IIoT and its Cybersecurity Implications

Scenarios that can occur when IIoT devices are compromised, and what manufacturers can do to protect themselves.

Hacking Alarm

In addition to enhancing automation, the Industrial Internet of Things (IIoT) has eased convergence and collaboration between Information Technology (IT) and Operational Technology (OT) teams. It has revolutionized manufacturing by cutting costs, improving visibility through real-time insights, and heightening operational efficiency.

However, because IIoT devices are interconnected through the internet (directly or by proxy), they can be vulnerable to remote cyberattacks. Factory managers, operating officers and other leaders can take this for granted. So, the following guide will introduce you to a set of scenarios that can occur when IIoT devices are compromised. It will also cover what manufacturers can do to protect themselves, and why industrial cybersecurity is more important than ever.

How IIoT Devices Can Be Compromised

Successful industrial cyber attacks and hacks can have devastating nationwide consequences. Once penetrated, these bad actors can essentially weaponize industrial systems.

Over nine years ago, an unnamed German steel plant’s network was compromised through a series of sophisticated phishing attacks. The attack left considerable damage to physical machinery and equipment. The reason(s) for the attack was never disclosed nor was the total cost of the damages. Nevertheless, it sent ripples across the industry as IT heads realized that industrial systems were susceptible to the very same techniques other more seemingly IT-centric industries were.

Before industrial cyber attacks became so rampant, there was a belief that manufacturers were safe by virtue of a lack of interest from cybercriminals. Not much thought was given to how networks were structured. For instance, (some) electricity providers would use Supervisory Control and Data Acquisition (SCADA) systems that had a single terminal or control room. It would connect and manage all their substations and sensors.

Once the control room or main terminal is compromised, the entire network follows. All you need to do is acquire the necessary administrative credentials to gain entry. In most cases, this can be done remotely.

In our German steel plant example, bad actors used a spear phishing campaign where certain individuals in the company were targeted with booby-trapped emails. However, having your company's credentials exposed is not the only risk. Criminals can at times get more than they bargained for. If we consider all the instances of corruption related to large-scale manufacturers and governments around the world, it can compromise much more than productivity. 

Imagine a hack revealing that a major factory owes millions in capital gains taxes, all because they didn’t opt for PCI compliant hosting, allowing hackers to capitalize on a faulty payment service API. Likewise, an attack that was intended to temporarily disrupt operations could evolve into a much more damaging ransomware exploit. 

Nevertheless, while these attacks aren’t examples of how bad actors can directly penetrate a system through a manufacturer's sensors or other IIoT equipment, these attacks can be propagated through the network infrastructure on that your IIoT devices function on. But now, let’s look at examples of how bad actors can directly target your IIoT equipment and infrastructure.    

DDoS and MiTM Attacks

Denial-of-service (DoS) attacks are commonly associated with websites and servers. In this scenario, a bad actor will flood a website with too many requests for it to handle. Ultimately, this causes the website to crash. Whereas most DoS attacks originate from a single device or point, a distributed denial-of-service (DDoS) involves multiple attack nodes.

DoS/DDoS attacks can be used to overwhelm IIoT infrastructure in the same way. The most unsettling aspect of DDoS attacks is that they’re essentially brute-force attacks. Not much sophistication is needed to execute them successfully.  As such, even script kiddies can pull them off. IIoT and smart devices are data-centric. This means they function by passing and relaying data between nodes and devices contained in both physical and cloud networks. Bad actors can exploit security weaknesses through the channels your IIoT devices communicate.

They can exploit outdated and unpatched firmware and software, weak passwords, etc. They can then inject malicious software or data into your devices, essentially poisoning your company’s entire network. Alternatively, they can use your sensors and network-connected cameras to eavesdrop and commit corporate espionage.

These types of exploits don’t even have to be direct or involve tempering with your devices. Instead, they can leak into your network in some very unexpected ways. For instance, consider a scenario where a production line manager visits a tradeshow. As they’re networking and meeting people, they use their phones to scan a virtual business cardUnbeknownst to them, this process injects malware into their smartphone. When the line manager connects to the company's WI-Fi, which is on the same network as all the smart sensors and IIoT devices, the results can be calamitous.

Best Cybersecurity Practices for IIoT Devices

In 2020, Advantech, a large IOT chip manufacturer suffered a ransomware attack that was orchestrated by hacker group and Ransomware-as-a-Service (RaaS) provider, Conti. This attack was notable because Advantech doesn’t only utilize IIoT technology but it essentially produces it. So what can manufacturers do to buttress and shield their IIoT and network infrastructure? First, you have to address the insider threat. 

It’s a sad fact that the entire push for more monitoring and automation in the industrial sector comes from a need to minimize human error. As some of our previous examples have shown, attacks can spawn from mundane and unexpected places.

First, you need to control what devices are allowed to log onto or access your network. Wi-Fi passwords should not be given out frivolously and you must implement a system that keeps a registry of devices allowed to connect to your network. This system should notify the necessary parties when a new or suspicious device even attempts to connect.

In the same vein, those in charge of IT and OT must implement vigorous access controls and authentication systems. Multi-factor authentication should not be optional. Your company should integrate granular access restrictions where users only have access privileges according to their roles. All employees must be trained, upskilled, and retrained on the latest cyber hygiene habits and best cybersecurity procedures and protocols. Regardless of the sector, companies must aim to build a cyber-secure culture.     

Restructuring Your Network

We previously discussed a scenario where an electricity provider’s entire infrastructure was managed by a single console or terminal. This is inefficient, especially if you want to identify, track, trace, and isolate attacks. Networks should be separated and demarcated into subnets that are labeled and managed by different controllers.

This may require manufacturers to reconfigure and restructure their entire IIoT infrastructure and networks. The process may be costly, especially if manufacturers are in software usage agreements that are a nightmare to back out of. This can result in what is known as vendor lock-in, especially If the bulk of the manufacturer’s IIoT infrastructure is facilitated and managed by a single cloud provider.

In 2023, the average cost of a single data breach was $4.45M. This doesn’t take into account the effect it has on a company's reputation. As such, investing the time into reconfiguring and bolstering your networks architecture and topology is well worth it. 

Your IIoT devices, access points and gateways should have physical anti-tampering measures. They also should be physically secured using CCTV cameras, alarm sensors, etc. Certain devices can also be placed in containers or cages with protective seals. Communication between IIoT devices should also be encrypted and secured to prevent interception. 

Firmware updates and patches are crucial for devices as they typically contain security updates. Your company must regularly update devices in your IIoT infrastructure. These updates can be triggered automatically so there is no excuse not to perform them. Also, remember to have both power and network-related backups, not just on-premises, but also in another location.    

As cybercriminals become more brazen, the industrial sector has no choice but to match their aggression and become more vigilant. You’ll notice that many of the cybersecurity tools and protocols applied to other sectors can be repurposed and applied to the industrial sector. However, cybersecurity in this case must be applied with more care and consideration, especially if your company has many moving parts (as most manufacturing companies do). 

More in Facility