The "Internet of things" – sensors and other devices that communicate with each other and remote operators through the Internet – is one of the fastest growing domains of technology. It offers enormous promise for improved efficiency and reduced wastage of energy, water, and other resources. Unfortunately, the Internet of things also offers all too easy and tempting a target for terrorist or criminal hackers.
As Tom Simonite reports at MIT Technology Review, demonstrations at the recent Black Hat conference in Las Vegas underlined the vulnerability of industrial systems to hacking. One demonstration sprayed the audience with water from a simulated waterworks component that was tricked into overpressuring.
Vulnerabilities were also demonstrated that affected widespread remote sensors for oil pipelines. Yet another demonstration showed that technology used by 50 million electrical meters across Europe could be used to spy on home or business energy use, or even trigger blackouts.
So why is the emerging Internet of things – also called the industrial Internet – so vulnerable to hacking attacks? Security experts and industry observers identify a combination of factors. Much of the underlying industrial control software was developed decades ago, before the Internet (and especially the wireless Internet) were significant factors. The designers at that time were not worried about security, and did not build protective layers into their systems.
Now the industrial Internet is growing by leaps and bounds. But its development is so recent that a security culture has not yet emerged. Companies that provide Internet communications and services to human users have a strong motivation to worry about security: A security breach will let loose a flood of outraged users. Automated industrial systems, in contrast, do not light up the switchboards, or write angry blog posts and sarcastic tweets.
The Department of Homeland runs a service, ICS-CERT (Industrial Control System Cyber Emergency Response Team), that effectively reports on emergent threats. But this does not guarantee that they are fixed. Some experts believe that legislation will be needed to push industrial security along.
Don't let vulnerabilities in the Internet of things sneak up on you. GRT Corporation brings 17 years to technology security experience to the task of helping you ensure the security of your industrial systems and facilities.