Donald Schleede, Information Security Officer
For the Internet of Things (IoT), security is becoming a non-negotiable requirement. Although some may mistakenly assume IoT data is not being targeted by hackers, remotely connected devices on the front lines of IoT solutions are being exposed to more frequent cyber-attacks – because what appears to be mundane operational data represents value to those with malicious intent.
IoT standalone devices must employ unique security methods to defend against attempts to breach and disrupt operations, while managers of remote equipment should stop and think about all the moving parts of IoT hardware, from operations to purchasing, and consider what is at risk when steps aren’t taken to button down device security.
Intelligence has continued to migrate out of protected data centers to millions of devices, each with its own function, Internet connection and location on the web. Hackers now have many more potential targets of opportunity available. IoT devices will increasingly be used in vehicles for fleet management, and in smart buildings, smart grids, and other important infrastructure. These devices, in many cases wireless sensors and gateways, are collecting, storing and transmitting information, and are expected to be capable of sending anything from occasional alerts to large streams of real-time data – all while linking vast arrays of unattended devices into corporate networks.
Threats to remotely located assets include web interface authentication and authorization methods, non-existent transport encryption security, inadequate security configurations and poor physical controls. (See Previous Article) Botnets, Man-in-the-Middle and denial-of-service attacks will be just some of the approaches hackers will employ as they seek to target remote, connected IoT devices.
Industries Vulnerable to Remote IoT Device Hacking
Smart Grids, Smart Cities and the Transportation Industry are three examples where connected remote devices, both wired and wireless, are increasingly being leveraged to improve operational efficiencies, expand coverage, introduce new offerings and cut costs.
Smart Grids use sensors, meters, digital controls and analytic tools to automate, monitor and control the two-way flow of energy across operations—from power plant to plug. Remote assets may include communication devices for remote substation equipment, reclosers, capacitor banks and other transmission equipment. Using these remote assets, a power company can optimize grid performance, prevent outages, restore outages faster and allow consumers to manage energy usage right down to the individual networked appliance.
Smart City applications use remote assets for applications ranging from public safety and traffic management to intelligent lighting and water treatment—the “cannot-fail” public infrastructure that the public depends upon. Data from those assets, including remote sensors and cameras, help reduce traffic congestion, optimize transit performance and maintain services availability.
In the Transportation Industry, remote IoT assets are used for everything from fleet management to heavy equipment quality control, intelligent route monitoring systems for passenger transit, wireless positive train control (PTC), and wayside and engine communication enablement solutions for rail systems.
A Basic Checklist of Issues to Address
In each of these implementation scenarios, remotely connected IoT assets face assault from many directions and in many forms. One of their major advantages is also a significant disadvantage from the security perspective: as connected devices, they can be reached via other networked wired or wireless connections. Apart from the fact that they can still be attacked via direct physical access, specific issues to address include:
- Access/Authentication: IoT devices need to trust their remote devices and recognize them as legitimate network devices, and that they have not had their manufacturer code altered.
- Systems receiving IoT data can be fooled by a device pretending to be authorized, but actually controlled by a hacker sending malicious or altered code.
- Secure updates: Systems require regular updates to patch issues. Updating a single system can be easy, but with large numbers of scattered IoT devices, keeping up can be daunting. The risk is that systems either fall behind on critical updates or require large amounts of scarce support time to stay up-to-date.
- Encryption: IoT devices often store data that is protected by an encryption key. In many cases, a hacker who gains access to the device can also find the key needed to decrypt the stored data.
- Port Access: With devices spread across the globe, and often in remote locations, a hacker can actually physically break into a device, plugging in to gain access through the JTAG hardware engineering port, through serial ports for admin, through network ports or through an Ethernet port.
An IoT Security Framework
Thought must be given now to a security system that will address the specific needs of an IoT solution, and users should begin thinking and planning for a framework that will ultimately feature several advanced capabilities.
There should be an authenticated boot sequence capable of checking a manufacture’s certificate every time a device is booted. The goal is that the system would validate users every time a remotely located IoT device is accessed – whether access takes place over a network or at any of the device’s physical ports. Ideally, these devices will ultimately be capable of presenting a digital signature when uploading on the network, and that signature would not be available to counterfeit devices.
Work should be done to develop a mechanism that efficiently monitors for and distributes firmware updates. Ideally, that system will be cloud-based and will regularly check for firmware updates, then securely download them to keep systems up-to-date without burdening support staff. For users that are prevented by regulation from accessing updates via the cloud, the system should also support local update entry. When it comes to IoT data, data resident on IoT devices should be encrypted, and the decryption key should be kept in a lockbox to keep it safe from hackers.
Going forward, the most advanced IoT security frameworks will also include a hardened co-processor to store security functions separately from those on the main processor. In addition to providing another layer of security, this will expand the storage capacity for security functions and allow the co-processor swap-out co-processors in future designs without impacting the device’s main processor.
Special Considerations for Cost, Size, and Power Sensitive IoT Applications
Because most IoT devices will be made as small and inexpensive as possible, there is security functionality that just won’t fit on a device’s main processor, and over time security demands will only continue to grow.
Security functions that are not device-resident should be accessible on a management platform, with cloud-based models being most efficient – since IoT devices are, connected by definition, additional security features will need to be provided over, and resident in, the cloud.
A recent cybersecurity research report by AT&T, the Cybersecurity Insights Report, found that 85 percent of enterprises surveyed are in the process of deploying IoT devices, or are planning to do so, but only 10 percent feel confident that they can secure those devices against hackers.
Since the implementation and integration of an advanced IoT security framework requires significant expertise and effort, organizations without that resident expertise should consider turning to partners and suppliers capable of providing a complete, secure IoT security framework. In addition to measures focused on specific capabilities such as secure boot sequence, automatic, secure firmware updates, and processor requirements, users should inquire about resources dedicated to a security group or division within a solution provider’s organization, and they should ask similar questions about the manufacturers of the devices those solution providers are using. Another important question concerns ongoing threat measurement and monitoring services the service provider offers that would apply to the devices that make up the solution.
It’s simply not possible to prevent security breaches 100 percent of the time; the more realistic goal is to work to make interference difficult vs. impossible. However, that does not obviate the need to begin planning for the creation of a framework that will reduce the security risks associated with IoT deployments.
Donald Schleede, the information security officer at Digi International, a Minnesota-based manufacturer of embedded systems, routers, gateways, and other communications devices for machine-to-machine (M2M) systems. Schleede manages Digi’s Device Cloud, a cloud-based device-management solution that provides Digi’s customers with secure, remote access to Digi devices. For more information visit www.digi.com