Industrial Internet of Things (IIoT)
Security
Barend Pretorius
Disclaimer: All views expressed are my personal opinion and not that of Transnet.
4th Industrial Revolution
Source: Soracom.io
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Introduction
“Internet of things (IoT)devices will outnumberthe world's populationthis year for the firsttime.”
- Gartner (2017)
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Gartner predicts 20 billion device next year (2020)
Things
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
More and more Things
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
What is IIoT?
• The Industrial Internet of Things (IIoT) is the integration of complex machinery with networked sensors and software.
• The machines are connected and talking to each other, and communicating back to centralized control systems.
• The IIoT is a network of intelligent computers, devices, and objects that collect and share huge amounts of data.
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IoT reference model
Source: www.iotwf.com/resources
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Source: www.bignerdranch.com
IIoT uses by Industry
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IoT vs IIoT
Source: intellinium.io
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IoT vs IIoT cont’dIoT IIoTRevolution Evolution
Things Data
Ad hoc connectivity Structured connectivity
Important – but not critical
Mission critical
• Analytics (ML/AI)
• Security
• Data integrity
• Response times
User serviced User + OEM + Vendor serviced
New
• Devices
• Standards
Existing
• Devices
• Standards
Proprietary Solutions Defined Standards
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IoT vs IIoT cont’d
Source: Henning (2017)
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
_
Imp
ort
ance
+
+
Imp
ort
ance
_Confidentiality
Integrity
Availability
IT IIoT
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IT vs IIoT
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Notable Incidents
2008 2010 2012 2013 2015 2016 2017 2019
Polish tram system
Charlie Miller & Chris Valasek
(Car Hack)Stuxnet
Smart Meters
Carmel Tunnels Toll
Road
Mirai botnet
Target Hack
Medical devices
vulnerable
Tracking point self aiming Sniper rifle
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
NASA Jet Propulsion Laboratory
Other Incidents
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Top IoT threats
Source: Symantec (2018)
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IoT Vulnerabilities
• Access• Default passwords, password & access controls
• Patching / firmware updates• Configuration - Code manipulation
• No / weak encryption• DDoS – No protection against• Protocols
• e.g. unsecure implementation
• Unreliable Interfaces • SQL injection, • XSS
• Privacy
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Risk – Smart Car
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
IIoT Security
Thank you
Introduction What is IIoT? IoT vs IIoT Incidents Threats Vulnerabilities IIoT Security Conclusion
Barend Pretorius [email protected]