The Internet of Things or IoT describes a growing number of devices that use an internet connection to add functions.
IoT cameras may store video for viewing on mobile devices and can be controlled across the internet. IoT locks can be locked and unlocked from a secure network.
The risks of infiltration are becoming more infamous with residential IoT, but how are industrial IoT devices affected? Here are a few industrial IoT details to help you understand the benefits and risks of this emerging technology, and what you can do to mitigate those risks.
What Does The IoT Do For Industries?
To understand the risks, you must consider the benefits. The Internet of Things in industrial settings is a far cry from changing thermostats or starting the washing machine from your phone.
Measuring performance is a massive umbrella of data that has multiple applications. Factories can figure out how fast a piece of equipment will wear out at a certain setting while measuring the quality and speed of the equipment’s output.
Saws, for example, may wear down faster at certain speeds with specific blade brands and may produce product faster, slower, and at a different quality, levels depending on the saw speed’s destructive ability.
The IoT can be applied by including meters, remote reporting, data storage, and analytics to multiple parts of the industrial chain. In the saw example, a counter can record the speed of the blade and the speed of finishing the cut. Even without looking at the saw blade, quality assurance personnel may see the actual wear and tear effect as cut material takes longer to finish or becomes rougher around the edges due to a more blunt cut.
Other specific measurements such as pointing a camera at the blade, pointing a camera at the cut material, measuring the cut material with different sensors, and other quality assurance systems can be added. Those are merely the sensors and observations; the IoT isn’t quite there yet but can make their jobs easier.
The IoT involves how that information is reported, stored, and analyzed. An industry could hire programmers for an app that stores and automatically analyzes the data from all of the sensors, allowing more data storage and faster analysis and requiring fewer human analysts.
Fewer analysts are the key here. There is no substitute for intuition, experience, and feel. Such a system would be better if a human could look at the data and the physical material to make a decision, and it’s easy to allow data review at each point while the app continues its task.
Each data point can be separate data recordings that create multiple, complex pictures. It’s more than everything converging to one big answer, so analysts, engineers, leadership, and even operators can look at relevant details about how their industrial technology operates.
This comes in handy when figuring out whether to stick with a certain brand. Choosing a brand, model, accessories, third-party solutions, and even trying out custom options is easier when you have both personal inspection and data modelling.
All of those benefits come with costs.
Related article: What is the internet of things (IoT) and how it benefits you?
An Internet of Compromises
Everything is exploitable, and all network devices can be hacked.
Hacking has a bit of a mythical, larger than life reputation. There are impressive hacks out there, but when you think about how IoT devices have been compromised–and continue to be as of 2019–it’s easier to visualize how IoT devices can be risky.
If the device is connected to the internet–the biggest network in the world–or any network, someone with networking skills can target it for an attack. In many of the earliest IoT attacks, this was as simple as connecting to a wireless network and looking for other devices on the network.
If you can connect to a wireless network, you can connect to anything on the network. The only thing that stops a “hacker”–someone with technical skills to work around a given problem–are security policies.
But what are those security policies? What do vendors do when they allegedly protect your devices from attacks? What do network security and cybersecurity professionals do when they protect networks and devices from attack?
Security can be as easy as setting a password. Making sure that the login details for an IoT device aren’t as simple as USERNAME: Admin PASSWORD: Password is a good start. Seem simple? That’s how many basic IoT devices and the previous main target–modems–were compromised.
Security can become more complex, requiring what many people consider difficult hacking worthy of Hollywood spectacle. This is where encrypted passwords and data, firewalls to block unauthorized data access, regular security sweeps by active security personnel, and audits are necessary.
Depending on the importance of your data, you may require multiple, but not all levels of security. Small businesses with a few cutting and 3D printing machines don’t need security engineers making 6-figure salaries to protect their data from hackers because they’re not the targets of complex hacks.
Corporations and governments need major security because they have either big finances, big ideas to be stolen, or are a big enemy to certain hackers. If your industrial process has big money implications or aides a government, sabotage is often more expensive than maintaining security.
What Does A Compromise Look Like?
Compromise is a scary word, but why does it matter? What’s so dangerous about hacking into an IoT anything?
Think about the basic level first. If you can log into a device, you can shut it down. At the bare minimum, a competitor or a mischievous hacker could just shut down part or all of your IoT-connected productivity.
This could mean putting a stop to your measurements and slowing down your growth or shutting down the production line completely. It could require turning back on and finally securing your devices with a point proven, or having to rebuild or replace a permanently data-damaged IoT device.
The world isn’t at the point of Terminator’s Skynet and rebellious robots yet, thank goodness. Unless your business specifically has designed actuators and arms that can turn and twist around to cut employees and damage other equipment, a hacker can’t cause major damage.
That said, many IoT devices offer some level of control and maneuverability. Reprogramming the path of a printer or soldering device can ruin multiple products if your team doesn’t catch the problem on time, or could damage the machine itself.
Is Your IoT Connected To Financial Networks?
Smart home IoT is risky because a hacker could connect to a smart device, then connect to home phones and computers to begin stealing passwords and personal information.
The same risks apply to industrial IoT. If your business and industrial systems have any form of connection, an unsecured IoT device is just the weak point hackers need.
This is where true, clever hacking comes into play. It’s not about fingers rapidly flying across keyboards or staring at lines of code. Instead, it’s about looking for any exploit available.
How do your IoT devices store their data? How do you control them? Consider two paths to understand how your business could be compromised:
If your company uses smartphones, tablets, or other wireless devices, hackers can connect wirelessly as well. They then hunt for other places to connect, such as a server that employees use or a business wireless network.
If IoT devices are hardwired, why not tap that wire? A good business network will lock down access based on several factors, but usually a MAC address tied to specific hardware. Simply unplugging an IoT device and plugging in a laptop won’t work without advanced break-in skills.
Don’t plan for an impenetrable, unhackable network. Treat your business as if anything can be hacked and make it harder for the hacking damage to spread. Split off your industrial networks from everything else, and reduce crossover.
You may be tempted to connect your factory network to the main business network, but why? If anything, you can simply give factory employees a computer with a direct connection to the financial side if they have a financial business, but those computers shouldn’t be connected to any industrial IoT.
Think less about the physical location and more about the virtual network connection. The financial network should have 0 connections to the industrial network. If someone needs files from one network while working in another area, they need to log into that network with a different device.
It’s possible to give a single computer multiple ways to connect to multiple networks, but try to avoid that if at all possible. This can be annoying for employees who need data from multiple departments on different networks, but there is such a thing as too much connectivity.
One potential compromise would be to create a central storage center that can only be written to by specific devices and only read by those with the need-to-know. IoT devices and other network connections that a hacker, infiltrator, or saboteur could use should have no connection at all.
This goes back to the concept of a special computer for those who need the device. It could be the business office for a factory that has desktops that connect to other departments, and even if it’s inches away from an IoT device, it should have no connection at all.
If that employee wants to copy analyzed data or other information from the IoT device, make sure they have to get up and copy the information. There’s still a small risk that a hacker could upload damaging data that could spread once they connect it to another computer, but at least it’s a slower compromise with a better chance of being detected.
There are many scenarios to consider, and you’ll need a hacker of your own to consider industrial risks. Compromising industries is a business, but it’s also fun for people with true tech passion who just happen to see your business as a target.
Contact a cybersecurity professional to discuss other IoT risks, and to perform a risk assessment on your IoT implementation.