小程序
传感搜
传感圈

Why Managing IoT Security Risk in Utility Infrastructure is Essential to Defeat Emerging Threats

2022-11-15
关注

Why Managing IoT Security Risk in Utility Infrastructure is Essential to Defeat Emerging Threats
Illustration: © IoT For All

With multiple large-scale ransomware attacks occurring over the last few years, including those in the utility industry, people are wondering more than ever what the future of security for the Internet of Things (IoT) infrastructure space should look like. According to PwC’s 25th Annual Global CEO Survey, 44 percent of energy, utilities, and resources CEOs ranked cyber threats as a “top three” concern, only slightly edged out by health risks (45 percent) and climate change (49 percent). With today’s advancing technology has come a drastic increase in cyber-attacks across all industries. These CEOs are feeling the threat that cyber-attacks pose now and in the future, and they must consider what actions need to be taken to prevent themselves from becoming victims. 

'The LoRaWAN specification has been designed from the outset with security as an essential aspect, providing state-of-the-art security properties that meet the needs of highly-scalable low-power IoT networks.' -Ken LynchClick To Tweet

“Attacks on organizations in critical infrastructure sectors have increased dramatically, from less than 10 in 2013 to almost 400 in 2020 – a 3,900 percent change,” according to a Gartner report. As their operations become more connected, companies across industries have been working to implement best practice security measures to try and mitigate these attacks. With strong IoT security inherent in network protocols like LoRaWAN, we know our critical infrastructure is more secure than ever before. However, with cybercriminals becoming more sophisticated, some organizations may choose to consider an additional layer of security to protect vital information.

IoT Security Risks in Utility Infrastructure 

Current: Alarmingly, in some situations, security isn’t implemented correctly on IoT devices or for communication coming from devices. And, if low-strength security and/or static keys are being used, it can make it easier for bad actors to hack your systems. Security vulnerabilities that exist today include man-in-the-middle attacks, replays, delays, reliance on antiquated operating systems, no true end-to-end data security, and low amounts of processing power. 

Future: The future of utilities is moving towards remote management and access to devices (like meters), which will expand connectivity infrastructures. While this promises a more streamlined way to operate, it can introduce new vulnerabilities. Because of this, utility infrastructure providers need to consider the cyber risks that come with making systems more visible to cyber criminals and prepare their security for attacks. 

Outcomes and Future Planning 

When a cyberattack has been successfully carried out on utility infrastructure the damage done can leave a lasting impact on human safety and can affect equipment, systems, and the services they provide. When hackers can capture sensitive data about these systems and manipulate them, they can cause catastrophic outcomes, including total system shutdowns. 

The visibility that comes as a result of increased connectivity means that those in the utility infrastructure space need to implement security that can cover any openings that hackers may try to exploit, providing true end-to-end payload protection through every hop of an IoT network. One consideration is to secure IoT devices by embedding a security technology within the end devices that secures data to the highest strength, at the earliest opportunity. This security library is controlled by the application running on the device and should be resistant to attacks of the future. Government-regulated certifications like FIPS 140-3 are also an important feature in protecting critical infrastructure.  

Securing an IoT deployment is not only a matter of choosing the right communication protocol, but it requires following implementation best practices and adhering to industry security standards. The LoRaWAN specification has been designed from the outset with security as an essential aspect, providing state-of-the-art security properties that meet the needs of highly scalable low-power IoT networks.

Additional layers of security such as MTE (MicroToken Exchange) and MKE (Managed Key Encryption) are also supported by forward-thinking network operators and utility infrastructure providers to support critical infrastructure and essential business applications.

