The Mirai DDoS (Distributed Denial of Service) attack last Friday revealed a fundamental weakness of current IoT deployments and showed the absolute necessity of new security models. The DDoS attack was against consumer IoT device, but there are many parallels between Consumer IoT and Industrial. This attack involved 10s of millions of IP addresses[i], a massive and unprecedented number of devices. Unfortunately, it seems like it was fairly easy to carry-out, especially since the source code for the Mirai botnet is easily accessible. The primary tool to hack into an array of consumer IoT devices (internet enable cameras, DVRs, etc) was a set of default, manufacturer-set passwords. [ii] How many have run into default passwords on operational industrial devices? Or perhaps it would be better to ask, how many have ever run across a password that has been changed? The latter would probably be easier to count.
It is easy to think that this particular attack may not take the same form in an industrial network. There are a variety of differences in network design, types of devices used, network management, and access control. However, the strategy used in this attack is very relevant to industrial applications. Exploit one or many compromised devices, which are not the main target, to take down another device or the entire network – we need to plan for a defense against this type of an attack.
There are some key characteristics of this attack, especially with regard to the devices they were launched from:
- The devices are deployed to remote and difficult to manage locations. Software updates are sporadic if they happen at all.
- The devices run without direct maintenance or operator involvement. ‘Administrators’ if involved at all, just set it and forget it.
- Devices have access to a wider network and are sharing data in the network.
- The device can be easily compromised.
- The data on the network relies on a level of network or transport security, and is not inherently secure.
- The compromised devices weren’t the end target, but tools to achieve a different objective. This implies there is little incentive for the device manufacturers to spend money to design secure systems.
Does this sound like an industrial network you have worked with? It does to me.
Although we’d like to think that industrial devices and networks have better security than this, unfortunately this is not the case. We only need to look to the 2015 attack on Ukraine electricity distribution SCADA systems for proof. Industrial networks have relied primarily on anonymity and isolation from public networks for their security. But as more devices are deployed in industrial applications, and more private networks are connected to the web this is no longer nearly adequate. Access to these networks is not always a direct attack but could be from a physical breach (e.g. the Stuxnet attack), which can open up a hole in security firewalls to further compromise devices. Not to mention unintentionally compromised networks due to poorly designed software. IoT system should be designed with the assumption that there will be bad actors within the network that we can’t keep out. Technology and standards used must be designed to mitigate potentially adverse impact of such actors. So what is the solution?
The first requirement is securing the devices themselves; the industry needs to improve and develop systems for signing and securing everything from the hardware chips up through the OS, libraries and applications that have permission to run. This is fundamental. Bottom-up security must be the norm for these networks. Chain of trust, secure boot, and secure operating systems using trusted, signed software must be a requirement to operate in industrial networks.
However, we can’t assume all devices on a network are secure and must plan for operation when devices or applications are compromised. Data is critical to the operation of an industrial network and security should be a fundamental quality of any data.
Is there a standard that makes security part of the infrastructure, and is simple to implement yet highly robust? Yes, the OMG Secure DDS standard and RTI Connext® DDS Secure is just such a solution. RTI Connext DDS is based on the OMG Secure DDS standard and include features such as:
- Discovery authentication
- Data-centric access control
- Tagging & logging
- Secure multicast
Not only that, but it is transport agnostic, and is built with a plug-in architecture. This means that security of data and communication is independent of the network transport used and the standard security libraries can be replaced (using standard APIs) to suit the application’s security requirements.
There are key differences between the Secure DDS approach and other network security solution. With DDS:
- Security is part of the infrastructure and included in the Quality of Service metrics.
- It enables fine-grained access control of the data, what we call data-flow security, at a data topic level.
- It allows for a combination of security functions that can include encryption, authentication and access control so security can be fine-tuned to the needs of the data topic.
- All of this is done by configuration, so the application programmer does not need to understand or manage the security implementation, it can be handled by the system architect.
Secure DDS a fundamentally different approach to security that builds security into the infrastructure from the start. This has many positive benefits to ease of use, performance and robustness of the security architecture. But don’t take our word for it, ask our customers that are using DDS Secure on some of the most critical network applications.
The tools exist, we just need to use them and plot a path to migrate into this new secure paradigm. You can learn more about RTI Connext DDS Secure here and please contact me if you want to learn more about RTI’s solutions for securing the IIoT.