A Comprehensive Guide to IoT Security
Hesham Medhat
Asset Integrity Management, APM, Meridium, Oil & Gas, Automation & Digitalisation, Prince2, CDIA+
With the rise of unmanaged devices in industrial environments due to digital transformation, it has become crucial to have a robust IoT security program to safeguard critical infrastructure from cyberattacks.
Table of Contents:
What Is IoT Security?
IoT refers to a network of interconnected computing devices, mechanical machines, or objects equipped with sensors and software that can autonomously transfer or exchange information over a network. The concept of IoT security encompasses the measures and technologies implemented to prevent or mitigate cyber risks for such devices.
The definition of IoT devices is broad, ranging from biomedical implants to sensors on manufacturing and electrical equipment. An industrial environment can comprise various smart devices that collect and act on data from their surroundings, with some devices even communicating and exchanging information with each other. These devices typically transmit their data to the cloud or are analyzed locally after passing through a gateway or edge device. Regardless of whether a device is categorized as IT, OT, or IoT, it requires protection to ensure operational resilience.
The following diagram illustrates the distinctions between the different device types.
Why Is IoT Security Important?
To enhance automation processes with data from these devices, industrial and critical infrastructure operators are swiftly deploying billions of devices. However, this trend also brings about new cybersecurity risks, as these devices become accessible through both public and private networks. Cybercriminals are increasingly targeting these endpoints, which have become easy targets, to compromise operational processes and maximize the economic benefits of a cyberattack.
The diagram below illustrates the different applications of these devices in our daily lives. While various organizations may use these technologies for different purposes, ensuring their cyber resilience should be a top priority. A cyberattack could have a catastrophic impact on critical infrastructure environments, such as compromising the electric grid or interfering with life-saving medical devices in hospitals.
High-Profile IoT Cyberattacks
IoT security challenges are prevalent everywhere, from thermostats and sensors to cameras and process controllers, and the theoretical threat has already become a reality. In October 2016, the largest Distributed Denial of Service (DDoS) attack in history took place, known as the Mirai Botnet Attack. This attack caused internet outages across much of the United States East Coast. Attackers scanned the internet for open Telnet ports, and by using default passwords, they were able to compromise a significant number of CCTV cameras and routers, which were then utilized as a botnet army.
Today, variants of this malware still exist and are closely monitored by the Nozomi Networks Labs team.
In 2017, hackers utilized a Wi-Fi enabled fish tank thermometer to steal 10 gigabytes of data from a North American casino that had recently installed it. Threat actors were able to extract the casino's database of high rollers through the thermometer since it acted as a gateway to the rest of the datacenter that contained sensitive personal and financial data and applications.
In March 2021, Verkada, Inc., a security camera company, experienced a breach where bad actors used a cloud server to obtain legitimate credentials, allowing them to access surveillance cameras deployed at thousands of customer sites. The attack exposed live feeds from 150,000 surveillance cameras inside hospitals, manufacturing facilities, prisons, and schools, and the attack was not technically complex.
What Makes IoT Security Challenging?
1. IoT Devices Are Typically Unmanaged and Insecure by Design
Once IoT devices are deployed, their software is often left without updates, especially when it comes to firmware, which is where many vulnerabilities can be found. This makes these devices susceptible to attacks that could otherwise be prevented with regular updates and management.
2. Weak Identity and Access Control Measures
Compromising IoT devices is often easier than managed IT devices because default passwords are commonly used and strong authentication procedures may be lacking.
3. Connected IoT Devices Become Easy Entry Points
IoT devices usually connect to a larger ecosystem that involves IT infrastructure, data centers, business applications, and the cloud. Since these devices typically lack strong cybersecurity controls, they are easy targets for hackers looking to gain entry to the broader network.
Recommended by LinkedIn
4. Lack of Network Segmentation
Large-scale industrial IoT deployments are not easily conducive to the level of network segmentation required to minimize cyber threats or prevent the proliferation of malware.
