The golden age of technology that we are living through has delivered many benefits to businesses and wider society, but at the same time has opened us up to a new species of threat.
In the last few years, increased connectivity to the internet has opened up previously isolated networks to the spectre of cyber attacks and forced new industries such as critical national infrastructure to reassess the risk posed to their organisations.
Innovations in sensor technology, the ubiquitous proliferation of mobile devices and the increased efficiency of wireless communications to transfer data has led to the ‘Internet of Things’ where virtually any device can be connected to the internet.
In the last year we have even seen the first DDoS attack being directed from a refrigerator, meaning almost any device can serve as a point of attack as well as a point of entry to the network.
Organisations are now realising they are woefully exposed to attack and need to consider a wider new approach to prevent the Internet of Things becoming an Internet of Threats.
No place like home
As more and more devices are connected to the internet, inevitably we will see cyber-attacks affecting new networks and affecting more spheres of daily life.
Attacks to date have tended to focus on desktop PCs and enterprise networks, but what could happen if these attacks were aimed at our home appliances or personal vehicles?
While domestic devices like Nest fire alarms and smart metering like Hive have promised benefits like controlling your home from your mobile device they also present a worry – what if these devices were interfered with?
DDoS attacks, Trojan horse and man in the middle attacks have been geared towards stealing data or rendering hardware unusable in the PC world but these types of attack can also cause a large amount of damage in the home setting.
Hacking into web cams, locking doors and windows and controlling whether the gas comes on or not can all be potentially controlled remotely in future and, when you magnify this across every home in the country, the potential for co-ordinated damage is endless.
Organisations need to realise that if this is what can be caused in the home, imagine what could potentially happen if these attacks found their way to the countries transportation or nuclear energy networks.
The rise of the machines
Cyber attacks have previously been limited by the reach of fixed-line communication, but these are now dissolving.
The increased range and strength of wireless communications is bringing about an age of machine-to-machine (M2M) communications.
Any natural or man-made object can be assigned an IP address and possesses the ability to transfer data over a network.
M2M also means that attacks can spread swiftly from one network to the next since and no longer rely on the activity of a user to direct them.
As different machines communicate with each other and are trusted more to deliver the right information, there is the potential for cyber-attacks to give false statuses and create problems.
In the oil and gas industry, for example, if sensor information on the inside a drill is incorrect it could create an explosion that causes millions of pounds of damage, as well as costing lives.
To take another example, marine communications trust M2M communications to a large degree to make sure that the ships are on course and can dock safely.
If these communications are interfered with, these vessels can be steered into silt banks or run aground very easily.
To take a lesson from WWII, the SS Richard Montgomery was accidentally wrecked in the Thames Estuary with 1,400 tonnes of explosive on board.
When any computer user is able to access the location of every marine vessel connected to the internet, intercepting communications is the next logical step.
Getting to the grid
Previously closed industrial networks are now opening up to the internet mainly because it is seen as a more viable and cost effective method instead than dedicated lines of communication.
Within the power, electricity and gas industries in particular, we have seen increased communication over the internet to communicate information between control stations, power plants and sub-stations.
Whereas attackers before would have to splice a cable at a substation and connect to the network, this can now be done through the internet connection without them ever needing to leave their chairs.
Hackers can then cause significant damage, such as relaying false message to control centres and causing parts of the energy grid to overload.
This has partially been defended by the claim there is an ‘air gap’ – a space between the power network and the internet network – that cannot be connected.
However, in reality these attacks can be transferred via something as simple as a USB stick used by workers. USBs have even led to the Stuxnet virus finding its way to the International Space Station from Earth, a distance of some 370 kilometres.
The proposed smart metering program in the UK will present further challenges to protecting the energy network when the scheme connects every home to the energy grid via the internet.
This makes every domestic home a point of attack to the critical national infrastructure and threats from users, as well as from inside the network, will need to be protected against to avoid a devastating attack that could bring whole sections of the country to its knees.
Preparing for the inevitable
While increased connectivity to the internet introduces a world of problems, this doesn’t mean we should go back to the Stone Age.
Progress of technology could soon mean that eventually every car, appliance and even medical devices such as pacemakers will eventually be connected to the internet, but organisations can act now to limit the damage.
>See also: Driving the Internet of Things
Organisations need to limit the scope of access from unauthorised parties as much as possible and assume that their networks have already been infected.
Next organisations will need to take steps to cleanse the network from threats and ensure each node can be trusted to convey the right information.
Unless organisations need to wake up to the Internet of Threats and realise that a major cyber attack on a nationwide scale is not just a possibility, but an inevitability.
Sourced from Chris McIntosh, CEO, ViaSat UK