Every January, the digerati gather in Las Vegas at the Consumer Electronics Show to see, hear and touch the latest and greatest in technology. This year, one of the biggest stories to come from the confab is that everything is connected. Beyond consumer smartphones and smartwatches, the new internet of things, or IoT, has expanded
to include smart workplaces and smart warehouses.
Manufacturing is especially woven into the fabric of the IoT as users of internet-connected manufacturing lines, security cameras, power grids, IT and operational tech devices, and programmable logic controllers. In fact, according to researcher IDC, the manufacturing industry accounts for one of the largest spenders on IoT technology — a market expected to host 30 billion IoT devices by 2020 and as many as 75 billion by 2025.
Unfortunately, cybercriminals are taking advantage of IoT security exploits, turning it into the IoUT — the internet of unsecure things. IoT device manufacturers and software companies are aware of the perils of unattended, connected devices that can fall prey to cybercriminals. The CES event earlier this year featured seminars under the banner of “Deploying IoT Platforms — What You Need to Know” and “IoT and the Connected Consumer,” which included topics such as trends, innovations and, more important for consumers, privacy.
One of the greatest concerns is that the same ability to reach internet-connected devices, whether in the home or business facility, locally or remotely via Wi-Fi, can also make them susceptible to hacking. On the consumer side, compromised devices include baby monitors, air conditioners and automobiles. On the industrial side, hacking has included programmable logic controllers and security cameras.
In fact, IoT device search engines exist that have cataloged the existence of connected devices all around the world. If these devices are unsecured — for example, if they only use the default, out-of-the-box administrator password — anyone may be able to connect to them. If the device is a connected Wi-Fi security camera, the privacy damages can be immense.
Here are some specific steps you can take to keep your manufacturing facility secure while remaining productive employing the IoT.
Change default passwords
One of the easiest ways for even the most casual of hackers to gain access to a Wi-Fi router or other connected device is to Google the default administrator password for the device and attempt to log into it. To avoid this, make sure to change the default user, if possible, and the password. Our company provided insight into how to pick strong passwords in a recent blog post (http://bit.ly/2CRJKJv) with a few suggestions to follow.
Inventory new devices
Conduct an asset management review of your connected devices on a regular basis, and document what each device does and what it is connected to on your network. Of particular interest is the control of internet traffic that is leaving your network — what data is being shared from your network from connected devices, and where is it going?
Make firmware updating automatic
Device manufacturers are aware of security issues and often publish “firmware updates” or security patches to keep hardware as secure as possible from new threats. You can help by enabling automatic updates on your devices. Keeping your device up to date ensures your device has the strongest security possible.
Turn the tables on hackers
You may have vulnerabilities in your Wi-Fi network that you are not even aware exist. To make sure you know each and every connected device on your home or office network, use a Wi-Fi scanning tool. One that I like is the Kaspersky IoT Scanner, which is available as an Android app. It can scan any network to which you are permitted to connect, allowing for discovery of what other devices at home or in the office are connected to the internet. It also highlights potential vulnerabilities, such as open internet ports that you may need to secure. Learn more here: http://bit.ly/2xd9i4a.
Connected devices offer manufacturers a wide range of useful capabilities that increase productivity. Just be sure they also ensure your privacy when you are using them at home, office or anywhere in your facility.
Eric Payne is a senior security architect with SRC Technologies in Green Bay. He has nearly 20 years of experience working with companies on cybersecurity and data-protection technology that includes Microsoft, VMware and Kaspersky.
SRC provides consulting and management to midmarket companies for IT infrastructure and data-security needs.