Virtually anything that’s Wi-Fi-enabled—ranging from kitchen appliances like refrigerators to military drones—has the potential to be hacked. But while there are many concerns about the security of specific IoT devices, one area that may be particularly susceptible to attack is what one company, SCADAfence, calls the “industrial internet of things.”
Founded in 2014 by Yoni Shohet and Ofer Shaked, both ex-officers from the intelligence corps, SCADAfence is located in the city of Be’er Sheva, south of Israel. It’s a cybersecurity hub where many R&D and cybersecurity initiatives are operating, including the university and high-tech scene. TechRepublic spoke to Shohet to learn why the “industrial internet of things” is particularly vulnerable to cyberattacks—and what can be done to prevent them.
What is exactly is the industrial internet of things?
The “industrial internet of things” is basically the fact that the old or industrial devices are starting to connect among each other, and also to external environments.
SEE: MIT shows how AI cybersecurity excels by keeping humans in the loop (TechRepublic)
We’re seeing a greater revolution in how today’s manufacturing environment are running and operating. In some parts it’s called ‘industrial internet of things, in Germany it’s called Industry 4.0. It’s basically what they recognize fourth industrial revolution in the manufacturing sector. The main purpose of this revolution is to increase the productivity and reduce cost of today’s day-to-day production task and production operations. To do so, these industries are adapting new technologies that enable better connectivity, better analytics, better maintenance and better performance for these environments.
As part of this change, we’re seeing these industrial environments connected to external networks such as the corporate or IT environment and even to the internet directly, in order to enable through technologies and to enable these advanced and smart platforms to operate inside industrial environments.
What are some practical examples of industrial IoT devices? Are you talking robots in warehouses?
If I have a pharmaceutical production environment, along the production floor there are different machineries. For example, I have pressure, water, injection machines that inject the different chemicals. In the past, each system or each device was connected to a single panel, basically connected to external networks. The devices themselves can be controlled by companies such as Rockwell Information, Siemens, et cetera. These are connected to physical devices, which could be from nuclear reactors or turbines, to isolators, to different machinery that we can imagine that exist in today’s factories.
Once we connect these environments to external networks, it exposes them to new types of cyber risk. They were not designed to be connected to external environments; therefore, they’re not designed to face potential cyber attacks and potential cyber threats.
The main three risks that we recognize for these environments today are:
- Operational downtime: shutting down the operations; either sabotaging the equipment for just shutting it off.
- Product manipulation: One piece of plastic found its way to one piece of a chocolate bar at the Mars chocolate bar company, and was shipped out to the market. Once it was detected, the company needed to do a recall from 55 states, costing tens of millions of dollars. This was due to an operational error that was not detected on time. Imagine if a hacker wanted to cause the same effect. He could have easily caused this type of manipulation and changed the way that the part has been produced, then made sure the part was released to market without the company being able to detect this type of manipulation or this change to the product itself.
- Sensitive information theft: Just two weeks ago, a US corp accused the Chinese of stealing sensitive and proprietary manufacturing production methods, allowing the Chinese to copy proprietary material that this company is producing. For secrets that include formulas, like Coca-Cola’s secret recipe, it would have huge consequences on their financial and competitive advantage.
The department of homeland security just released the statistics are based on cyberattacks from 2015. What were the main findings?
It’s a very specific and very narrow look into the cyber attacks regarding industrial sectors, industrial environments. The department of homeland security organization Industrial Control System Cyber Medical Response Team, (ICS-CERT), is in charge of responding to cyber events in the industrial sectors. They measure these types of statistics regarding attacks against, focusing on infrastructure and industrial environments. In 2015, there was a 20% increase in the number of attacks against industrial sectors. For the first time, main target was critical manufacturers, which suffered from 33% of the incidents. This was the first year that the energy sector was not tapped number one target market—critical manufacturers were.
Why, in particular, is that sector vulnerable?
I think it’s not precisely more vulnerable, it’s just that I think we see that it’s becoming a more prime target. This is a very clear financial motive to attack these types of companies. For example, we’re seeing today a trend that is called ransomware attacks, where basically the hackers take control of an environment, the net ransom, in order to release they’ll control all the environment and until they don’t get paid, the company cannot use their infrastructure also theft of the trade secrets and sensitive and proprietary manufacturing methods have clear financial motives for the hacker type of criminals to gain access this type of information.
I think that is the main reason is the fact that these hackers are seeing more potential in accessing interconnected environment, which is now more accessible because it’s more connected to the outside world. They can get their hands on very, very sensitive and basically the critical assets of these manufacturers. For food and beverage or automotive companies, for example, the most critical assets are inside these industrial environments.
How does SCADAfence prevent attacks?
SCADAfence develops cybersecurity solutions to help industrial customers and manufacturers gain visibility and protection capabilities inside their industrial environment. Our solutions are designed and built to offer WI-FI-enabled tools to make sure that there aren’t unauthorized activities inside the environment.
One of the biggest challenge is inside industrial environments, SCADA is analyzing and understanding industrial protocols and industrial behaviors and industrial characteristics. We’re talking about very, very different equipment, very different communication protocols and different usage of the day-to-day operations.
Do you have a method that involves AI at all or human analysts?
We do not incorporate AI inside our technology. It’s completely automated so it doesn’t require human analysis. It only requires human analysis or technical analysis once the report is generated and it requires the attention of the customer.
Can you give some examples of cyberattacks on industrial IoT?
There was an attack in 2015 against a German iron plant. It’s an iron plant which is not a utility or infrastructure, but a manufacturer. During this attack, the hackers were able to gain access to the production floor and cause physical explosions inside the production floor, causing massive damage to the equipment inside the environment. Obviously putting in danger both human lives and very, very expensive equipment, which resulted with shutting down some of the operations side environment.
This is a great example of what can happen to manufacturers that are targeted by hackers with a good incentive to cause significant financial damage.