Good reasons abound for concerns about the vulnerability of the electric grid to cyber attacks. Likewise, enterprises must confront serious security risks as a growing number of firms adopt industrial IoT (IIoT) technologies. Consumers risk potential hacks as they install IoT gadgets such as smart thermostats or voice-activated devices like Amazon’s Echo in their homes.
Recent stories paint a dark picture of these risks. A story about Industroyer—a modular malware likened to the notorious Stuxnet worm—sends a sobering message. The story’s author, Robert Lipovsky, says, “Industroyer poses a big threat to industrial systems because it doesn’t exploit any vulnerabilities,” and that its four payload components “are designed to gain direct control of switches and circuit breakers at an electricity distribution substation.” Also, the malware can be reconfigured to attack other energy infrastructures and other industries like manufacturing or transportation.
In the broader realm of well-known Bluetooth technology, the story is much the same. An IoT security firm called Armis has uncovered critical flaws in Bluetooth implementations that could affect up to 5.3 billion devices. The Armis researchers have named this threat vector BlueBorne. So far, nothing untoward has been reported in terms of hacks, and Armis is working with Apple, Microsoft, Google, and Linux developers to quietly coordinate the release of patches to stop potential attacks. But left unchecked, attackers could theoretically take over Bluetooth devices or commandeer their Internet traffic.
Products to Protect against Threats
Despite these ominous stories, technology vendors have new products aimed at reducing security threats. Intel, for example, has a new process called Secure Device Onboarding to ensure a more secure deployment of connected devices for enterprises. The idea is to help industrial customers safely and quickly install IoT devices, such as lighting, sensors, and gateways. The company is working across the ecosystem to help push this new level of security and boost IoT adoption.
Similarly, Cisco is touting enhanced routers for utility customers with security at their core. Executives from Cisco report that security is top of mind for utility and other enterprise customers in the face of the latest cyber threats, and the company is responding to this this demand.
Elected officials in the United States also see the threat to IoT devices, and are pushing new legislation. A bipartisan group of senators has proposed a new IoT Cybersecurity Improvement Act of 2017, which is still working its way toward approval. The law, if enacted, could be one more key driver toward a safer IoT and IIoT world.
In the face of potential IoT-related threats, it might be easy to see only the dark side. To be sure, connected devices are more vulnerable than non-connected ones. Nonetheless, leading IoT vendors, their customers, and even legislators are taking real steps to hinder harmful attacks. This means that the situation has a bright side, too.