IoT & Hardware
Reader small image

You're reading from  Practical Industrial Internet of Things Security

Product typeBook
Published inJul 2018
PublisherPackt
ISBN-139781788832687
Edition1st Edition
Concepts
Single Board Computers
Right arrow
Author (1)
Sravani Bhattacharjee
Sravani Bhattacharjee
author image
Sravani Bhattacharjee

Sravani Bhattacharjee was a technology leader at Cisco untill 2014, where she led the architectural planning and security evaluations of several enterprise cloud/datacenter solutions. She is currently the Principal of Irecamedia, where she collaborates with Industrial IoT innovators (incl. IBM, AT&T, Microsoft, and Intel) to strategize and create compelling whitepapers and a wide variety of editorial and technical marketing content that drives awareness and business decisions. She is a member of the IEEE IoT chapter, a writer, and a speaker. She is the Managing Editor of “The IoT Review”, a podcast and blogging platform on Industrial and Enterprise IoT (iot.irecamedia.com).
Read more about Sravani Bhattacharjee

Right arrow

Chapter 5. Securing Connectivity and Communications

"Once a new technology rolls over you, if you are not part of the steamroller, you are part of the road."                                                                                                         – Stewart Brand

Secured connectivity underpins the success of the industrial internet. The internet and cloud connectivity have already enabled many industrial enterprises to streamline operations and profitability. In addition to cloud connectivity, IIoT use cases such as smart cities and connected cars also require horizontal interconnectivity and interoperability across vertical technologies and systems.

However, interconnectivity exposes industrial systems to newer threats and attack surfaces. For example, the adoption of cloud-connected ICS systems, SCADA-as-a-service, and so on has been accompanied by a steady rise in security incidents. Attacks targeting industrial control systems were reported to have increased by 110 percent...

Definitions – networking, communications, and connectivity

The terms networking, communications, and connectivity are often used interchangeably, although these terms do have context-specific differences. For the sake of clarity, in this section, we shall define these terms and adhere to those definitions for the remainder of this book.

To arrive at the definitions, let's take recourse to the three prevalent standard-based information technology stack models:

  • Seven-layer OSI model (ISO/IEC 7498)
  • Four-layer TCP/IP stack
  • IIoT connectivity stack model (IIC-IICF)

Figure 5.1 shows the relative mapping of the various layers in each of the stack models:

Figure 5.1: Relative mapping of the communication stack models 

As shown in Figure 5.1, the Network section of the stack deals with the infrastructure, technologies, and protocols for routing and forwarding packets between any two devices. The Connectivity section involves infrastructure, technologies, and protocols that encompass the entire stack, including...

Distinguishing features of IIoT connectivity

The industrial internet and Industrie 4.0 are driving the transformation of industrial assets into cyber-physical entities. The erstwhile air-gapped devices and operational domains are now being connected to business application systems over IP-based network infrastructure (Figure 5.3):

Figure 5.3: Transition of industrial systems from unconnected to converged IT/OT model 

Ubiquitous connectivity introduces new operational dynamics in OT environments. To adequately protect OT connectivity, we need to consider its key distinguishing aspects, as discussed in this section.

Deterministic behavior

Traditionally, in industrial systems, field devices such as sensors communicate with control and actuation devices such as PLCs in highly deterministic modes. Consider the example of an oil and gas plant where the field sensors send out data in deterministic timeframes. The control devices receive, process, and analyze this data to send out control and actuation...

IIoT connectivity architectures

In the industrial world, 100 percent greenfield IIoT use cases are a rarity. As industries embrace digital innovations, they must factor in the unique characteristics of their existing connectivity frameworks, as discussed in the previous section. Due to the convergence of legacy OT infrastructure with IT connectivity frameworks, the cybersecurity envelope must extend to the industrial edge, factory floors, and remote field sites.

Security, however, incurs a cost. Plant downtime has massive cost implications, which plant managers want to avoid under any circumstances. Before introducing secured connectivity to a production environment, the threat landscape for the specific use case needs to be properly assessed, as does how these security technologies would interplay with that operational environment. An architectural understanding of secured industrial connectivity is also a precursor to implementing the appropriate security controls.