Tweet

Share

Share

Email

  • Remote Management
  • Utility Management
  • Connectivity
  • Cybersecurity
  • Internet of Things

  • Remote Management
  • Utility Management
  • Connectivity
  • Cybersecurity
  • Internet of Things

参考译文
为什么管理公用事业基础设施中的物联网安全风险对战胜新兴威胁至关重要
随着过去几年发生的多次大规模勒索软件攻击,包括在公用事业行业,人们比以往任何时候都更想知道未来物联网(IoT)基础设施领域的安全应该是什么样子。根据普华永道第25届年度全球CEO调查,44%的能源、公用事业和资源类CEO将网络威胁列为“三大”担忧,仅次于健康风险(45%)和气候变化(49%)。随着当今技术的进步,所有行业的网络攻击都急剧增加。这些ceo们现在和将来都感受到了网络攻击带来的威胁,他们必须考虑需要采取什么行动来防止自己成为受害者。高德纳的一份报告称:“对关键基础设施行业组织的攻击急剧增加,从2013年的不到10起增加到2020年的近400起——变化了3900%。”随着业务联系越来越紧密,各行各业的公司一直在努力实施最佳实践安全措施,试图减轻这些攻击。由于LoRaWAN等网络协议中固有的强大物联网安全性,我们知道我们的关键基础设施比以往任何时候都更安全。然而,随着网络犯罪变得越来越复杂,一些组织可能会选择考虑额外的安全层来保护重要信息。当前:令人担忧的是,在某些情况下,物联网设备或来自设备的通信没有正确实现安全。而且,如果使用的是低强度的安全和/或静态密钥,则会使恶意分子更容易入侵您的系统。目前存在的安全漏洞包括中间人攻击、重放、延迟、依赖过时的操作系统、没有真正的端到端数据安全性以及处理能力较低。未来:公用事业的未来正在向远程管理和设备(如电表)的访问方向发展,这将扩展连接基础设施。虽然这保证了一种更精简的操作方式,但它可能引入新的漏洞。正因为如此,公用事业基础设施供应商需要考虑网络犯罪分子更容易看到系统所带来的网络风险,并为攻击做好安全准备。当网络攻击成功地对公用事业基础设施实施时,所造成的破坏会对人类安全造成持久的影响,还会影响设备、系统及其提供的服务。当黑客能够获取有关这些系统的敏感数据并对其进行操作时,他们可能会导致灾难性的后果,包括整个系统的关闭。连接性增加带来的可见性意味着,公用事业基础设施领域的那些人需要实现可以覆盖黑客可能试图利用的任何漏洞的安全性,通过物联网网络的每一跳提供真正的端到端有效载荷保护。考虑之一是通过在终端设备中嵌入安全技术来保护物联网设备,在最早的时机以最高强度保护数据。这个安全库由运行在设备上的应用程序控制,应该能够抵抗未来的攻击。FIPS 140-3等政府监管认证也是保护关键基础设施的重要特征。确保物联网部署的安全不仅是选择正确的通信协议的问题,还需要遵循实施最佳实践并坚持行业安全标准。LoRaWAN规范从一开始就将安全作为一个基本方面进行设计,提供最先进的安全属性,满足高可扩展的低功耗物联网网络的需求。 具有前瞻性的网络运营商和公用事业基础设施提供商还支持其他安全层,如MTE (MicroToken Exchange)和MKE (Managed Key Encryption),以支持关键基础设施和基本业务应用程序。
您觉得本篇内容如何
评分

相关产品

MSA 梅思安 SUPREMATouch 气体仪器

SUPREMATouch已根据ATEX认证,适用于几乎所有安全相关应用,包括安全完整性等级(SIL)3级(EN 61508)的冗余系统。新增强功能:,市场:一般工业、石油和天然气、公用事业

Fluke 福禄克 FLUKE 355 频率计

355还可以测量电压和电阻,使其成为公用事业、电气承包商和工业服务技术人员理想的钳形表。4000计数背光显示。真有效值交流+直流电流和电压测量。真有效值波峰因子= 2.4。电机涌流测量。安全EN61010猫IV 600 V,猫三世1000 V \ nAbsolute最大交流电流测量= 2 ka交流\ nAbsolute最大直流电流测量= 2 ka直流\ nAbsolute最大交流电压测量

评论

您需要登录才可以回复|注册

提交评论

iotforall

这家伙很懒,什么描述也没留下

关注

点击进入下一篇

人工智能伦理超越数据隐私和偏见

提取码
复制提取码
点击跳转至百度网盘