Increased operational intelligence and productivity. Improved safety and asset management. Expanded automation. The Internet of Things has promised all of the above, but each of these promises comes with opportunities for abuse. Cyber-adversaries who breached, for instance, a smart factory could find a treasure trove of information for industrial espionage, while malware recently discovered in the Middle East underscores the potential of industrial IoT attacks to cause physical destruction and potential risk to workers within industrial facilities. The discovery of that malware, known as “Trisis” or “Triton,” however, was in itself not the first events driving home that risk. In 2007, researchers at the Idaho National Laboratory showed a cyberattack targeting an industrial turbine could ultimately cause it to self-destruct. The famous 2010 malware “Stuxnet” showed the feasibility of such an attack in the real world — at a nuclear enrichment facility in Iran. Similarly, a 2014 report from a German government body stated a steel mill in that country was hit with an advanced persistent threat attack that began with a spear-phishing and sophisticated social engineering ploy. The IoT security breach resulted in massive damages after the adversaries gained control over an oven at the steel mill. And then there was the 2015 Black Energy attack that shut down a portion of Ukraine’s power grid.
IoT Security: Discerning What’s Alarmist and Truly Alarming
To say IoT security changes everything would be an overstatement, but society’s increasing reliance on connected computers is steadily redefining risk.