To design a secured network...

Controls for IIoT connectivity protection

Whether it is the factory floor, an autonomous vehicle on the road, a connected surgery room, or a smart energy grid powering up a city, ubiquitous connectivity has exposed these industrial applications to unprecedented cyber threats. We are architecting a connected world where the network itself has been "weaponized." The increasing use of open standards in OT infrastructure, cloud connectivity, and multi-vendor-based highly complex solutions has seized the protection of using "little-known" protocols and technologies in industrial networks. Wireless technologies are providing a fast track to connectivity, but are also easier avenues (compared to wireline) for interception, code injection, and other forms of "man-in-the-middle" attacks (WSN).

Insider attacks and human errors can also cause havoc. The Stuxnet virus, for example, could slip through automated process control system (APCS) firewalls by taking stealthy routes such as USB drives, CDs,...

Security assessment of IIoT connectivity standards and protocols

As mentioned earlier, for industrial systems, automation and connectivity technologies have evolved mainly to cater to the needs of specific industry verticals. Network security controls were omitted from design for reasons already discussed. Legacy industrial networks using domain-specific proprietary protocols continue to be part of brownfield IIoT deployments. For inter-domain connectivity, such as between field sensors with cloud-based applications, or even for connecting multiple verticals such as a smart grid interfacing with a manufacturing facility, it is important to understand the security dimensions of both legacy protocols and also the interconnecting standard protocols.

Figure 5.9 shows a mapping of some of the connectivity protocols and standards to the IIoT connectivity stack model (IIC-IICF). Each layer of this technology stack needs layer-specific security controls. Enabling exhaustive security controls at every...

Fieldbus protocols

The term fieldbus was coined to refer to a family of industrial computer network protocols used for real-time distributed control.

The ecosystem of fieldbus-based protocols is going to remain in deployment for the foreseeable future. Industrial internet platforms and applications have to directly or indirectly interact with fieldbus protocols to acquire data or to communicate actuation signals. In an IIoT context, the security of these protocols becomes all the more important.

Most of the fieldbus protocols facilitate data exchange between field devices, PLCs, and so on. Some common characteristics of fieldbus technologies are as follows:

  • Information security mechanisms are typically not built into fieldbus protocols. They are designed for highly controlled, air-gapped operational domains.
  • These protocols are not supported by open standard communities.
  • Originally developed by a given industrial connectivity vendor, the protocols were adopted in an ecosystem serving vertical...

Connectivity framework standards

IIoT connectivity framework standards facilitate logical data exchange services among participating devices in real time. Connectivity framework standards need to support secure data exchange with low latency and jitter, hardware and transport layer agnostic performance, efficient device discovery and authentication, and interoperability with legacy fieldbus and other open standards.

Two predominant data exchange patterns in IIoT data communication are publish-subscribe and request-response. In publish-subscribe mode, an application publishes data on well-known topics, independent of its consumers or subscribers, while applications that subscribe to the well-known topic are agnostic of publishers. This provides loose coupling between participating endpoints, where an endpoint may operate as a publisher, a subscriber, or both. In the request-response data exchange pattern (also known as the client-server pattern), requestors (clients) initiate a service request...

Connectivity transport standards

The high scalability and low CPU power requirements of IIoT field devices have encouraged the adoption of messaging protocols such as MQTT and CoAP for resource-constrained devices. These transports run on top of TCP or UDP and use TLS/DTLS for security. In this section, a brief description of the transports and their security assessment is presented.

Transmission Control Protocol (TCP)

TCP is an open standard maintained by IETF (IETF-TCP) and integral to the internet or TCP/IP protocol stack. TCP provides connection-oriented transport and has been widely used in HTTP-based applications such as e-commerce. In TCP, messages are delivered in order, and it supports retransmission of messages lost in transit, and as such requires considerable time and resources. As a result, message latencies may vary greatly when using TCP.

TCP security

The TLS protocol is usually used to protect transport layer traffic. TLS is an open standard version of SSL version 3 (RFC-TLS...

