IoT in the industrial environment: benefits and security threats
What is the first thing that comes to mind when you think of the Internet of Things (IoT)? Probably smart lamps that are controlled with smartphones, voice-configurable smart thermostats, or even a stylish NFC lock to enter your home. In fact, this market — which has been growing steadily — tends to focus on products for the end consumer. However, the number of industrial plants, hospitals and other critical infrastructure that use these types of gadget is also growing.
After all, the same facilities that they bring to your domestic everyday life also apply to professional environments. A sensor connected to the internet can alert a remote operator if certain machinery is not at its ideal working temperature, allowing the problem to be solved from a distance; facial recognition padlocks facilitate access control, allowing only authorized staff in restricted areas; an intelligent freezer can monitor and maintain vaccines at a clinic at the ideal temperature so the immunizer or medication does not spoil, and so on and so forth.
But what about security? Unfortunately, the weaknesses of the IoT for the end consumer also apply here. We are talking about different devices, manufactured by different companies, and you can't just install a security solution for each. Managing the IoT in critical infrastructure is a complex and challenging mission — it is difficult for IT managers and security teams to have a full view of all the products connected to their network and ensure that their firmware is always updated.
Risks and precautions
The name says it all: critical infrastructure. It is an environment where if your processes were to be interrupted for a few hours, irreversible moral, financial and reputational damage could be caused. In certain cases, this damage would directly impact the quality of life of the population of a given city, state or country — which is why state-sponsored hacker groups are so keen on attacking power distributors, public transport systems, and so on. Not to mention the case in which a German citizen died because of an attack on a hospital.
Another recent case involved a renowned Brazilian healthcare institution that is directly involved with the packaging COVID-19 vaccines using imported inputs. It was found that, due to a failure in one of its servers, malicious agents were able to invade the database, access the freezer management system (which was managed remotely), and completely unconfigure it, turning off malfunction warnings and spoiling raw materials. This was a case that could have affected the Brazilian vaccination schedule against the disease.
Because of these challenges, the implementation of IoT in industrial environments must be based on consistent planning and provide appropriate solutions to manage these devices. It is important to have a comprehensive view of your smart device network, since a simple breach in a “forgotten” gadget can compromise the entire system. And finally, of course, users must be aware to ensure that these crucial resources are not used improperly.