John Soldatos Internet of Things Expert (Industrial IoT, Industry 4.0, Finance 4.0) – ICT & Business Consultant
we have witnessing the emergence of the Internet of Things (IoT) paradigm, which is empowered and propelled by proliferating number of internet connected devices. The latter enable already a wide range of innovative applications in areas like trade, industry, transport and healthcare. A main characteristic of these applications is their ability to take intelligent decisions based on the collection and processing of large amounts of data from the physical world. In several cases these decisions involve actuating and control activities that influence the status of the physical world and the surrounding environment of the IoT systems.
For over a decade, IoT system has been evolving in terms of functional and technological sophistication. Early IoT applications were based on the collection and processing of physical world data based on sensors, wireless sensor networks and other types of internet connected devices. This early paradigm has gradually evolved in terms of scalability, thanks to the integration of IoT systems and devices with cloud computing infrastructures. The latter infrastructures have enabled IoT applications to benefit from the scalability, elasticity, flexibility and quality of service of the cloud, which has empowered the development of larger scale applications. Nevertheless, this scalability was based on a heavily centralized model, where very large numbers of internet connected devices integrate their data and services in the cloud. In recent years, this model has been decentralized based on the emergence and expanded deployment of edge computing architectures and Cyber Physical Systems (CPS), which include various smart objects like drones, smart wearables and autonomous guided vehicles. On the one hand edge computing deployments decentralize IoT functions by placing them closer to the field, while on the other smart objects exhibit (semi)autonomous behaviors that can be implemented independently from the cloud. Hence, emerging IoT applications feature decentralized intelligence, which can be split across the cloud, edge nodes and smart objects. Edge computing and CPS systems are two of the main pillars of the fourth industrial revolution (Industry 4.0), which closes the loop to the field and enables the digital control of physical processes in a way that blurs the boundaries between the physical and the cyber world. Likewise, Industry 4.0 is enabling the convergence of Information Technology (IT) with the Operational Technology (OT) (e.g., SCADA systems, Distributed Control Systems) that is widely used in industrial settings.
This increased sophistication of IoT systems has however introduced a host of security challenges as well, including:
- New ways for large scale security attacks: The proliferation of IoT devices and their deployment has opened up new cybersecurity vulnerabilities and enabled new ways of conducting large scale attacks. As a prominent example, in October 2016 we witnessed the first large scale distributed denial of service (DDoS) attack based on IoT devices, which took advantage of vulnerabilities (e.g., hard-coded passwords, poorly patched software) of Internet connected CCTV (Closed Circuit Television) cameras and DVR (Digital Video Recorders), in order to deploy the notorious Mirai malware on them. Likewise, back in January 2015, the “Lizard Stressor” attacks compromised many commercial home routers at a large scale.
- Vulnerabilities in Smart Objects: As “things” get more sophisticated, automated and interconnected, their cyber resilience becomes more critical than ever before. This is important as adversaries can nowadays create significant damage by attacking individual smart objects and internet connected devices. For instance, back in July 2015, 1.4 million cars that were recalled by Chrysler due to potential hacking of their control software.
- Threats associated with OT and Physical Security: The convergence of IT and OT in industrial environments asks for new integrated approaches to security that protect both cyber and physical assets at the same time. Indeed, OT systems are characterized by poor cybersecurity, as OT protocols are usually vendor specific and not designed for security. Moreover, OT environments are sometimes supported by old and insecure IT systems (e.g., old operating systems, vulnerable drivers), while providing very poor documentation regarding their security related characteristics. Nowadays, many malicious parties try to compromise physical assets (e.g., a data center) in order to attack cyber assets. In some cases, they also attempt the so-called “combined attacks”, which go against cyber and physical assets at the same time.
- A very wide spectrum of attacks: Non-trivial IoT systems comprise complex IT infrastructures including networking, computing systems, software/middleware systems, cloud computing systems, as well as a host of internet connected devices. Therefore, cybersecurity solutions have to protect a very wide range of assets against a host of different attacks such as scanning and mapping attacks against wired and/or wired networks, protocols attacks, data theft and loss of confidentiality attacks, attacks against cryptographic algorithms and key management systems, spoofing and other authentication attacks, attacks against operating systems and applications, Denial of service and jamming attacks (including DDoS), access control attacks, as well as physical security attacks.
- A demanding regulatory landscape:Integrators of IoT solutions and providers of IoT services must nowadays comply with stringent directives and regulations, which they cannot afford to ignore. As a prominent example, in Europe the General Data Protection Regulation (GDPR) imposes strict requirements for personal data protection, along with extremely high penalties for cases of non-compliance.
In the scope of this complex cybersecurity landscape IoT solution providers should be offered with end to end solutions and tools, which can protect multiple assets and confront attacks of more than one of the above types. These solutions should monitor various devices, systems and services in effective and integrated ways. Monitoring can then be a foundation for identification, assessment and mitigation of risks, as well as for auditing the compliance of IoT services against regulations such as the GDPR. To this end, there is a need for advanced analytics (including Artificial Intelligence (AI algorithms) over very large volumes of security data (typically Big Data). The analysis of such data can then become a foundation for automating security tasks, while at the same time providing actionable insights to security teams.
In subsequent posts, we will illustrate how our H2020 SecureIoT project, leverages AI and Big Data analytics in order to address modern IoT security challenges such as insider threats, security of smart objects, regulatory compliance and implementation of managed security for IoT infrastructures.