5. Inability to Install Agent-Based Security Software
Most IoT devices currently available on the market lack the capability to host software security agents. While it is relatively easy to install agents on operating systems such as Windows, Mac, and Linux, IoT devices have very different and functionally reduced operating systems. This is primarily due to their limited processing and communication capabilities, as well as their inability to accommodate the bulky software required for security agents.
6. Rogue Deployment of IoT Devices
Yes, that's correct. IoT devices are often deployed by operational technology (OT) teams who focus on optimizing the performance of the devices and their applications. These teams may not have the same level of expertise or awareness of cybersecurity risks as IT and cybersecurity teams. As a result, IoT devices may be placed in insecure areas of the network, such as directly on the internet or on networks without proper segmentation or access controls. This makes them more vulnerable to cyberattacks and increases the potential impact of a successful attack.
IoT Security Guidelines & Best Practices
Despite the lack of a regulatory body responsible for IoT device cybersecurity, several Federal-level efforts have been made to enhance their security practices. In 2020, the National Institute of Standards and Technology (NIST) launched their NIST Cybersecurity for IoT Program, which aims to promote trust in IoT and facilitate global innovation through standards, guidance, and tools. The NIST Cybersecurity Framework (CSF), a risk-based framework, helps organizations manage and safeguard their critical infrastructure and data while also providing a standard language and guidelines for comprehending, managing, and communicating cybersecurity risks. In this context, we will explore some best practices for securing IoT devices using the NIST Cybersecurity Framework.
1. Identify
To ensure IoT device security, it is important to identify the various types of devices being used in the organization and the risks associated with them. This involves assessing the data that the devices gather and transmit, as well as the potential consequences of a cybersecurity breach.
An effective asset management system that can monitor each connected device with up-to-date information, such as zone and network location, patch status, and lifecycle, is crucial to this process.
2. Protect
Deploying suitable security controls is crucial for safeguarding your network against threats. Some of the security measures include installing a firewall that can either isolate or terminate connections linked to malware or other suspicious activities. Additionally, implementing security controls such as network segmentation, multi-factor authentication (MFA), and encryption is also beneficial.
Creating a process for network security engineers to prioritize the most vulnerable and high-risk assets when it comes to patching is essential. This approach minimizes the overall exposure to risk and enhances the network's resilience.
3. Detect
Put in place mechanisms to detect and monitor potential cybersecurity risks and vulnerabilities. This can involve using security incident and event management (SIEM) systems, network monitoring, and log analysis.
One possible solution is to use an industrial network monitoring tool that can be integrated with network access control (NAC) products to identify and expose the highest potential risks in real-time. For example, such a tool can direct NAC products to allocate critical or vulnerable assets into dedicated VLANs, which can be set up in a DMZ configuration.
4. Respond
To effectively respond to cybersecurity incidents, it is important to have a well-defined plan in place. This plan should include procedures for identifying and isolating affected devices and systems, as well as communicating about the incident to relevant parties. It may also be helpful to utilize incident response playbooks and forensic analysis tools to streamline the response process and minimize the impact of the incident. By having a plan in place, organizations can respond quickly and efficiently to incidents and minimize potential damage.
5. Recover
It is crucial to plan and test business continuity strategies for recovering from cybersecurity incidents, such as restoring affected systems and processes and mitigating potential impacts. In addition, collaborating with industry partners and government agencies to share information about cybersecurity threats that affect IoT devices and continuously reviewing and improving cybersecurity procedures can be beneficial.
Regularly conducting tabletop exercises to simulate different types of cybersecurity incidents and testing the effectiveness of the response plan is also a good practice. This can help to identify gaps in the plan and areas for improvement.
Moreover, staying informed about emerging threats and vulnerabilities in the IoT ecosystem and implementing timely security updates and patches can help reduce the risk of cyber incidents. Finally, ensuring that all stakeholders, including employees and vendors, are trained and aware of their role in maintaining the security of the IoT environment can also contribute to a robust cybersecurity posture.
To obtain a comprehensive understanding of how OT / ITO security services is assisting your operations worldwide, schedule a demonstration with one of our system engineers to discover how we can assist you.