Power grids were bombed in World War II to cripple industrial output. Today, attacks against Internet of Things (IoT) infrastructure causes even broader disruptions—without bombs.
The danger is real. The U.S. Department of Homeland Security (DHS) recently published guidelines to “provide a strategic focus on security and enhance the trust framework that underpins the IoT ecosystem.” The report explains why security has to be a combined effort.
“It can be unclear who is responsible for security decisions in a world in which one company may design a device, while another supplies component software, another operates the network in which the device is embedded, and another deploys the device,” the report says.
DHS guidelines to mitigate cyber attacks
Let’s review three DHS suggestions in context by seeing how they might have applied to a recent cyber attack and technologies that protect against such threats.
The power is out
The Ukrainian power grid was hacked recently, causing severe power outages. The attack targeted the remote terminal units (RTUs) that control substation breakers. Hackers overwrote the RTU firmware with malicious code, causing them to cut the power supply. To make things worse, critical system files were deleted on control units, preventing remote diagnosis and repair. Service engineers had to travel to the power distribution centers to manually close the RTUs to restore power.
Recommendations and security solutions
1. Enable security with unique, strong default usernames and passwords.
Most power distribution systems have two network logins: an administrative one and a separate SCADA-based one for equipment. They are typically separated by firewalls for better isolation and reduce the risk of hacks. Phishing attacks target the electric utilities corporate network to discover worker credentials. These are then used to attack the power distribution gear on the firm’s SCADA network. Protecting against social hacking and spear phishing is just as critical as network security.
- Train employees to be on guard against phishing attacks. Here’s a useful checklist.
- Use strong passwords with approaches such as Diceware and XKpasswd.
- Use password managers for uniques password for different applications with tools such as KeePass, a free, open-source password manager.
2. Build the device using the most recent operating system that is technically viable and economically feasible.
Wind River Linux is a commercial embedded Linux distribution that’s optimized for IoT. It has one common runtime system and technical infrastructure that can be used across different IoT devices, networks and deployment scenarios. It provides multiple levels of security:
- Foundational: Securing a system by ensuring that it boots only with both software and data that have been verified (i.e., its foundation).
- Advanced: Data protection and ensuring that processing is constrained to expected runtime configurations.
- Robust: Continuously identifies and reports events that violate its Security Policy, along with strong key management.
Wind River Helix Device Cloud is a device management platform that enables capabilities such as device health monitoring, bidirectional file transfer, and remote access for field service engineers to remotely diagnose problems. Four key benefits:
- Keep mission-critical IoT devices operational, with immediate notification of issues
- Secure two-way connectivity to enable remote diagnostics and remotely repair devices
- Upgrade new devices when activated in the field and push new updates out as released
- Manage device configuration and software inventory to stay on top of all field assets.
3. Use hardware with security features to strengthen a device’s protection and integrity.
IoT device integrity ensures that its data hasn’t been modified or deleted by an attacker. It covers data in motion, at rest, and in process. This includes the data being generated by the IoT device and its programming data (operating system, applications and configuration files). If any of this data is corrupted, the IoT device will not perform as intended and won’t become an instrument for the hacker (a bot) if it’s data integrity is compromised.
Starting an IoT device with known, verified software is fundamental to security and trusting it. The verification includes boot code, application code and critical data that is stored on the system. A trusted platform is IoT hardware that has been purchased through approved channels of distribution. It’s first validated that the correct device was received by the customer through an approved delivery path and that its tamper-resistant packaging is intact.
A trusted platform provides a way to verify the boot software of the IoT device. It first verifies the first piece of software in the boot process using digital signatures. This mechanism is unchangeable due to its implementation in hardware. The trusted platform verifies that digital signature by recalculating the message digest, decrypting the associated digital signature with the public key, and comparing the message digests. If the message digests match, then the integrity of the software is verified.
Trusted boot is the progression of a boot process where individual images and data are verified by previously verified software. The process includes hardware assist to perform the verification processing because the immutable properties of hardware such as a system-on-chip (SoC) or field programmable gate array (FPGA). This “chain of trust” ensures that one verified image passes control to another verified image to ensures that only verified software is loaded into the system.
“Our nation cannot afford a generation of IoT devices deployed with little consideration for security. The consequences are too high given the potential for harm to our critical infrastructure, our personal privacy, and our economy,” the DHS report says.
This article is published as part of the IDG Contributor Network. Want to Join?