoT device either via a system image or software distribution roll out, patching/updating software, scaling up/down VPN connectivity and managing authentications
In summary, IoT is rapidly revolutionizing data access in company networks in ways that risk leaving security considerations behind. Network access control via the deployment of VPNs can significantly mitigate or totally eliminate IoT security threats. Without reliable VPN connections, IoT places machines in the network at risk of interruption or failure—resulting in downtime, lost revenue and even litigation. VPN software can easily scale up to managing and securing the connections of thousands of machines on the network and their interaction with the data center.