Protecting critical infrastructure in an IoT world

by Simon Howe, Director of Sales ANZ, LogRhythm

Attacks on critical national infrastructure such as power grids, communication networks and the banking sector have massive implications for any country. Disruption to public services, hits to the economy and even loss of life are all potential scenarios.

 For this reason, governments and private-sector organisations are increasingly focused on finding ways to ensure such infrastructure is secure and able to withstand cyber attacks. Taking a reactive stance is simply not an option.

 To make the challenge even larger, there is a new and complex area being targeted and utilised by cyber criminals. Dubbed the Internet of Things (IoT) it comprises the growing range of connected items that are already touching many facets of daily life.

 IoT devices range from web cams and home automation devices to drones and driverless cars. They also include sensors that monitor everything from power station operations to the integrity of dam walls. Any attacks that cause these devices to malfunction could have dire implications, and they have also been utilised by threat actors to perform DDoS attacks.

 The battle has already begun

It might be easy to regard the IoT as a futuristic world that's still on the planning board, but nothing could be further from the truth. There are already billions of connected devices and the number is growing exponentially.

 The security challenge they bring was highlighted in late 2016 when criminals disrupted US domain name system provider Dyn. The attack caused disruption to major websites such as, Netflix, Visa and Starbucks.

 Security experts discovered the disruptions were caused by a distributed denial of service (DDoS) attack mounted using large numbers of IoT devices including baby monitors, residential gateways and web cameras.

 The incident brought into sharp focus the implications of IoT on critical infrastructure security. As the number of devices grows, the potential for attack and disruption can only increase.

 Escalation path

It's likely that IoT-based attacks will follow a similar path to cyber attacks against more traditional IT systems. Criminals tend to begin by using a botnet comprising large numbers of devices which is then used to disrupt a specific target.

 The second step is usually the theft of personal or financial information that can be used for profit. This can include anything from credit card numbers and bank account details to medical records and sensitive company data.

 The third step criminals take is to attempt to cause damage or lasting disruption to their target. This could range from disabling a power station to disrupting a water treatment plant. This is what has experts most concerned when it comes to IoT.

 The IoT security challenge

The prospect of securing millions of internet-connected devices and critical infrastructure seems daunting but it's a challenge that has to be met. Around the globe, security experts are focused on the task and creating techniques and tools to get the job done.

 At the end of the day, it should be remembered that we are simply talking about computers, ranging from legacy systems to new IoT devices. All have to be monitored and protected from a growing range of cyber threats.

 A key challenge when it comes to securing the IoT, however, is that the devices often tend to be small with limited CPU capacity and a low bandwidth connection. This means sophisticated security software can't be deployed as it would in other areas.

 Security Automation and Orchestration

For this reason, another approach is required when it comes to securing IoT devices. It involves using the streams of data emitted by them to determine whether they are operating normally or have been compromised by an attacker.

 The data could range from telemetry information to location details or other simple functions. After extracting this data from large numbers of devices, it can then be analysed and any anomalies that might occur can be identified.

 Known as Security Automation and Orchestration (SAO), the approach can streamline monitoring of large numbers of devices and reduce the time taken to respond to any incidents. A baseline of normal device behaviour is created and then anything that differs from that baseline triggers an alarm.

 By taking an SAO approach to IoT security monitoring, threats can be quickly identified and steps taken to minimise any damage or disruption to critical infrastructure.

 Security professionals also need to be prepared to collaborate with their peers and share details of identified threats as well as the approaches and tools found to be most effective. By sharing in this way, the benefits of internet-connected devices can be enjoyed while the efforts of cyber criminals are thwarted.

Tags cyber attacksamazonvisanetflixstarbucksSimon HoweDDoS attacksLogRhythmInternet of Things (IoT)SAO

Show Comments