We often look for real world use cases in which IoT security has been effectively deployed. The following article provides examples of where IoT security has been averted, or simply not thought through completely in the first place. The one common element on all of the these attacks is the systems that got hacked and/or compromised were industrial control systems (ICS). These are the core of operational technology (OT) networks that along with IT networks, power the industrial internet of things (IIoT). So as more devices get connected to IIoT networks, many of the increasingly sophisticated cyberthreats originally found in IT environments are now infiltrating OT environments, These naturally include industrial control systems.
What are the worst-case possibilities if your company gets hacked? Imagine these scenarios:
- The world’s largest pure-play semiconductor company shuts down some of its fabs after a WannaCry malware variant spreads through the production network.
- After being fired, an engineer who still has access to a water and sewage company’s SCADA system opens up the valves so that the system dumps sewage everywhere.
- Hackers take control of production management software and then the industrial control system at a steel mill, causing massive physical damage.
- Unknown attackers change process parameters in the recipe for a food and beverage product by altering process controller code, increasing the quantity of salt to three times what it should be. The change goes undetected until customers complain.
- Hackers take control of an entire network of wind turbines at a U.S. wind farm using a Raspberry-Pi-based card with a cellular module for remote access to programmable automation controllers.
- Competitors of an electronics company rewrite the code on the robots used in its manufacturing process, which begins introducing subtle defects that reduce yields and cause product recalls.
The first four have already happened, and the first one happened to Taiwan Semiconductor Manufacturing Co. (TSMC) only last month.