Defending Industrial IoT – the truth lies in the data
Self-driving cars and smart medical equipment, once the stuff of science fiction, are a fact of life in today’s digital, connected world. Network infrastructure connects devices in virtually every industry, making life more convenient and more productive for us all. But how safe is a future where bad actors can exploit machines crucial to the nerve centers of modern society?
Studies show that Industrial internet of things (IIoT) is set to fuel an increase of applications for smart cities, farming, factories, health services, logistics, transportation and utilities. Practical, everyday examples include better optimization of energy consumption with smart metering and smart grids, remote health monitoring and equipment maintenance, as well as improved logistics for better transportation monitoring. Yet, given the scale and scope of IIoT deployments, a lot is at stake if something goes awry. System failures and downtime in IIoT can result in high-risk, or even life-threatening situations.
The power to cripple a nation
SCADA systems tie together power, oil, gas pipelines, water distribution and other decentralized facilities. They control and monitor physical processes, like transmission of electricity, transportation of gas and oil in pipelines, traffic lights, and the list could go on. The security of SCADA systems is crucial — compromising them affects key areas of society. A blackout, for example, can cause enormous financial losses to everyone tied to that grid.
Designed to be open and easy to operate and repair, SCADA systems don’t provide secure environments and can be difficult to harden. Additionally, the recent move from proprietary technologies to open solutions, coupled with increased network connectivity, has made them extremely vulnerable to network-type attacks.
In his book, Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, author Ted Koppel reveals that a major cyberattack on America’s power grid is not only possible, but likely. Worse still, the U.S. is shockingly unprepared for such a hack, despite ongoing cyber-tensions between the world’s leading powers. Koppel argues that a successful attack would plunge America into the dark ages. Iif the 2015 attack on Ukraine’s power grid is any indication, he’s right.
In 2015, alleged Russian operatives brought leaders of a Ukrainian power plant to their knees. Known as the December 2015 Ukraine power grid cyberattack, the incident is the first known successful cyber-attack on a power grid. Attackers used several methods to compromise the grid, taking SCADA under control and remotely switching substations off. They then disabled IT infrastructure components, destroyed files stored on servers and workstations with the KillDisk malware and deployed a denial-of-service attack on the grid’s call center to deny consumers information on the blackout.
Around the world, cybercriminals are actively targeting critical infrastructures, including healthcare facilities where human lives are at risk every time an attack is deployed. The profits in compromising IoT devices provide criminals with significant motivation. For example, smart electricity meters can be hacked to siphon money. Truly, the possibilities are endless, and the security of the smart world is at grave risk.
Real-time threat detection for networked devices
In recent years, bad actors have honed their skills to penetrate networked infrastructures through vulnerabilities embedded in the very IoT applications we herald as the key to a better future. Because industrial systems are not typical computers and don’t support on-board defenses against cyberattacks, IT administrators need a way to detect potential attacks in real time, before hackers take control. This means industrial IoT applications need a completely different kind of protection.
Network traffic analytics has emerged as a key technology to help protect large infrastructures with disparate systems, as it provides complete threat-related network activity for any device on the network. By focusing on the network behavior of endpoints, network traffic analytics can help security operation centers defend fleets of devices with limited or no built-in security and no endpoint security agent running on it. Network traffic analytics uses a technique called device fingerprinting to keep tabs on every networked device. In this case, a fingerprint is various data points, such as the device’s unique ID, its media access control address or information from network data packet headers.
This lets network traffic analytics solutions take note when a device behaves abnormally, based on what it should and shouldn’t do. When an anomaly is detected, IT admins can choose one of several courses of action to prevent the attack from unfolding, including cutting off all ties to the Internet or secluding the suspiciously behaving endpoint from the rest of the network until a complete analysis is performed.
At the heart of network traffic analytics lies machine learning. Next-generation network traffic analytics solutions use predictive machine learning models that accurately reveal threat activity and suspicious traffic patterns. An ideal network traffic analytics deployment leverages semi-supervised or tunable machine learning. Unlike strictly supervised approaches, a tunable machine learning model does not require only labeled training data, meaning it readily identifies key patterns and trends in the live data flows, without the need for human input. When a threat is detected, IT admins receive a detailed security incident explanation and a suggested course of action, facilitating incident investigation and response.
Legacy or traditional security systems fail in the face of silent threats that creep their way onto networks. Studies show that the cybersecurity skill gap is widening every year. Plus, attackers today are smarter than ever, using malware that changes form to evade pattern-matching algorithms. As the threat landscape evolves in unpredictable ways, a new approach to cyberdefense is urgently needed. Network traffic analytics technology distills the patterns to a set of readily-identifiable scenarios to alert security teams, which guides response efforts faster and more efficiently than ever before.
With the number of connected smart devices on the network multiplying faster and more haphazardly than the predictable growth of traditional fixed and mobile endpoints, there is only one truly effective approach to cover all devices that generate cyber-risk: analyze network data.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.