Secure the mix of legacy and modern solutions in IIoT
Logistics today is governed by a set of principles called the seven Rs: the right product, the right customer, the right price, the right quantity, the right condition, the right place and the right time. Upholding these principles demands a Herculean effort. Luckily, logistics managers have some help from Industrial Internet of Things (IIoT) vendors.
In the logistics realm, the IIoT solutions employed by managers are embedded devices or sensors that provide the visibility and controls required to facilitate the proper management and transportation of goods. While they do a great job assisting managers, they lack safeguards against hacks.
It may not look like the most dangerous battlefield at first glance, but disrupting industries like logistics and transportation can have dire consequences on society. Ransomware plagues like WannaCry and NotPetya caused damages in the hundreds of millions to shipping giants Maersk and FedEx. Targeted attacks on IIoT sensors, like Very Small Aperture Terminal stations, are also possible, as evidenced by a group of cybersecurity researchers in 2017 who discovered that the configuration of certain ships’ satellite antenna systems left them open to cyberattacks. The researchers showed that a person with modest tools and know-how could hack into a Very Small Aperture Terminal equipped system and manually change a ship’s GPS coordinates or even take down the boat’s navigation system by feeding it a well-crafted piece of malicious firmware. One of the ships involved in the hacking experiment belonged to a private maritime security company and was loaded with ammunition.
Legacy and new tech is not a match made in heaven
Inventory management, warehousing and delivery in the modern supply chain is done using smart solutions that enable logisticians to visualize and manage goods in real time on a global scale. However, in logistics, smart solutions are often deployed alongside legacy systems, leaving gaps that bad actors can exploit.
Monitoring, process automation, vehicle tracking, inventory management and transportation all rely on an array of disparate technologies that lack on-board security safeguards. These smart sensors — estimated to be 40 billion strong by the year 2022, according to Statista — will greatly expand the attack surface for bad actors, resulting in hefty losses and even potentially putting lives at risk.
IIoT-based solutions have reinforced competitive advantages and are spawning new business models, according to a paper on IIoT-Connected Railways from researchers at the University of Coruña. However, these new developments come with a hefty dose of risk. The researchers explained that operational inefficiency, the lack of infrastructure and interoperability, high initial cost of deployment, and the integration complexities over legacy systems and the network, may prevent growth in the railroad industry.
The report states, “Legacy infrastructure, aging communications systems, and the slow adoption of automation and protective technology in this scenario pose enormous safety risks. Related to the issues of safety and connectivity is security. As rail systems rely more and more on wireless connectivity, they become more vulnerable to outside interference, intrusion and cyberattacks.”
The consequences of even a small disruption are exponentially more severe as trains increase in power, connectivity and speed, while carrying valuable freight or passengers. Those who operate mission-critical systems cannot afford compromising safe operation because of a single electronic node infected with malicious code. Strong security has become a fundamental requirement for mission-critical systems.
An inherent insecurity syndrome
IIoT solutions do a good job providing logistics operators with real-time visibility on monitoring and the movement of goods. This ensures that each item arrives on time, at the right place and intact, putting managers on track to uphold the seven Rs of logistics. Ironically, visibility is completely absent from a security perspective. IT staff have no way to assess the security of these embedded devices and are therefore unable to accurately check if these gadgets have been breached, infected with malware or recruited in a botnet for a distributed denial-of-service attack.
IoT systems in general — not just the industrial type — suffer from inherent insecurity, such as default credentials and an inability to patch firmware, which means traditional security solutions cannot defend them against cyberthreats. If recent hacks on government institutions, hospitals and schools are any indication, such attacks will not only increase in numbers, they will surge and extend into every industry imaginable.
Supply chain attacks, where hackers essentially poison trusted apps with malware, can be replicated in the IIoT realm just as easily and with even more devastating consequences. Imagine a motivated threat actor hacking an entire fleet of IIoT devices remotely, feeding them tainted firmware while still in production. As the vendor preps them for shipping, clients are completely oblivious that they are about to purchase systems already laced with a backdoor that the hacker will use to deploy his attack when the systems go online. In the case of logistics operators, orders of IIoT devices can reach thousands of units, giving attackers a tremendous attack surface and the possibility to wreak havoc.
One such device is the telematics gateway unit, a compact high-speed on-board vehicle and machine communications device for telematics and diagnostics functions in industrial vehicles. Exposed to the internet with public addresses and no authentication, telematics gateway units can be easily found in Shodan listings and can be abused remotely. Attackers can get the exact location of the vehicle in real time, change the mission route and even cause the vehicle to get a ticket by tampering with the recorded speed parameters.
Define anomalies outside the norm
To address this challenge, cybersecurity experts have devised a network-based approach to securing IIoT hardware.
Enter network traffic analytics, the technology that promises to assist IT departments in defending their network against hacks without the need to install an agent.
The effectiveness of network traffic analytics stems from the ability to model a behavioral baseline for devices and applications on a network. By comparing new observations against those baselines, security analysts gain actionable insights about potential threats. This includes threats that have never been seen before, as opposed to signature-based methods, which only identify known threats.
A state-of-the-art network traffic analytics deployment draws from threat intelligence collected from millions of endpoints globally, and combines this knowledge with machine learning models. The deployment then analyzes the network metadata in real time and accurately reveals threat activity and suspicious traffic patterns. Network traffic analytic solutions that support JA3 — a standard for creating SSL client fingerprints — can also analyze encrypted data without decrypting actual data packets and ensure compliance with data protection and privacy laws. Finally, automated alert triage reduces noise and provides readable context to reduce the investigation time and increase the effectiveness of security operations and incident response teams.
By tapping into network traffic analytics’ potential, it becomes possible to secure the mix of legacy and modern logistics solutions, saving time and money for everyone and ensuring smooth transit from manufacturers to logistics managers and all the way to the user.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.