Get started Bring yourself up to speed with our introductory content.

Is OT security a threat to enterprise IoT?

During an ultrasound test, both the patient and the doctor expect the data to tell an accurate story. However, in a distributed ultrasound design, the probe itself is an IoT endpoint. It is no longer wired to local ultrasound electronics, but wirelessly transmits the sensed data over low-latency networks to a remote facility. Cloud-based ultrasound apps and hardware analyze this data and deliver the processed information to the doctor in near real time.

This enterprise IoT use case is a significant breakthrough for healthcare providers. Instead of using expensive medical equipment (like an ultrasound) as single-user, standalone systems with distributed design, they can now scale up and offer superior patient care at a lower cost … only as long as the operations run securely and undisrupted. Because a cyberattack can not only corrupt sensitive diagnostics data, but can also threaten to disrupt critical healthcare infrastructure and even cost human lives.

In today’s internet, a security breach in a bank data center could compromise private information. It can trigger financial losses and identity theft of customers and employees. This is bad enough. But when critical operational infrastructure such as a smart water purification plant, nuclear facility or connected ICS/SCADA systems are exposed to cybersecurity threats, the risk-reward ratio skyrockets.

Until now in enterprise OT, obscurity was security. However, to remain competitive and exploit newer revenue streams fueled by IoT, isolation and obscurity are no longer viable.

OT innovations demand open connectivity

Industrial enterprises have assets geographically dispersed. Data networks are used for centralized supervision and control. These networks typically run vendor-owned proprietary protocols and hardware, usually very specific to a given industry vertical.

However, the networks in use are often outdated (think about modems), and mostly segmented away from corporate networks. This isolation along with non-standard technologies may have reduced cyber vulnerabilities for OT assets, although could not guarantee full protection against cyber hazards.

Two well-known cyberincidents in recent years are Stuxnet and Flame. In case of Stuxnet (discovered in 2010), Iran’s nuclear enrichment program was targeted. Initially, it spread using infected removable devices. It eventually infected 100,000 computers at 22 manufacturing sites and destroyed 1,000 centrifuges. It exploited the controller architecture by hijacking a vendor’s dynamic link library driver.

Duqu and Flame happened in 2011 and 2012 respectively. Duqu was a Trojan horse that captured and expunged data via a jpeg file. Flame was a spyware discovered in Iran oil and nuclear installations. This was more complex than Stuxnet; it could record audio, screenshots, keyboard activity and network traffic.

IT and OT convergence, led by the industrial internet, exposes operational assets to open connectivity and standard protocols. It also opens doors for newer threat vectors. The resulting impact of a breach may well surpass Stuxnet in enormity.

Combating the industrial Trojan at large

Wurldtech, a cybersecurity vendor for the industrial internet, has released certain proactive threat countermeasures unique to the OT landscape. WurldTech’s Executive Director of Product Management Tom Mueller observed, “One of the main threat vectors of industrial automation equipment is the communication interfaces that are used to connect and build systems for automation.”

He further noted, “Assets that are being operated and controlled by industrial automation systems have demanding operational missions. Many of these systems are required to operate 365 days a year for many many years between outages without failures.”

These unique operational lifecycles demand layers of protection to stay ahead of emerging threats. The very dynamics of enterprise OT requires us of think and approach cybersecurity differently than what we have done for IT.

Unlike in IT, in OT we are dealing with machines and devices whose lifetime is measured in decades, not years. The concept of automated patch release and install is absent. Upgrades are few and far between.

Industrial systems are more deterministic and less fluid compared to IT assets, but OT system downtime is not acceptable. Control and availability is more important in such cases than data confidentiality.

Cybersecurity technologies for operations must factor in these unique differences. The security solution must make sense in OT reference frame and be deployable in industrial environments. Because in event of a cyberattack, we may not get a second chance.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.