Connectivity network standards

The IIoT connectivity stack model (IIC-IICF) has Internet Protocol as the only protocol standard in the network layer for industrial internet and Industrie 4.0 applications. For multicast communications, Internet Group Management Protocol (IGMP) is used at the network layer. To secure the network, IPSec is a suite of open security standards defined and maintained by the IETF (RFC 4301).

To provide IP connectivity to low-footprint, resource-constrained devices, the IETF has defined the 6LoWPAN standard (RFC 6282). The standard includes encapsulation and header compression mechanisms that allow IPv6 packets to be sent and received over low-rate wireless personal area networks (LR-WPANs).

Data link and physical access standards

Multiple wired and wireless media-based connectivity standards have been defined, addressing the requirements of resource-constrained, low-rate field and control connectivity. Security support for wide area networks (WAN), wireless personal area network (WPAN), and local area network (LAN) communication standards is presented in this section.

IEEE 802.15.4 WPAN

IEEE 802.15.4 is an open standard for low-rate wireless personal area networks (LR-WPANs), maintained by the IEEE 802.15 working group (WPAN-TG4), which specifies the physical and media access control for LR-WPANs. This standard forms the basis for other upper-layer protocols such as Zigbee, ISA100.11a, 6LoWPAN, WirelessHART, MiWi, SNAP, and Thread specifications (WPAN-WIKI). The physical layer specification defines the RF transceiver management, channel selection, energy, and signal management functions, and supports scalable spoke-hub and point-to-point network topologies. It defines two node...

Summary

The industrial internet involves ubiquitous connectivity. Connectivity undoubtedly exposes industrial environments to threats, which may result in serious safety and reliability consequences.

Denying connectivity in the digital era is not an option for enterprises. Industries should instead focus on how to secure their internet-connected infrastructure.

This chapter addresses this question by helping the reader develop deeper insights into building secured IIoT connectivity infrastructure. By analyzing the distinguishing aspects of industrial connectivity frameworks and specifications, this chapter explains how existing industrial deployments can evolve and adopt the secured IIoT connectivity architecture. Multiple security controls and technologies to implement the defense-in-depth strategy for IIoT connectivity were discussed.

 

 

A comprehensive understanding of the standards, protocols, and their associated security postures is presented in this chapter to provide the reader with...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 13 of 22
Next Chapter
You have been reading a chapter from
Practical Industrial Internet of Things Security
Published in: Jul 2018Publisher: PacktISBN-13: 9781788832687
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Sravani Bhattacharjee

Sravani Bhattacharjee was a technology leader at Cisco untill 2014, where she led the architectural planning and security evaluations of several enterprise cloud/datacenter solutions. She is currently the Principal of Irecamedia, where she collaborates with Industrial IoT innovators (incl. IBM, AT&T, Microsoft, and Intel) to strategize and create compelling whitepapers and a wide variety of editorial and technical marketing content that drives awareness and business decisions. She is a member of the IEEE IoT chapter, a writer, and a speaker. She is the Managing Editor of “The IoT Review”, a podcast and blogging platform on Industrial and Enterprise IoT (iot.irecamedia.com).
Read more about Sravani Bhattacharjee

Other recommended products

Related to this chapter

Architecting the Industrial Internet

Architecting the Industrial Internet

The Industrial Internet gathers data from Industrial IoT devices providing new sources of information enabling the solving old difficult problems in innovative ways.These solutions cross many disciplines. This book takes the reader through this multi-disciplinary journey that combines the operational and the enterprise view.

BookSep 2017360 pages
Industrial Cybersecurity

Industrial Cybersecurity

With ever-improving and ever-changing cyber threats, businesses need to be on their toes to ensure their safety. This comprehensive book takes you from understanding the basics of cyber security and industrial protocols to building robust industrial control systems. Through real-world scenarios, you will understand vulnerabilities and will be equipped with techniques to ward off all kinds of cyber threat.

BookOct 2017456 pages
Practical Internet of Things Security

Practical Internet of Things Security

This book will take you on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architecting and deploying a secure IoT in your enterprise. The book showcases how the IoT is implemented in early-adopting industries and describes how lessons can be learned and shared across diverse industries to support a secure IoT.

