The emergence of Industry 4.0 has revolutionized businesses worldwide, and the Industrial Internet of Things, better known as IIoT, has been a shot in the arm for the industrial sector over the years.
Unlike the consumer-related IoT devices, IIoT systems work based on the interoperability between Information Technology (IT) and Operation Technology (OT) environments. In short, control systems (like SCADA, PLCs, etc.) involved in industrial operations are interconnected with IT systems (computers, networking devices) for transferring and processing data required for a factory/manufacturing facility’s smooth functioning.
That brings us to the question - With all the complexity involved, how secure is IIoT?
In 2015, Ukraine's power grid was cyber-attacked by a malware named Industroyer, which led to a blackout in Kiev for about an hour. This is just one of the major attacks that targeted Industrial Control Systems (ICS) in recent times, and it proves that IIoT is not completely devoid of security flaws.
In this article, we walk you through four rare but significant IIoT flaws that industrial enterprises should not ignore at any cost. We also discuss the best solutions that can be executed for each flaw.
1. Zero-day Vulnerabilities in the Network
A decade ago, Iran's nuclear program was severely hit by Stuxnet, a computer worm that specifically targeted Programmable Logic Controllers (PLCs) that automated and controlled high-speed centrifuges used for enriching Uranium.
The damage was so massive that the custom malware led to the physical destruction of about 1000 to 2000 centrifuge units and the infection of over 200,000 computers.
This malicious attack, which was done via a USB flash drive, was orchestrated and executed by leveraging four zero-day vulnerabilities present in the Microsoft Windows OS network, to which the PLCs were connected.
These kinds of flaws aid attackers to easily penetrate systems and exfiltrate sensitive information while causing extensive damage to hardware devices.
The notoriety of zero-day vulnerabilities is that their presence in software systems usually remains unknown to both the affected parties and the vendors for a very long time. As a first step, vulnerability scanning can be done to detect flaws in the network.
Strong password management, avoiding execution of code on remote or removable devices (like USB, CDs), implementing Intrusion Prevention Systems and web application firewalls, and installing Security Information and Event Management (SIEM) software are other effective strategies.
The following can also be done:
• Patch Management
Regularly deploying vendor-released software patches and upgrades can mitigate the chances of a zero-day attack caused by newly discovered vulnerabilities.
• Network Segmentation
Segmenting the network into small, distinct zones and enforcing separate security policies for each zone will help monitor and protect an ICS environment from potential malware attacks.
2. Predictable RSA Keys in Devices
Many studies have revealed that a significant number of IoT devices have extremely predictable RSA keys that can lead to severe Man-in-the-middle (MitM) attacks. IoT devices’ limited processing power exacerbates the problem because there is less entropy for generating proper random numbers for the keys.
MitM attacks (where a third party intercepts the communication between two parties) are common in consumer-related IoT devices like smart refrigerators and smart cars. But, the chances of such attacks in the industrial sector cannot be ruled out.
For instance, an attacker can corrupt a smart actuator and, in turn, direct an industrial robot to deviate from its designated tasks, thereby causing serious consequences.
An RSA key is generated by multiplying two large prime numbers (that should be hard to predict). The practical difficulty to factor in the product (i.e., to find out these component prime numbers) will largely determine the security of the key.
• Entropy as a Service
This is a new service architecture that employs quantum entropy sources for overcoming the inherent lack of randomness present in IoT/IIoT devices. The EaaS model enables devices to generate vital cryptographic keys on their own, and the server will not have any access to these generated client keys, thus ensuring security.
• Two-Way Authentication
MitM attacks can be prevented by ensuring that a smart actuator receives data from a legitimate source. This can be done by implementing two-way authentication wherein both the devices must confirm their respective identities via cryptographic algorithms.
3. Flaws in SCADA MODBUS Protocol
MODBUS, PROFIBUS, and DNP3 are common communication protocols used in SCADA systems to transmit control messages between field devices (master and slave).
Of these, MODBUS is the most susceptible to cyber-attacks. Inherently having no encryption or security features, MODBUS messages can be manipulated by threat actors to intercept data and issue unauthorized commands to PLCs.
The protocol suffers from the lack of confidentiality, integrity, non-repudiation, and authentication mechanisms, thus enabling attackers to infiltrate the SCADA network and carry out reconnaissance activities and also cause DoS conditions.
Common vulnerabilities include unsupported function codes, Illegal Address Exception responses, and implementation flaws while processing specific messages.
Traditional IT security strategies like firewalls or anti-virus software are less effective in securing MODBUS protocol. The ideal solution lies in incorporating into the protocol the elements of integrity, non-repudiation, and authentication - that is intrinsically absent in its design and implementation.
• SHA-2 Hash Functions
The integrity of a MODBUS packet can be ensured by SHA-2 hash functions - a set of six cryptographic mathematical algorithms that help a receiver (i.e., the slave) compute the digest value of a received packet and compare it with the value of the received message digest.
• RSA-based Signature
Authentication and non-repudiation are assured in the following manner - the sender of the message computes the SHA-2 digest value and then cryptographically signs it with an RSA private key. The packet and the signed digest are then sent to the receiver. Using the sender's RSA public key, the receiver confirms the packet’s authenticity and the digest.
• Time Stamps
Time Stamps using NTP servers or time windows can also be implemented to verify a MODBUS packet’s "freshness". With this, the receiver can verify whether the packet is a "new one" (unencountered by an attacker) or a "used one" (encountered by an attacker).
4. Malicious Code in Automation Task Programs
Many legacy programming languages used for industrial automation contain critical security threats that attackers can exploit to create sophisticated, undetectable malware in IIoT systems.
Unsecure code present in automation scripts (the core part of a machine's logic) enables threat actors to sabotage industrial robots’ normal working, alter product quality, and even shut down an entire assembly line.
The remotely controlled malware will also have the ability to self-replicate and target other vulnerable robots. Developers do not easily spot this type of malicious code. It gets buried under automation routines due to the presence of certain advanced features provided by programming languages.
In 2017, a malware named Triton struck a petrochemical plant in Saudi Arabia. It targeted Schneider Electric's Triconex systems that use the TriStation application software. This attack shows that malware attacking automation software may become a reality in the near future.
While it is difficult to address the inherent design flaws in industrial programming languages, it is possible to implement certain mitigation strategies for combating the negative effects of malicious code.
Standard procedures like vulnerability scanning, patching, and cryptographic signing of code, which we discussed above, apply here too. Conducting periodic source code reviews will also help.
• Input Data Validation
Automation programs must validate the data coming from other networks and systems. This will confirm that the data contains only the expected values and format needed to accomplish the machine’s tasks correctly.
• Error Handling
Unhandled errors can expose internal vulnerabilities of the automation logic to hackers. Hence, it's imperative to perform proper error handling to conceal sensitive information in a production environment.
• Output Sanitization
To avoid data leakage via logging facilities, serial ports, consoles, etc., the output must be done properly. This also helps in troubleshooting code injection vulnerabilities.
IIoT systems are known for their speed, reliability, and efficiency, and these qualities have been demonstrated in various industrial sectors like automotive, manufacturing, food production, to name a few. However, the inherent flaws carried by this Industry 4.0 technology can wreak havoc on a large scale; it may even bring down a flourishing business.
But, by adopting a prudent approach towards ensuring security, businesses can completely leverage the power of IIoT and touch the pinnacle of success. And, the top IoT developers are there to help with their experience in this domain.