Four ways to protect your investment in IoT from cybersecurity threats
IT professionals are used to thinking about how to protect our information technology assets from cybersecurity threats. Data loss, data theft, exposure, identity theft and ransom attacks are the menu du jour. As we move towards Industry 4.0 internet of things (IoT) is connecting operational technology (OT) to the network at breakneck speeds, raising the stakes for cyber-attacks to the levels of tales we see in dystopian fiction.
We have seen nation-state attacks against nuclear power plants (India, November 2019), as well as widespread attacks on IP connected surveillance cameras. Just today it was announced that a major cyber security attack has been identified by the Australian government. However, threats like ransomware take on a new form: consider a farm with hundreds or thousands of IoT sensors being held ransom under the treat that their crop may be flooded just before harvest, sending them into financial ruin.
OT security is no longer speculative; this week we have seen exposure of attack surfaces in the networking stacks of embedded devices. Nineteen vulnerabilities were discovered in the Treck TCP/IP library commonly in use in IoT devices, four of which are considered critical.
Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape due to cybersecurity threats.
How do OT cyber-attacks work?
In addition to securing the back-office systems the devices talk to, OT security professionals now need to look at the devices themselves. The attack vectors can be broken into four key areas of concern.
1) Device firmware: This is the software running the device and comprises the base operating system on the device and the application sitting on top of this. Both elements will make use of code which is either subject to unintentional vulnerability via defect, or introduction of malicious artefacts through open-source libraries in use.
2) Device hardware: There are common protocols in use to communicate between the hardware elements of IoT devices which can be the subject of attack. The very common I2C and one-wire protocols connect sensors and actuators to a device and are prone to being sniffed if physical access is available.
3) Device APIs: IoT devices are useless unless they are connected to a back end, and these interfaces or application program interfaces (APIs) are often vulnerable to attack. The same attack tools used to attack web servers can be used to attack IoT devices; most common weaknesses exploited are default usernames/passwords, weak passwords, and hard-coded passwords, but buffer overrun attacks are also a concern for the transport protocols in use (HTTPS in most instances) where the attacker uses carefully constructed URLs to attempt to break into the API.
4) Radio networks: Wireless communications are a dream come true for an attacker, removing the need for physical access to carry out an attack. Open discovery protocols or weak network configuration can leave devices open to man-in-the-middle attacks which potentially expose user or API credentials, allow actors to extract, inject or otherwise change device data or allow actors to alter the state of actuators by replaying or inserting commands on the device interface.
“Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape.”
So, what can you do?
We have found that there are four components to an effective protection strategy for IoT assets from cybersecurity threats.
1) URL filtering: This is the practice of recognising URLs that are known sources or destinations for cyber-attacks. In the case of IoT it is particularly important to manage this access to prevent BotNet attacks which can generate significant amounts of traffic or computational load.
2) Behavioural assurance: IoT devices are typically low power, low data bandwidth devices so many will fit into one of a few behavioural patterns. Once a pattern is selected for a device, we watch traffic for patterns outside this behavioural definition. For example, a period of high data utilisation when the device has been classed as low bandwidth, or traffic generation during a period when the device should be dormant.
3) Behavioural profiling: Patterns of behaviour can be established quickly for IoT devices. Artificial intelligence (AI) algorithms can be trained early in a device life cycle to understand the expected behavioural profile of a device, observing low traffic under normal circumstances, occasional high traffic due to an event, and seeing traffic to several legitimate destinations. Once established, the AI can continue to scan the traffic, watching for changes in this behavioural profile to understand when an attack is imminent, or under way.
4) Global threat profiling: If you have access to enough devices, AI algorithms can begin to learn the patterns of the threat actors as well. This can be applied to the entire population of devices under protection, meaning that new threats can be identified and acted on more rapidly than would be otherwise possible.
Choose the right protection and integrator
Unico have extensive experience delivering tailored solutions that meet the specific needs of our customers. Alongside Allot, one of our strategic partners, we have a product that provides four comprehensive modes of protection for your IoT infrastructure:
- URL filtering
- Behavioural assurance
- Behavioural profiling
- Global threat profiling
If you would like to find out more about protecting your business or your customers business from cybersecurity threats, then please get in contact as I would be happy to show you how the Allot IoTSecure Service can provide affordable, multi-tenanted IoT protection solutions ready to ship to your customers out of the box.