John Ewing, a security solution architect for CDW, outlines multiple scenarios in which a hacker could use vulnerable IoT or IIoT connections to launch an attack.
“If a power plant sends telemetry data about issues on a pipeline somewhere, a hacker could disguise that and pretend like nothing was happening to the system,” he says. “Or a hacker could find a weakness and try to exploit it, either to accelerate the failure or to use the failure to do something else. A hacker can even use the failure as a diversion technique — as a decoy for something else that’s going on.”
Cybersecurity experts agree on the importance of setting baselines for the type of data that network administrators should expect to see transmitted by a device or object, and then monitor for any deviations from that baseline.
“It’s much harder to protect my daughter’s iPad than it is a SCADA [supervisory control and data acquisition] system,” he says. “What I mean by that is, if you consider an ATM or a car or a pump, all of those have pretty specific functions. They shouldn’t be running iTunes on them, hypothetically. Creating a baseline for what should and shouldn’t run on them should be achievable.”