The first part of this series examined the concept of pervasive sensing and why it matters to enterprise security...
professionals. Now it's time to get more specific. Security professionals should keep in mind the following nine main implications as they have conversations with their operations staff and engineering management about purchasing and installing sensors.
Implication #1: Scalability
A challenge with the implementation of the ubiquitous sensors and their associated gateways, wireless networks, and other components is the trial of scalability. How can you control the addition of 12,000 sensors and still assure plant availability and data integrity? What about network latency issues?
Implication #2: Information overload
Most of the information gathered by pervasive sensing does not act to activate valves and circuit breakers, thus shutting down process loops. Instead the sensor information simply keeps plant operators informed and activates alarms and supply signals to meters. However, if designers are not careful and fail to apply appropriate human factors and engineering principles with the flood of this information, the operators may be overwhelmed with alarms, alerts and indications. They will not only miss the big picture of the plant status, but they won't be able to keep up with the information flow and will possibly make erroneous decisions. They may simply turn off the "nuisance" alarms.
Implication #3: Scalable response is negatively impacted
The concept of pervasive sensing will be sold on efficiencies and cost savings because there will be fewer workers covering the same physical plant. This certainly bodes well for economic benefits; however, during emergencies or large-scale failure of sensors and systems, there will be fewer technicians available to save the plant. Hence, a scalable response to the casualty is in trouble. Not only can this lead to physical impacts, but it could lead to political, financial and business partnership challenges under some circumstances.
Implication #4: Overreliance on wireless increases hacking and denial-of-service opportunities
Rather than hardwiring the sensors into the plant there is an increasing tendency to rely on wireless sensor networks (WSN) like WirelessHART, 802.11x or ISA100. With some dedicated effort, these systems can be appropriately secured; however, there are cases where WSN systems have been hacked remotely.
Implication #5: Physical attack of sensors and devices
The physical security risks of pervasive sensing are not eliminated -- in fact they may be aggravated. For reliability, security and financial reasons, WSNs eventually attach to a physical wired connection, and cables and connectors are often the weakest link in the sensor measurement system chain. Hence, the physical attacks on the sensors and their containers can still be performed.
Implication #6: Cybersecurity supply chain injection
In regard to supply chain cybersecurity -- which has been in the security conversation for the past few years -- the actual sensors and supporting components present a potential vulnerability concern. Most of these sensors and supporting network devices are made from components sourced in Asia. Internet of Things sensors rely on the operation of semiconductor and microprocessor-based chipsets using the firmware controlling the device's basic function. If a hacker or cybercriminal gained access to these chipsets and associated firmware -- especially during the manufacturing process or shipping phase -- a section of code could be covertly inserted in the device and activated in such a way that either shuts it off or impairs its functionality. This could be devastating for IoT security and pervasive sensing.
Implication #7: Configuration control and management issues
There are two key issues surfacing relative to risks imposed on industrial control systems with increased quantities of sensors in conjunction with inadequate configuration management. First is the challenge caused by the ease of sensor installation and connection to the wireless sensor network. The second has to do with the complexity of multiple brands of sensors using different protocols to communicate -- aka the heterogeneity problem.
Implication #8: Weak encryption exposes sensor data and infrastructure
Encrypting the data would be a useful way to reduce security risk of signal sniffing/snooping or modification, however many of the sensor devices currently on the market lack the battery or computing capacity to implement sophisticated encryption techniques. And, as observed in the discussion about scalability, encryption management -- including key changes and rotation -- is not a trivial task. Therefore, it is easier to not encrypt to allow for more convenient operation of the sensor array. However, this convenience factor may result in less secure configuration and operation of the industrial control system and increases the risk of cyberattacks or breaches of IoT security.
Implication #9: Real sensors can be substituted by false sensors (Sybil attacks)
A Sybil attack is where a sensor or node illegitimately claims multiple identities or addresses. Such wireless sensor network attacks have been studied at Carnegie Mellon University and are shown to be exceedingly detrimental to sensor network functions, such as routing, resource allocation, intrusion detection and others. The challenge with sensor networks -- especially those that are connected via wireless networks -- is that the nature of the communication is broadcast, and due to cost prohibitions the hardware on these devices is normally not tamper-resistant.
What's next for the security professional?
There are many issues to consider when adding sensors and devices to networks. This not only applies to industrial environments, but also places with added sensors used for managing in-house staff like hospitals. IoT and pervasive sensing are convenient, but it can be full of opportunities for security issues if you don't take these aspects into account.
About the Author:
Ernie Hayden is a highly experienced and seasoned technical consultant, author, speaker, strategist, instructor and thought-leader with extensive experience in the power utility industry, critical infrastructure protection/information security domain, industrial controls security, cybercrime and cyber warfare areas. His primary work emphasis involves cyber and physical security of industrial controls, smart grid, energy supply, and oil/gas/electric systems and facilities with special expertise on industrial controls. Hayden holds certifications as a SANS Global Industrial Cyber Security Professional (GICSP Gold), Certified Information Systems Security Professional (CISSP), and Certified Ethical Hacker (CEH). Hayden is an Executive Consultant at Securicon LLC and has held roles as Global Managing Principal -- Critical Infrastructure/Industrial Controls Security at Verizon, held information security officer/manager positions at the Port of Seattle, Group Health Cooperative (Seattle), ALSTOM ESCA and Seattle City Light.
Check out part one of this article and learn what pervasive sensing is and its effects on enterprise security
Read more about the enterprise IoT risks
Start IoT security planning in your organization