How IIoT Can Help You Avoid Unplanned Downtime

Even if you are among those who don’t yet own IoT devices, such as smart speakers, internet-connected thermostats, or a smart-watch, know that industrial IoT (IIoT) devices – manufacturing-related machinery that can be connected to the network ecosystem – are already playing a part in your daily life. From water and electricity delivery to manufacturing to entertainment, IIoT devices are now anchored in quite a few industries.

The Industrial Internet of Things has set the tone for the integration between IT (information technologies) and OT (Operational technologies). The OT, in essence, is nothing more than the possibility of analyzing a series of data coming from IIoT machines and making decisions that are implemented through the network itself, to which the machines are connected.

For example, machine X, connected to the industrial network, is responsible for carrying out an operation. Thanks to the industrial internet of things, I can constantly monitor the data I get from the match in real-time. X, thus knowing everything about him and knowing in advance any anomalies that may occur during his operation. If everything is fine, I just have to give a command, via the network, to operate it.

How IIoT machines can attack? What are the effects?

Suppose an attacker places its focus on bringing a certain activity to its knees. He or she starts by creating a tempting phishing email with a malicious PDF and sends it to HR in the form of a job application. The employee responsible for monitoring job applications opens the PDF, effectively compromising the computer.

The attacker makes his way sideways through the network, monitoring network traffic and scanning compromised systems, looking for access to sneak into sensitive processes. Without multi-factor authentication enabled for sign-in, they have little trouble doing so. The attacker eventually manages to compromise a domain controller, where it distributes malware using a Group Policy Object (GPO), successfully compromising the entire IT network.

Due to the poor segmentation, the attacker finally manages to reach the OT network. Once inside, the attacker performs the recon, reporting the IIoT assets present. The attacker identifies vulnerable services in resources, exploits them, and takes them offline. Production stops and the business are effectively closed.

As you have seen, the most common vector for cyberattacks, e-mail, certainly applies here as well. An attacker could attempt to gather information about engineers, plant managers, and developers who have access to IIoT systems and target them specifically with phishing emails. Compromising a computer owned by one of these users can be the most direct path to compromising IIoT resources.

How to protect the machinery?

As we saw from the previous example, an IIoT attack can be prevented by any type of device; for this reason, it is essential to protect any type of device that is routinely connected to the network.

At the same time, we also saw how a non-segmented network favored the attacker, in the example above. In the same way, however, the threat originates from something that has nothing to do with production: an email to human resources. Yet this makes us think that even emails deserve a high level of protection.