BookNov 2018382 pages
Azure IoT Development Cookbook

Azure IoT Development Cookbook

It is important to develop robust and reliable solutions for your organization to leverage IoT services. Microsoft’s end-to-end IoT platform is the most complete IoT offering. It empowers enterprises to build and realize value from their IoT solutions for innovative business outcomes with Microsoft Azure IoT. This book will teach you how to connect multiple devices to the Azure IoT hub, develop, manage the IoT hub service, and integrate the hub with the cloud.

BookAug 2017254 pages
Industrial Internet Application Development

Industrial Internet Application Development

Industrial Internet is the integration of complex physical machines and networked sensors and software. Increasing the number of sensors in industrial equipment is going to increase the data being captured, which needs to be analyzed. This book is a one-stop guide for software professionals to design, build, manage, and operate IIoT applications.

BookSep 2018412 pages
Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

BookJul 2018356 pages
Hands-On Industrial Internet of Things

Hands-On Industrial Internet of Things

This book explains the key feature to develop a complex and stable network that helps to gather the data to optimize the asset performance and maximize the production in the Industries leveraging on the cloud infrastructure and services. By the end, you can design the Industrial IoT network and the architecture for processing its data in the cloud.

BookNov 2018556 pages
Hands-On Cybersecurity with Blockchain

Hands-On Cybersecurity with Blockchain

Despite the growing investment in cybersecurity, modern attackers manage to bypass advanced security systems. Blockchain and Hyperledger architecture provide a safer way of avoiding such attacks. This book will help you build blockchain-based apps for DDoS protection, PKI-based identity platform, Two-factor authentication and DNS Security platform.

BookJun 2018236 pages
Information Security Handbook

Information Security Handbook

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book covers the concept of information security, and shows you why it’s important.

BookDec 2017330 pages
CISSP (ISC)² Certification Practice Exams and Tests

CISSP (ISC)² Certification Practice Exams and Tests

With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.

BookSep 2021396 pages
Internet of Things for Architects

Internet of Things for Architects

The Internet of Things (IoT) is the most significant factor in the technology industry in the last 10 years. It will usher in the third industrial revolution and significantly impact global economies. Industry giants are in the process of adopting IoT solutions to add value, reduce costs, and improve people’s lives. As such, the architectural side of IoT has become critical. This book will help you understand the plethora of technologies that can be used to build a successful IoT deployment. This professional guide will help you architect IoT solutions for a variety of industries and organizations.

BookJan 2018524 pages
Industrial Digital Transformation

Industrial Digital Transformation

Digital transformation requires the ability to identify opportunities across industries and apply the right technologies and tools to achieve the right business outcomes. You will be guided through how digital transformation can be implemented in your organization across different levels using emerging technologies.

BookNov 2020426 pages

Personalised recommendations for you

Based on your interests and search pattern

Architectural Patterns and Techniques for Developing IoT Solutions

Architectural Patterns and Techniques for Developing IoT Solutions

This book covers all the patterns and considerations that give you both the power and flexibility to build scalable, secure, and performant IoT solutions by combining various patterns in interesting ways. It also lists the benefits of combining IoT with technologies like blockchain, 3D-printing, 5G, Generative AI, quantum computing, and LLMs.

BookSep 2023304 pages
Arduino Data Communications

Arduino Data Communications

Arduino Data Communication focuses on IoT’s Internet aspect, guiding you in setting up your own infrastructure for storing and managing the data collected from sensors. This book goes beyond microcontroller basics, equipping you with the knowledge essential for building real-world projects.

BookNov 2023286 pages5
Arduino IoT Cloud for Developers

Arduino IoT Cloud for Developers

From fundamental principles to advanced techniques, this comprehensive book equips you with the knowledge and skills needed to design and deploy IoT applications seamlessly. Explore cloud integration, best practices, and real-world projects to harness the full potential of IoT application development with the Arduino IoT Cloud.

BookNov 2023402 pages
The Azure IoT Handbook

The Azure IoT Handbook

Building IoT Systems with Azure IoT is a comprehensive introduction for those who are new to the Internet of Things and looking to get up to speed in no time. This book will teach you how to create and develop IoT solutions with intelligent edge-to-cloud technologies in the Azure cloud.

BookDec 2023248 pages