Blog(eng)

How to pre-emptively deal with the risk of Industrial IoT

Written by SSenStone | May 17, 2022 7:21:27 AM

The assumption that hackers take control of the internet of things (IoT) and cause serious problems to our society is an agenda repeatedly raised by many futurists and security experts. You may intentionally dismiss it as a story that could only be found in Isaac Asimov's science fiction novels, but now is the time to face reality.

A symbolic incident last year demonstrated how much risk we face when industrial IoT (iIoT) devices are exposed to external threats. The water's chemical treatment levels in Florida Water Treatment were changed by hackers using remote access software. Authorities estimate the hacker had access for three to five minutes, and during that time, they adjusted the level of sodium hydroxide in the water from a normal 100 parts per million all the way up to 11,100 parts per million.

 

Cyber threats to industrial control systems are not new

External threats on iIoT have increased due to the spread of digital transformation, but cyber attacks on industrial facilities by hackers have a long history. In 2012, smart meters in Puerto Rico were hacked and the billing system was manipulated, resulting in a loss of about $400 million. In 2017, the control function of industrial control systems (ICS) of a Petrochemical plant in Saudi Arabia was also completely exposed to hackers.

This is why it's no surprise that many enterprises still make security a top priority when deploying Industrial IoT. According to “Enterprise Requirements for IoT Connectivity” survey conducted by Analysys Mason earlier this year, security is still top of mind for enterprise IoT connectivity with 72% ranking it as one of their top 3 challenges.

 

Despite security threats, iIoT market growth is unstoppable

Industrial IoT is a novel concept of a fully connected, transparent, automated, and intelligent factory setup, collectively enhancing the production environment with lower costs, agility, efficiency, remote operations, etc.

As the benefits of new business with iIoT are so great, companies have no choice but to rush to adopt iIoT even though potential threats are still unresolved. According to McKinsey, iIoT-based software solutions increase labor productivity by 40% through machine data, and remote assistance and maintenance tools reduce field-service costs by 40%.

According to Future Market Insights, the industrial IoT market is projected to reach a valuation of US$ 1.3 Tn by 2032, advancing at a CAGR of 12.2% throughout the forecast period.

From 2021 to 2028, the logistics and transportation segment is expected to grow at a CAGR of more than 26%. The considerable emphasis that logistics and transportation businesses are placing on improving asset management and, as a result, on the implementation of smart transportation can be linked to the rise. The manufacturing segment of the industrial IoT market is expected to rise at a CAGR of 11.1% throughout the forecast period.

 

Vulnerabilities plaguing iIoT and their solutions

Even though cybersecurity for industrial IoT has gotten stronger than the past, IoT applications suffer from various vulnerabilities that put them at risk of being compromised. The most common vulnerabilities include weak or hardcoded passwords, lack of an update process or mechanism, unsecured network services, and ecosystem interfaces, outdated or unsecured IoT app components, and unsecured data storage and transfer.

Among those vulnerabilities, the password breach problem cannot be overemphasized. Although laws to prevent universal default passwords for IoT devices continue to appear in countries around the world, it is still true that most IoT devices are produced and distributed with the same passwords. As a result, intercepting the data streams of IoT devices or spoofing devices or systems remains one of the most pressing challenges.

 

Value of dynamic code to authenticate IoT

The spoofing problem can be sufficiently solved with a dynamic code-based authentication process that does not use a fixed value. Because One-time Authentication Code (OTAC) cannot be reused, there is no possibility of system contamination due to data theft, and it can be applied to IoT devices with low specifications due to its small capacity. This proves essential when wearing a small bio-band as well as manufacturing/logistics. It is also useful in the field of human defense.

OTAC algorithm was put to the test and fully substantiated in a detailed 42-page technical review by the University of Surrey.