Exclusive: Securing smart devices in OT environments

Joe Robertson, EMEA CISO at Fortinet describes how the IIoT can be better protected against cyber-attacks.

IIoT (Industrial Internet of Things) is all about connecting people, processes and assets. Traditionally, devices in OT environments – machines, sensors, actuators, PLCs, etc. – have been isolated or connected directly to an ICS system. IIoT gives these devices a link to the internet. By bringing these devices “to life”, users can interact with them in real-time, draw data from them and analyse that data via statistical or predictive analysis. The value from that intelligence is priceless and the opportunities are endless.

Benefits include improved operational efficiency because IIoT devices can reduce troubleshooting time from days to minutes; reduced maintenance costs via preventative maintenance using sensors that can detect when equipment will soon break down; optimised procurement planning and scheduling; improved safety; and enhanced customer experience.

In addition, advances in IIoT technology coupled with the rise of 5G will allow organisations to strengthen all these benefits.

So, what are the different ways that critical industries are using smart stuff?

How different industries implement smart stuff

Oil and gas

IIoT devices can be found across the oil and gas industry value chain – from upstream exploration and production to refining and downstream distribution. In the exploration and production phase (E&P), sensors and robots are used to find oil and gas reservoirs, new hydrocarbon deposits, determine new drilling spots, or find new ways to optimise well and field work (e.g., drilling strategies can be adapted after comparing real-time down-hole drilling data with data from production of wells nearby). Furthermore, in difficult environments like offshore platforms, small IIoT networks can be used for rig or cargo ship monitoring, reducing the billions of dollars lost each year to non-productive time (NPT). In the midstream sector, advanced sensors are being implemented to surveil various parameters of the pipeline to detect potential pipeline leaks and breaches.

Manufacturing

Using the IIoT approach of Digital Twins, manufacturers can virtually replicate a product or process, enabling them to analyse the efficiency of a system, make predictions and forecasts and help them create a better version of their products. In production lines, sensors, cameras and data analytics can determine through predictive maintenance when a piece of machinery will fail and can help managers plan maintenance and service schedules before a problem occurs. Smart devices can optimise shared costs in the value chain by tracking and tracing inventory in real-time, providing visibility and projections to supply chain managers of available materials, the arrival of new materials and work-in-progress.

Power and utilities

The power and utilities sector has tapped into and embraced the potential of smart stuff with concepts such as smart water and gas management and smart grid. In smart water management, optimising water usage is key. Sensors can track parameters such as water pressure, temperature, quality and consumption enabling utility companies to analyse the data as well as use it for billing purposes. For consumers, it allows them to monitor their water consumption, decreasing water waste. Also, with smart leak detectors notifying utility companies and consumers of defective and leaking pipes and appliances, water waste can be further limited. With smart grid, smart meters can monitor electricity consumption and transmission in real-time, which allows for more efficient, demand-based electricity generation and distribution. They can also alert electricity companies of power outages allowing them to react at speed and restore services quickly. Finally, smart meters are a critical element of the decentralised power model by facilitating the growth of energy sources such as solar panels and wind turbines, furthering efficiencies in production and distribution.

Transportation and logistics

The transportation and logistics sector is becoming smarter and safer thanks in part to IIoT with applications such as public transport management, fleet management and track and trace. In public transport management, IIoT solutions include passenger information and display systems, integrated ticketing systems, real-time vehicle tracking and more. The goal is to help transport companies better communicate information to customers such as delays or station closures, provide accurate travel times, re-route journeys and make them more efficient and safer. With fleet management, IIoT devices are embedded in the vehicles to monitor its condition or driver behaviour, which informs of idle times and driving style. This can minimise the number of failures, simplify maintenance and indicate to drivers how to minimise their fuel consumption. Also, when transporting perishable goods or medicines, smart sensors can be installed in vehicles to calibrate the temperature and humidity. Track and trace uses IIoT sensors to track goods and manage them properly ensuring that goods are in the right vehicle and on the way to the right destination.

Smart cities

Smart cities display some of the most exciting applications of IIoT from smart lighting to smart traffic to smart waste and smart parking, all ensuring that cities are cleaner, safer, more organised and economical for their residents. By managing, monitoring and automating connected streetlights – processes like brightness levels and consumption – cities can decrease costs and improve sustainability. Imagine a city without traffic or accidents. IIoT-enabled traffic monitoring can help manage traffic flows efficiently decreasing congestion and improving road safety. With smart waste solutions, sensors are installed in containers, enabling waste collectors to track waste levels optimising schedules and routes. Finally, with smart parking, smart lots interact with smart vehicles providing information on open space availability and in some cases the exact location of the open space simplifying the process.

