For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure.<\/p>\n
![](\"https:\/\/images.idgesg.net\/images\/idge\/imported\/imageapi\/2022\/04\/26\/03\/security-shield-protection-form-lines-triangles-and-particle-style-vector-id1018011064-100905046-large.3x2-100925437-large.3x2.jpg?auto=webp&quality=85,70\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Tue, 31 May 2022 12:16:00 -0700<\/strong><\/p>\n For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure.<\/p>\n As digital processes become deeply embedded across every industry, it makes sense that industrial control systems were tested at this year\u2019s Pwn2Own contest. Hackers were asked to seek out vulnerabilities in industrial software and systems.<\/p>\n Contest winners Daan Keuper and Thijs Alkemade<\/a> found that once they managed to break into the IT networks used at these companies, it was \u201crelatively easy\u201d to then cause havoc with systems and equipment.<\/p>\n In part, this is because at this stage of the transformation, much of the equipment used in manufacturing wasn\u2019t originally designed to be connected to the internet or has weak or outdated security.<\/p>\n IT understands this, of course, which is why industrial IoT deployments tend to secure the IT networks they use, but this also means that if those networks are penetrated, much of the deployed equipment lacks additional protection. And it means that numerous potential attack surfaces exist.<\/p>\n This is never good, but at present the threat to critical infrastructure is growing<\/a>.<\/p>\n In the event that security is broken, attackers may take over machinery, modify processes, or simply choose to shutter production. This can have huge consequences \u2014 on the company, its customers and partners, and across already creaking supply chains.<\/p>\n Louis Priem, consultant at ICT Group, said, \u201cSystems in factory environments typically run 24\/7, so there is very little opportunity to patch vulnerabilities. In addition, there is a lot of legacy, as machines are purchased for the long term, and there is usually no opportunity to install antivirus applications. All these make the industrial sector vulnerable to malicious parties.\u201d<\/p>\n Speaking to MIT Technology Review<\/a><\/em>, the Pwn2Own winners warned that security in industrial control systems is lagging behind badly. Think of how a successful attack against Target<\/a> a few years ago made use of an insecure HVAC system to penetrate the corporate network, which shows the need to protect every available endpoint.<\/p>\n These days more than ever, security lives at the edge<\/a>.<\/p>\n It’s not as if we couldn\u2019t see problems like this coming.<\/p>\n The evolution of industrial IoT has seen the creation of a myriad of different standards<\/a> with differing security levels. This has driven many in the space (including Apple) to develop joint standards<\/a> for connected devices.<\/p>\n Matter, the consumer IoT standard that is the first fruit of that effort, should arrive this year, while the more industrial Thread standard is already seeing deployment<\/a>. (I\u2019m expecting more news regarding Matter pretty soon, potentially at WWDC.)<\/p>\n \u00a0\u201cThread is based on the universally deployed Internet Protocol version 6 (IPv6) standard, making it extremely robust. A Thread network does not rely on a central hub, such as a bridge, so there\u2019s no single point of failure. And Thread has the ability to self-heal \u2013 if one node (or accessory in your Thread network) becomes unavailable, the data packets will select an alternate route automatically and the network simply continues to work,\u201d Eve Systems has explained<\/a>.<\/p>\n To some extent, one way to protect any device is to follow Apple\u2019s core mission, which is to ensure systems do as much as possible with as little information as possible.<\/p>\n While the effort has arguably slowed the company\u2019s progress in AI development in comparison with more cloud-based competitors, Apple\u2019s focus on placing intelligence at the edge is increasingly seen as appropriate.<\/p>\n Mimic Technology and Business & Decision, for example, seem to be<\/a> developing industrial IoT systems that follow a model in which intelligence sits at the edge.<\/p>\n When combined with other emerging network technologies, such as SD-WAN<\/a> or private 5G networks, placing intelligence at the edge helps secure industrial networks by helping cordon off individual endpoints.<\/p>\n The problem, of course, is that not every connected system is smart enough to be so protected, while the different priorities of IT and operational intelligence mean attackers enjoy a luxury of potential vulnerabilities for attacks.<\/p>\n And that\u2019s even before dumb, short-sighted governments force sideloading<\/a> and inherently insecure device security back doors<\/a> onto the mobile systems and platforms we increasingly rely on to keep our connected infrastructure secure.<\/p>\n Perhaps enterprise IoT needs to borrow a page from the Apple book and design systems that are inherently more secure than anyone thinks they need? Because it\u2019s only a matter of time before they find that anything less won\u2019t do.<\/p>\n Please follow me on\u00a0Twitter<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Jonny Evans| Date: Tue, 31 May 2022 12:16:00 -0700<\/strong><\/p>\n For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure.<\/p>\n As digital processes become deeply embedded across every industry, it makes sense that industrial control systems were tested at this year\u2019s Pwn2Own contest. Hackers were asked to seek out vulnerabilities in industrial software and systems.<\/p>\n<\/p>\nWhat the ethical hackers say<\/strong><\/h2>\n