With NetRise, Security Teams No Longer Left to Their Own Devices
by Brad LaPorte, on Sep 8, 2022 7:00:00 AM
A device, with respect to information technology, is any equipment or associated software ranging from programs, languages, or associated documentation that is designed for the purpose of utilizing information stored in a digital format. Devices in this context include but are not limited to computer systems, computer networks, and computer equipment used for input, output, processing, storage, organization, and display for any user’s intended purpose. In any 21st-century professional setting, devices are connected using the “Internet of Things” (commonly known as IoT). Using the IoT, devices can easily, rapidly, and constantly communicate with one another to share a plethora of any specified data to accomplish the intended task for the user. It is worth noting, IoT does not necessarily imply devices are connected to the public internet. The framework for which devices are connected is known as the network. In all information technology, the size, scale, and scope of networks vary on an immeasurable level. For example, a network could simply include a monitor and computer in an office connected to a power source. In a broader and more complex sense, a network could be used to describe the interconnection of an uncountable number of devices used to provide power to a city where millions of people live. In a very basic and general sense, this sums up the role devices play in an Information Technology (IT) environment. This article will focus on some of the more surprising ways devices are involved in the Internet of Things, and how these connections make networks terrifyingly vulnerable to outsider cyber breaches.
In the digital age, there are countless organizations that use over 30 billion IoT devices to execute their intended service. The business function that uses hardware and software in real-time to monitor, automate changes, and control devices in an enterprise are called Operational Technology (OT). Operational Technology is an incredibly broad concept covering many automated system enterprises. The first example of this type of system is an industrial control system (ICS) or more specifically, Supervisory Control and Data Acquisition (SCADA). An ICS is an automated program that monitors complex industrial processes and critical infrastructures such as power distribution, food, and petroleum supply chains, transportation, manufacturing, and other essential services. SCADA is the most common Infrastructure Control System that consists of a complex network of software and hardware elements that receive information from remote sensors in order to quantify and monitor procedure variables to effectively meet the demands of their intended service. SCADA uses devices called programmable logic controllers (PLCs) to monitor and control these terminal end field sensors using a series of network protocols and voltage signals. The SCADA’s server in this platform is constantly sending and receiving electronic/automated feedback from all corners of this network in order to oversee the system. While this process has improved productivity and efficiency in so many essential service procedures, it has also created a colossal and extremely vulnerable target for outside cyber threats and hackers. For example, a greedy, ransom demanding hacker could breach the SCADA software of a regional petroleum pipeline, completely disrupt its supply and demand monitor procedures, and leave upwards of millions without fuel indefinitely. This is the reality ICS frameworks face. They are a completely essential but extremely vulnerable operating system. Therefore, it is imperative that firms using ICS platforms seek superior cybersecurity measures in order to prevent outside cyber threats from breaching their industrial devices.
The use of SCADA in large-scale industrial operations is not limited to logistics and transportation. Nearly every industry uses SCADA to maintain efficient productivity using these servers. This includes healthcare facilities, oil and gas, utility providers, and manufacturing plants, to name only a few. SCADA in Operational Technology management was first pioneered in the Third Industrial Revolution when technology was adopted as an exponentially more efficient means to monitor large-scale ICSs when compared to far more limited human manual labor. In the last two decades, however, SCADA is still used in Operational Technology as industrial patterns transition into a “Fourth Industrial Revolution,” which we call “Industry 4.0”. Industry 4.0 is expected to introduce an unimaginably large number of devices, dwarfing levels in the third industrial revolution in both size and complexity. Furthermore, the domain covering Operational Technology is expected to “converge” with its Information Technology counterpart. In other words, the lines differentiating IT from OT will become less and less defined.
Much of this convergence stems from ICS/SCADA platforms using more and more IT-based technologies such as big data and machine learning in OT, along with the evolutions in machine-to-machine (M2M) communication and the Internet of Things. These innovations have enabled the management, maintenance, and diagnostics of remote ICS infrastructure. Nearly every single device used in a professional (or even personal) environment will be connected to the internet of things, including security cameras, alarms, light switches, and even vending machines and personal vehicles. Plus, the use of SCADA in Operational Technology during Industry 4.0 will almost completely eliminate the need for human intervention to monitor an ICS. While these new luxuries will totally revolutionize productivity and efficiency in workplace environments, it also makes the entire idea of an ICS an even more vulnerable target for cyber attackers. Industry 4.0 ICSs are attached to such a large number of seemingly trivial devices, that it would be almost impossible for IT/OT security threat management teams to completely prevent a cyber breach. For example, consider an ordinary office with scores of ostensibly insignificant devices attached to its private servers. A semi-skilled and resilient hacker could easily access the office network through one of these devices, even if it were merely an internet-connected water cooler (for those of you curious and want to learn more about fascinating real world examples, check out this story involving a casino's data security breach by way of a micro aquarium thermometer). Once the network is breached, a more critical device such as a laptop could be compromised, and the hacker could trivially pivot to obtain complete control of the network. The Internet of Things essentially gives outsider threats the keys to the door to breach a SCADA-controlled network perimeter. Furthermore, with remote working becoming increasingly ubiquitous, there are simply far too many means and routes for hackers to breach a firm’s network perimeter for any IT/OT risk and security teams to monitor even using state of the art technology.