With critical industries increasingly relying on “smart stuff” to monitor, track and manage various assets and predict, prevent and control a number of incidents, a vital question arises – are smart devices implicitly safe to use and trust?

Smart doesn’t imply secure 

In fact, being smart just makes you more attractive to hackers. With each new smart device introduced into the network, the risk increases because each device is a potential new entry point for attackers. Adding to this equation 5G which, although more secure than its predecessors, makes for a whole new playground for hackers. Additional security will still be needed. What are the risks and security concerns associated with IIoT?

IIoT devices tend to run on constrained hardware with little or no management interface. Devices are often not field-upgradable and may have limited means to determine if they are operating correctly. They often have limited and very weak authentication and encryption capabilities. Physically, IIoT devices are often installed in hard-to-reach or publicly accessible places (underground, underwater, on top of buildings, etc.) and must be able to operate unattended for long periods and be resistant to physical tampering. The cyber-physical nature of some IIoT devices means that an attacker could potentially cause a device to behave in a way that could cause property damage, injury, or even death.

What about the connectivity and security repercussions that 5G brings? New services bring faster speeds, greater bandwidth and support for a large number of endpoints. A faulty device update to a large number of devices could easily result in a signaling storm which could impact the level of service across the whole mobile network if not properly handled.

Finally, with the introduction of Mobile Private Networks and Multi-Access Edge – also known as edge computing – the mobile network and the compute infrastructure can be placed very close to the devices. This concentration of network and compute infrastructure becomes a critical part of the production environment and protecting it is paramount.

The result of all these factors demonstrates that IIoT devices and critical infrastructure may soon become a prime target for cyber attackers. Right now, attacks on IIoT devices are limited because the ROI is higher for more traditional types of attacks such as ransomware. However, this will change. As IIoT adoption increases, it is likely to become a rich source of income for cyber-criminal operations.

The reality is that an attack on IIoT, especially if it is being used to monitor critical operations and processes, can have a very significant impact not only on the business itself but also on the environment and the health and safety of staff and even the public at large. And with the IIoT devices market unregulated and not required to meet certain security standards, a holistic and comprehensive approach to security is vital.

Making smart stuff secure – Best practices

When securing any system that includes smart stuff, there are three important factors to consider:

The first is visibility – having a global view of the system and its components, understanding which devices are connected to the network and whether they are operating normally. Knowing “what” is connected to the network is a basic cyber hygiene principle, as you can’t protect what you can’t see. For IoT and IIoT, there are additional challenges due to the sheer number of devices involved, not to mention the complication that running endpoint agents on devices is often not possible. What is required is a complete solution that involves network access control, device management, event management and inventory management, plus detailed analysis.

The second factor is preventing the attack. IIoT devices often have limited connectivity needs and segmentation should be used to restrict access. Application-aware firewalls can ensure that only authorised protocols and applications are allowed. Intrusion prevention can detect and block attempts to scan for vulnerabilities or security holes and prevent any attempt to exploit those vulnerabilities. For the IIoT infrastructure and ecosystem, since most communication is via REST APIs, detecting and stopping any attempts to gain access or exploit these APIs must be a high priority.

The third factor is recognising when a smart device has been compromised. Following a successful intrusion, there is a reconnaissance period where the attacker will try to gather as much information as possible about the environment, identify high-value assets and determine how best to monetise the breach. This means that there is a short window of opportunity to detect the breach, identify the compromised devices and remove them from the network, to contain and block the attack. Solutions such as anti-botnet, compromise detection and user & entity behaviour analysis, are designed to detect a cyber-attack as soon as it happens and should be implemented. Adding SOAR (Security Orchestration, Automation and Response) technology can take this information and perform automated investigation and response to identify and isolate or remove compromised devices before any damage is done.

Finally, all of the above security components should be part of a security fabric architecture that delivers actionable AI-driven threat intelligence and provides true integration and automation across the entire security infrastructure. With a consistent, real-time and end-to-end security posture, visibility of the entire digital attack is ensured and recovery from attacks is swift. This ensures that your smart stuff is protected and if it does become compromised, a security fabric architecture minimises the impact and reduces the time required to bring your critical systems back into a safe and available state.

This article was originally published in the November 2021 edition of International Security Journal. Pick up your FREE digital edition here

For more information, visit: www.fortinet.com