Industries across the spectrum are embracing the emerging possibilities of IoT and the connected device ecosystem. The benefits of IoT include unlocking the potential of analyzing real-time, historical behaviors of the edge devices for effectiveness, better management, and productivity by connecting edge traffic to the cloud. The recent innovation in increasing the “bandwidth of the pipe” has enabled bulk uploads through networks and begins a new chapter in deciphering the Internet of Everything. In the past, the focus has been on enabling the faster movement of edge data to the cloud, however, not much focus has been laid upon two very important aspects of data: the quality of the data ingested and the potential vulnerabilities that can present itself as backdoors.
By Raghunath Venkat Thummisi, Founder & CEO, Cannon Cyber
Critical Industrial Automation systems stand apart in terms of complexity, associated legacy technologies, and established governance when it comes to monitoring and management. Critical infrastructure grids such as utility, power, and nuclear don’t push data at the same intervals as other IoT systems do. Moreover, legacy protocols are still in use for communication in many industries, one example being the industrial automation space where we grapple with ModBus, ProfiBus, and Fieldbus communication technology. This opens up a large surface for security attacks across endpoints. The increasingly mandated regulatory compliances for IoT security aim to pre-empt the threats posed by cybercriminals who take advantage of the legacy, siloed technology stack, and protocols to launch network-based endpoint attacks and threaten large asset bases of organizations. IoT and connected devices need to reassess methods by which the attack surface can be minimized, which is the focus of the ISA99/ IEC622443 security standards for Industrial Automation Systems.
Breaching IoT devices allows attackers to build networks across an army of connected devices that can be used to launch massive Distributed Denial-of-Service attacks to bring down large omnichannel platforms. The above example represents only the tip of the iceberg in terms of the challenges that IoT security practitioners face; creating the need for all the associated entities in an IoT security data chain to come together and build a robust security infrastructure that reassesses North-South traffic. The paradigm changes taking place in designing an effective and secure IoT infrastructure have to explore an IoT-native architecture and not merely transpose tools from typical software architectures. As an example, network firewalls are a critical security gatekeeper in traditional infrastructures. However, the same doesn’t hold true when we explore Industrial Automation devices or Industrial IoT (IIoT). Connected devices in industrial automation have been there for decades, however, the know-how needed for managing completed critical Infrastructure grids and nuclear installations has been the responsibility of operational teams. The IT and operational teams have been brought together to build effective and high-response teams, but they come with a price of negatively affecting the decision-making of cybersecurity teams staffing the security infrastructure and hence delaying an effective response to the incoming attacks. Management of the edge devices requires a different approach that prioritizes securing each connected endpoint, to protect against the possibility that the breach of a single device opening a backdoor into other systems.
Traditional designs of deploying a combination of firewall policies, access control lists, and virtual private network nodes complicate an IoT infrastructure, rendering it suboptimal. Excessively intricate IIoT infrastructures with a dynamic network flow may create additional junction points that necessitate the deployment of additional firewall points, sometimes numbering in the hundreds or thousands. A better approach may be to explore endpoint segments and access management.
The above scenarios call for better management, mandates, and regulations to explore holistic design and deployment.
Manageability – A driving factor in the effective design of IIoT security
Given the increasing vulnerabilities, patch management, hotfixes, and upgrades as we know them in the traditional software world prove much more critical in IIoT infrastructures. Also, given the remote deployments, production instances, and complex environments governed by underlying dependencies, “re-fueling in-flight” essentially figuring out a hybrid approach on rolling the upgrades as soon as possible, must be achieved. For example, the time for deploying a hotfix for a particular CVE is much more cumbersome depending on how far apart the endpoint devices are located and if they are within the realm of online patch updates.
Better support and user experience
We see that often, most devices are shipped with default, factory-set passwords that can’t be changed, while some IoT vendors make it harder for customers by not having a simple UI to navigate. Product support is another area of challenge, especially with smaller vendors, which makes it harder for customers to have a secure perimeter.
Hence, it is imperative for IoT vendors to have a mechanism to better deploy authentication using unique credentials on every device, including designing an organization, specific passwords, and secrets management system while enabling their customers to better utilize the product features through ongoing device security and management.
