Virtualization Technology News and Information
Forcepoint 2019 Predictions: Industrial IoT Disruption at Scale

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by George Kamis, Chief Technology Officer for Global Governments and Critical Infrastructure, Forcepoint

Industrial IoT Disruption at Scale

Networked industrial control systems (ICS) that require "always-on" connectivity represent an expanded attack surface, and nowhere is that more apparent than in IoT devices. WiFi and other network-connected sensors in autonomous vehicles and appliances have introduced a rapidly evolving set of security requirements. While attacks on consumer IoT are prevalent, the possibility of disruption in manufacturing and similar industries makes the threat all the more serious.

The 2018 Forcepoint Cybersecurity Predictions Report discussed the potential for man-in-the-middle (MITM) attacks on IoT networks. In 2019, attackers will break into industrial IoT devices by attacking the underlying cloud infrastructure. This target is more desirable for an attacker- access to the underlying systems of these multi-tenanted, multi-customer environments represents a much bigger payday.

There are three issues at play: the increasing network connectivity to edge computing; the difficulty in securing devices as more compute moves out to the edge, as they do in remote facilities and IoT devices, and the exponential number of devices connecting to the cloud for updates and maintenance.

As control systems continue to evolve, they will be patched, maintained, and managed via cloud service providers. These cloud service providers rely on shared infrastructure, platforms, and applications in order to deliver scalable services to IoT systems. The underlying components of the infrastructure may not offer strong enough isolation for a multi-tenant architecture or multi-customer applications, which can lead to shared technology vulnerabilities. In the case of industrial IoT, a compromise of back-end servers will inevitably cause widespread service outages and bring vital systems to a screeching halt. Manufacturing, energy production, and other vital sectors could be affected simultaneously.

With Meltdown and Spectre in 2018, we saw vulnerabilities that bypass the software and firmware layers to expose processor hardware to exploits. In this scenario, attackers use low-privilege programs in order to access more critical data, such as private files or passwords. Almost all CPUs since 1995 are thought to be vulnerable, and new variants of Spectre continue to surface. Attackers will divert their attention on developing variants that subvert the underlying cloud infrastructure used by IIoT systems. As processor speed is critical to performance, manufacturers and cloud service providers could continue to choose speed over security in order to gain a competitive edge, inadvertently introducing further vulnerabilities.

Organizations will need to move from visibility to control where the IT and OT networks converge to protect against these deliberate, targeted attacks on IIoT systems.


About the Author


George Kamis is the chief technology officer for government markets at Forcepoint. He works closely with Information Assurance industry leaders, government executives and the Forcepoint executive management team to help guide long-term technology strategy and keep it aligned with federal and industry requirements. By leveraging his wealth of over 25 years of experience in cyber and cross-domain solutions, he has helped lead the company to the forefront of cross-domain systems product development. Prior to his role as CTO, he served for 10 years as vice president of engineering at Trusted Computer Solutions and ran both the Professional Services and Development organizations. Raytheon acquired Trusted Computer Solutions in 2010.

Prior to Trusted Computer Solutions, Kamis worked for the U.S. Naval Research Laboratory, Center for High Assurance Computer Systems, and developed multilevel secure systems for the Navy. He is an active member of the Technology Committee for the Fairfax County Federal Credit Union, and consults on information technology and cybersecurity related matters.

Kamis earned a degree in electrical engineering with honors from West Virginia University and holds active memberships in both the Institute of Electrical and Electronics Engineers (IEEE) and Armed Forces Communications and Electronics Association (AFCEA).

Published Tuesday, December 04, 2018 7:18 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2018>