In order to orchestrate a security breach, a common strategy hackers use is to target device firmware. Any networked device that has firmware is connected to the IoT, thus hackers have literally dozens of avenues of approach to choose from when planning a security breach. Furthermore, firmware has been given little attention since the early digital age and therefore has not adapted well to the defense against modern cyberthreats. Firmware today uses outdated components that were designed decades ago and have not been modified to meet the demands of the Industry 4.0 IoT world. Also, firmware is not well monitored using security tools available today such as ASLRs (Address Space Layout Randomizers) or stack guards to detect and thwart buffer overflow style attacks. This means internal security teams are left almost oblivious to potential breaches. As a direct consequence, 83% of enterprises have reported at least once security breach in the past 24 months alone, and the increase in total firmware vulnerabilities is up fivefold in the last four years (source: Microsoft). The number of vulnerabilities related to IoT devices increased by 16% year over year, compared to a growth rate of only 0.4% for vulnerabilities overall. For industrial control systems, the rise was even more dramatic at 50%, an elevated risk as threat actors seek to disrupt the manufacturing and energy sectors. Couple both of these figures with the total number of IoT connected devices increasing 27% year to year, and it becomes almost crystal clear that the need for improved firmware security will only become more and more vital in the years to come. To make matters even more frustrating, breaches normally go unnoticed for years at a time. Needless to say, unmonitored and outdated firmware has given a terrifying advantage to even novice hackers.
The good news is, today’s cyber threat management teams are nowhere near out of luck in preventing firmware targeted breaches and managing risk. NetRise is a groundbreaking organization empowering their clients to rethink the way they look at XIoT risk management (eXtended Internet of Things - referring to all connected cyber-physical systems). In order to do this, organizations must accept that no amount of threat prevention expertise will ever invent a cyberthreat defense that will allow complete immunity from malicious data breaches. Network perimeter vulnerabilities (such as device firmware compromise) will always exist and persist as hackers will always find ways to use them. Rather, the technique to fight risk is to raise vulnerability awareness, practice constant vulnerability identification, and develop ways to address vulnerabilities. Going forward, NetRise is using this strategy to counteract this dire threat against obsolete, defenseless firmware by developing new software to oversee all devices (i.e., devices with firmware) that are attached to the Internet of Things. This will entail the implementation of SaaS (software as a service) platforms to monitor and devote the same security solutions to IoT devices as are given to traditional workstations and servers. This is a far more practical and less complicated solution than just updating firmware alone which is often difficult, if not impossible, to modify once implemented into modern IT infrastructure. NetRise’s platform will offer security teams many new conveniences to stay on top of data breaches and other xIoT risk factors. These features include real-time vulnerability tracking, Software Bill of Materials (SBOM), and Holistic Risk Visibility, to only name a few. A product like this would benefit an enormous spectrum of clientele ranging from startups to large corporations that use ICS/SCADA platforms. Clients using the NetRise Platform will enjoy a tremendous advantage that dramatically alters and improves cyber threat prevention and awareness.
Firmware security will completely transform the way organizations execute cyber threat management. The reality of a growing and increasingly dynamic nature in the Industry 4.0 Operational Technology world will constantly create new demands that cybersecurity teams must accept and constantly adapt to. IT and OT security teams must recognize the rapid convergence of both domains and have equal visibility of the risk within all levels of their XIoT devices’ firmware. Organizations willing to accept this truth and take the appropriate measures to implement appropriate firmware security will undoubtedly be the first to experience a decline in data security breaches in a world dominated by XIoT connectability.
As a result, it is important that Security and Risk Management teams identify the risks in the devices they use, and develop practical plans of mitigation where possible, and risk acceptance where mitigation is not possible. The strategy is identifying the weak points in your environment. The number one focus should be protecting your organization's data and infrastructure. The NetRise Platform can give you the kind of insight into these xIoT devices that previously required highly skilled reverse engineers and pen testers to achieve. We do this with a simple but powerful SaaS platform that helps you determine which risks to address first, and which should be monitored until fixed by the manufacturer or open source community.
At NetRise, our number one goal is to provide XIoT visibility to device vulnerabilities and risk, and help organizations that increasingly rely on these devices in a connected world to stay safe!
For more information or support with xIoT security, please reach out to us today.