Predictions 2019: Cyber Threats & the Industrial IoT

Off-the-shelf smart devices

As we expect to see the advent of 5G in 2019, growing adoption of the technology will help propel the industrial internet of things (IIoT) and the Fourth Industrial Revolution or Industry 4.0. The impact of big data and automation and continuous communication will be felt in our everyday lives, across a vast smart network of industry sectors like manufacturing, energy, transportation and healthcare.

Nevertheless, this ever-widening and interdependent ecosystem of the industrial internet of things will most certainly draw new cybersecurity threats. 

Off-the-shelf smart devices

The risky ecosystem of the industrial internet of things

Although the current IIoT environment requires that smart hubs be connected, when 5G becomes available some IIoT devices may communicate through modules that can directly access the 5G network. This may increase exposure to external threats since there are no middle communication modules to provide security.

Moreover, data transmission speed between devices will drop to less than 1/100 of a second. The reality of quantum computing and the ability to process an enormous amount of data within a short period of time is another dynamic. The result is a foundation system that will bring innovation and almost real-time performance to many industries, from automatic emergency braking systems to self-driving cars and remote robotic telesurgery.

However, speed will bring risks.

Connecting more devices on the network means exposing additional known and as yet unknown security vulnerabilities, without proper firmware analysis. Multiple threats can be conducted automatically and simultaneously using artificial intelligence to bombard IIoT systems, making cyber defense an ongoing battle.

Previous hacking attacks involving the internet of things usually targeted personal or confidential information or hijacked computing power to mine cryptocurrencies. IIoT hacking attacks will affect multiple industries and their networks on a much larger scale in ways that inevitably will impact our everyday lives.

Potential for great harm

In the past, many operational systems functioned autonomously within an enterprise, potentially containing repercussions from security breaches.  But as more and more organizations adopt the industrial internet of things ecosystem, vulnerabilities rise dramatically. Systems, networks, application programming interfaces (APIs), databases, products and devices, many cloud-dependent, are interconnected and connected to the internet. Unfortunately, there will be weak points and hacking is inevitable.

Look for cybercriminals to employ a wide variety of tactics to breach the complex IIoT ecosystem and its devices, servers and valuable data. Trusted network groups, such as an internal company network or customer portal, could be infiltrated via device vulnerabilities and apps. Cybercriminals target firmware containing a company’s core confidential technology so they can copy and market it themselves or even demand ransom.

Denial-of-service (DoS) attacks against IIoT infrastructure can occur by manipulating IIoT devices as botnets. The consequences can range from taking control of a production line and introducing defects in products that actually find their way in the marketplace to manipulating medical devices such as pacemakers or insulin pumps. And, current encryption methodology used to send sensitive data securely over the internet could be cracked by cybercriminals who will eventually find a way to employ quantum computing to decrypt valuable information.

IIoT needs security by design

As the World Economic Forum points out, “The IIoT ecosystem is not controlled by any particular stakeholder, neither is there a single discernible category of actors encharged with primary responsibility for its governance.”

Can one company secure the IIoT ecosystem? The short answer is no. But although cybersecurity and the industrial internet of things is an ongoing and fluid process, here are some best practices that we recommend to mitigate risk.

Developers everywhere, especially those within the IIoT ecosystem, must design security into the architecture of their products from the outset to counteract the inevitable cyber threats. We strongly advocate “security by design,” which means incorporating strong security that increases the reliability and stability of the connected devices. Evaluate essential features for security, reliability, and safety throughout the architecture process. This will preclude building overly complicated products and help strengthen security. For example, security techniques to consider from a system architecture perspective are secure boot, secure storage, secure coding, secure updates, key management, white-box cryptography, and network traffic encryption. 

It’s also important to develop post-quantum cryptography (PQC) to address the cybersecurity challenges quantum computing will bring. Rather than traditional factoring, quantum computing requires other ways to add strong algorithms to respond to risks. For example, consider utilizing quantum random number generator (QRNG) technology.  

Security professions must also conduct regular penetration tests on the entire network infrastructure, including web apps, web APIs, web servers, client tools, admin tools, admin dashboards, mobile apps, communications protocols, and any third party SDKs and APIs.

When organizations conduct pen testing on a regular basis, it helps to ensure newly added or updated features are also secure. Also, consider the advantages artificial intelligence can bring to penetration testing, such as speed and accuracy.

For all of us who work in the industrial internet of things, our goal must be to build not only a smarter but a safer ecosystem.

By Min Pyo Hong, CEO and Founder, SEWORKS

# # #