Industrial IoT’s Kryptonite: Looming Threats Poised to Disrupt Critical Infrastructure

Posted on May 24, 2018
Author: RunSafe Security

Today’s industrial infrastructure is stronger and smarter than ever before. As manufacturers seek greater scalability and efficiency, they’ve automated and digitized their machines to achieve unprecedented power. But these “super” machines have a critical weakness – they were not built to shield against today’s advanced cyberattacks. One single attack – industrial IoT’s kryptonite – can have catastrophic effects.

Super Strength Precipitates Threatening Weaknesses

Industrial devices are designed to have a long life span, but that means most legacy equipment still in use was not originally built to achieve the automation and connectivity that the Internet of Things (IoT) makes possible. To realize these benefits, manufacturers and OEMs are forcing coding and connectivity on to devices that simply weren’t built for it. The advantages are certainly numerous – the ability to share data and intelligence, communicate with other machines and detect issues before problems occur. But because these machines weren’t constructed for such functionality, and because code is forced at both the machine and parts levels, the industrial IoT landscape is filled with vulnerabilities.

As such, the supply chain is a prime target for cyber criminals. Supply chain cyber attacks increased 200% in 2017. As more and more industrial devices are brought online, this number will increase exponentially. In fact, IDC anticipates that 90% of all IT networks will have an IoT based security breach in the next two years.

This year is certainly set to be another record breaker, most notably with Russia’s targeting of Industrial IoT (IIoT). In April, the FBI, Department of Homeland Security and the U.K.’s National Cyber Security Centre issued a joint warning regarding state-sponsored Russian hackers. The alert noted that critical infrastructure, government agencies, large companies and internet service providers were the most likely targets of such an attack.

The fallout from cyber attacks on the supply chain and critical infrastructure can be enormous. A single exploited vulnerability can bring operations to a halt, resulting in costly delays. In the worst cases, critical devices can shut down access to electricity or safe water, putting municipalities in panic mode. Loss of significant revenue, impediments to power, transit and banking, and even loss of life aren’t unexpected consequences of a carefully targeted cyber attack.

The Antidote to IIoT’s Kryptonite

The convergence of operational technology (OT) and information technology (IT) brings efficiency, scalability and cost savings to industrial infrastructure via IoT. But these previously disparate machines now communicate across unsecured networks, and the connectivity of these legacy systems has spawned thousands of complex vulnerabilities.

The challenges and risks are two fold:

  1. Online configurations of machines not meant for such code leave vulnerabilities at the machine level.
  2. Each digitized, connected piece and part is also an attack target.

Traditional cybersecurity techniques only identify potential problems and anomalies, but don’t provide solutions. OEMs issue patches for known vulnerabilities and attack vectors, but those don’t account for the wide array of unknown vulnerabilities. Couple these technological challenges with the fact that most organizations don’t have anyone solely dedicated to device, facility level cybersecurity, and the risks of a breach are high. On-site operational managers are responsible for keeping everything running on-time and safely. They typically only have time to get involved in cybersecurity when an anomaly is detected. Corporate digital security teams don’t have full focus or visibility into facility level operations, leaving a gaping hole in industrial Internet of Things security.

To combat these challenges, manufacturers and critical infrastructure operators must move beyond attack identification and detection to prevention-based measures. With risks soaring, the focus should be on stopping attacks before they can occur, thereby protecting industrial control systems. Cyberhardening devices operating Runtime Application Self Protection (RASP) is the best way to proactively increase industrial Internet of Things security. Built-in security and protecting apps via randomization prevents attacks from succeeding and from scaling across an organization.

Preventing attacks is the only way to maintain uptime and minimize risks – simply detecting issues is not enough to maintain critical infrastructure amid increase cyber attacks.

For a deeper look at the strengths and weaknesses of conventional cybersecurity tools and the necessity of cyberharding industrial IoT devices, download our whitepaper.

RunSafe Security’s 2025 Product Security Predictions

RunSafe Security’s 2025 Product Security Predictions

Product security has come a long way since  the early 2000s to the current iterations we’re seeing today. From CISA’s focus on Secure by Design to the growing emphasis on software supply chain security, software manufacturers, software buyers, and regulatory...

read more