Now, let’s focus on some of the most prominent IIoT Security Attacks:
- Firmware Hijacking: Firmware vulnerabilities and a lack of consistency infrequent updates present an opportune moment for an attacker who may leverage vulnerabilities to hijack devices and launch a more coordinated attack.
- Distributed Denial of Service (DDoS): DDoS attacks present a serious risk of critical applications being compromised by attackers and losing access to key control systems governing the critical infrastructures. While these types of attacks might not necessarily steal data, the possibility of losing access to critical systems may yield catastrophic results. Some of the largest known DDoS attacks in history were based on IoT devices.
- Botnets: Cybercriminals devise botnets by hijacking IoT devices, infecting them with malicious code, and using them as a command center to launch attacks across the device ecosystem and expose the entire network. The largest known Botnet attack that occurred in 2016 when the Mirai botnet literally brought down the internet including a host of businesses across different geographies was a result of the botnet launch leveraging unsecured security cameras.
- Port 7547: Attacks targeting this port are well known and there are millions of devices with this flaw. This trend continues despite high visibility through several recent incidents that were targeted at a leading telecom provider’s routers, debilitating the network for a long time.
- Malicious packets: Injecting malicious snippets of code or packets and taking control of important applications isn’t new, but this presents a much larger challenge in IIoT ecosystems where attacks in a similar situation might lead to a complete, dangerous override of our critical infrastructures.
- Network packet sniffing: In this type of attack, a hacker intercepts network traffic in order to steal sensitive information via a weakened connection between an IoT device and a server. Eavesdropping typically occurs by listening to digital or analog voice communication or via the interception of sniffed data. The attacker could walk away with sensitive, corporate data using this method. Taking advantage of the legacy Layer 7 level communication protocols, attackers can secretly intercept messages by deceiving either party.
- Brute Force: Scripting and guessing password patterns and increasing the attack surface upon gaining control presents endless opportunities to cause harm. While there are ways to mitigate them with multi-factor authentication and key management systems, it is important to propagate this technique into IIoT ecosystems.
And then there is the advent of 5G…
Quantum speeds and versatility in data traffic through 5G Networks present a generational set of opportunities for making enterprise systems faster and smarter. However, this comes with risks in terms of dealing with newer adversaries through cybersecurity. As 5G is now quickly shaping up to be a global reality and already in action in select countries, it is now possible that it will completely disrupt IoT connectivity, and more specifically, IoT security.
5G Security – An unknown proposition
5G’s bandwidth and speed give rise to the prospect of new threat vectors within networks which could result in increased sophistication in security attacks. It is a great opportunity for telecom service providers to think about enhanced security frameworks embedded in the 5G service delivery network to provide better security hygiene for their customers.
Virtualized 5G ecosystems provide an opportunity for new services that can be delivered with no installation or upgrading required at the subscriber’s premises, quite literally moving the upgrade and monitoring to a real-time delivery mode. Hence, there is a big opportunity for security solutions operating at the network tier to discreetly sniff suspected packets and block using behavioral patterns driven by Artificial Intelligence and Deep Learning. These services can be managed by service providers to deliver an additional layer of security for their edge devices.
IoT-based cyberattacks continue to grow and the level of malware signals continues to grow at thrice the pace. This is a challenge and opportunity to innovate ground-breaking security products more rapidly and keep pace with the attack engine if not overpower them. Remember, Cybersecurity is probably the only space where both the problems and solutions are equally funded!
This story first appeared in the August 2020 issue of CISO MAG. Subscribe to CISO MAG
About the Author
Raghunath Venkat Thummisi is a passionate product builder, Security practitioner and Evangelist focused on building the next generation Security Products for businesses who are experiencing a rapid change in their Security perimeter. Venkat’s experience is in building scalable Infrastructure Cloud-native SaaS Products with a focus on Security across the landscape from Core to Edge. In doing so, he has built strategic ecosystems of Customer and Channel partnerships. His experience spans big companies such as EMC, RSA, Trizetto as well as his current startup (Cannon Cyber). He is a contributing member of Forbes Technology Council and CISO MAG, he loves to be in the midst of action advising emerging startups to foster innovation.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.