For industrial applications, the Internet of Things carries the risk of becoming a thief’s Internet. Perhaps the industries that are using connected solutions should take a page from the Apple book and lock their infrastructure.
That’s what ethical hackers say
Since digital processes are deeply embedded across every industry, this means that industry control systems were tested in this year’s Pwn2Own competition. Hackers were asked to find vulnerabilities in industrial software and systems.
Competition winners Dan Kueper and Thisus Alchem found that once they were able to access the IT networks used by these companies, it was “relatively easy” to crash systems and equipment.
This is partly due to the fact that at this stage of the transition, most of the equipment used in manufacturing was not originally designed to connect to the Internet or has weak or outdated security.
IT certainly understands this, which is why industrial IoT installations tend to secure the IT networks they use, but this means that if those networks are infiltrated, most of the deployed devices lack additional protection. And that means there are countless potential attack surfaces.
It’s never been better, but the threat to critical infrastructure is growing.
When things go wrong
Once security is breached, attackers can seize equipment, change the process, or simply choose to produce shutters. This can have huge consequences – across the company, its customers and partners, and across the already created supply chain.
“Systems typically operate 24/7 in a factory environment, so there is very little chance of patching vulnerabilities,” said Louis Prim, consultant at ICT Group. In addition, there are many legacies, because the machine is purchased for the long term, and there is usually no opportunity to install antivirus applications. All of this makes the industrial sector at risk for the hostile side. “
I’m talking MIT Technology Review, Pwn2Own Winners warn that security lags behind in industry regulation. How a successful attack against a target a few years ago used an insecure HVAC system to penetrate the corporate network, showing the need to protect every available endpoint.
These days, more than ever, people live on the edge of security.
It was written on the wall
It’s not that we don’t see this kind of problem.
The evolution of industrial IoT has seen countless creations of different standards with different security levels. This has led many in space (including Apple) to create common standards for connected devices.
Matter, the consumer IoT standard which is the first result of that effort, should be reached this year, when more industry thread standards are already seeing the installation. (I hope to hear more about Matter soon, possibly at WWDC.)
[Also read: WWDC: Is Apple preparing to give iPad a mammoth upgrade?]
“The thread is based on the universally established Internet Protocol version 6 (IPv6) standard, which makes it extremely powerful. A thread network does not rely on a central hub, such as a bridge, so there is no single point of failure. And the thread has the ability to self-heal – if a node (or an attachment to your thread network) becomes unavailable, the data packets will automatically select an alternate route and the network will simply keep working, “Eve Systems explained.
To some extent, one way to protect any device is to follow Apple’s core mission, which is to make sure that systems handle as little information as possible.
While the effort has arguably slowed the company’s progress in developing AI compared to more cloud-based competitors, Apple’s focus on keeping intelligence on the edge is increasingly seen as appropriate.
Counterfeit technology and business and decision making, for example, seem to be developing industrial IoT systems that follow a model where intelligence sits on the edge.
Combined with other emerging network technologies, such as SD-WAN or private 5G networks, end-to-end intelligence helps secure individual networks by helping to close individual endpoints.
The problem, of course, is that not every connected system is so smart as to be secure, while the various priorities of IT and operational intelligence mean that attackers enjoy the luxury of potential vulnerability to attack.
And before it even dumbs down, short-sighted governments are forcing siding on mobile systems and platforms and the back doors of inherently insecure device protection that we increasingly rely on to protect our connected infrastructure.
Maybe Enterprise IoT needs to borrow a page from Apple Books and Design Systems that is instinctively more secure than anyone thinks they need to be? Because it is only a matter of time before they find out that they will not do less.
Follow me TwitterOr join me on AppleHolic’s bar & grill and Apple discussion group on MeWe.
Copyright © 2022 IDG Communications, Inc.