The Internet of Things (IoT) can benefit many businesses through unprecedented access to inexpensive, connected devices which collect or send data that can be used to help make decisions about everything from where cows are grazing to the control of complex building management systems for climate, lighting and security controls. In industrial systems, sensors can tell you when a device is running optimally and when something isn't quite right, so a user can proactively manage a situation before it becomes a serious incident.
But it also introduces a number of new risks.
Some connected devices are made to a cost-level that means security wasn't necessarily front-of-mind for the designers or manufacturers and it is often impossible to update the internal software or firmware should a vulnerability be detected. In an industrial setting, this could be catastrophic. For example, the Stuxnet malware that targeted centrifuges used in Iranian nuclear plants exploited vulnerabilities in connected centrifuges to cause physical damage.
Connecting all these devices to legacy analogue networks is challenging. In some cases, the networks were designed to connect tightly controlled environments with hardware from a limited number of well-known vendors where systems updates were only rarely carried out. For example, hospitals deploy complex, connected devices, some of which can't be upgraded as changing an element of the software results in loss of certification for medical use. To complicate matters, many of those devices now need to be accessible remotely so data can be received by medical professionals located all over the hospital network. This means the air gaps that once isolated those systems are now being traversed.
There's a lot of focus on the impact of IoT devices on office networks. But the presence of sensors in operational networks like industrial control systems, energy management systems and SCADA networks is growing. Those operational environments were traditionally governed on their own analog networks that were air-gapped from other office networks. But those air-gaps are no longer the norm as systems managers want to be reap the benefits of remote alerting and management tools and to access new networking technologies such as Sigfox, 5G and the LoRa network that is being deployed by Spark in New Zealand.
This creates a new set of challenges. More devices are being connected, legacy networks are being more widely accessed and threat actors see new opportunities to cause trouble.
Securing such environments isn’t easy. Sometimes industrial systems can't be shut down or restarted for regular patching because the risk of something going wrong often outweighs the perceived benefits. It's not uncommon to find industrial systems that have been running for months, or even years, without interruption. In these cases, security has to be approached from a different perspective. Rather than specifically looking at the end point devices the network becomes the key tool for detecting and blocking malicious activity.
The good thing about industrial systems is their behaviour is well understood and controlled. When systems interact, the data passing between them is recognisable so potentially malicious or erroneous activity can be detected. For example, FortiNAC, Fortinet's Network Access Control device, profiles the activity of devices on networks and detects unusual behaviour, even triggering automated repossess to protect crucial assets. This is vital part of good system management.
As the lines between network industrial systems and other networks become ever more blurred and additional devices are connected with access to operational environments, the need to closely monitor and react to anomalous network activity is heightened. Without the right tools in place, industrial systems are at risk. And that risk should be either limited or completely removed as soon as possible.
For more information on FortiNAC click here.
To contact an Ingram Micro team member for further details and proof of concept click here.