Infographic: History of IIoT Cyber-Attacks and How to Avoid Them

Shawn Wasserman posted 2016-10-12

The Internet of Things (IoT) is a wondrous thing. By connecting products and equipment to the Internet, engineers can reinvent how they design, monitor, maintain and even monetize their products. However, the IoT isn’t all rainbows and unicorns. Every time something is added into your digital network it can serve as another attack vector for black hat hackers.

Time line of major cyber-attacks since 2007. As the IoT grows, so does the risk. But this risk can be mitigated with proper engineering. (Image courtesy of GlobalSign.)
Depending on the data you store on the network and the equipment the network controls, a genius coder can cause significant damage to your company, users and the general public.

GlobalSign released an infographic with a time line of cyber-attacks starting with Stuxnet’s attack on Iran’s nuclear centrifuges and valves back in November 2007. Though this hack wasn’t connected to the Internet, it acted as a proof of concept for how dangerous a hack of this magnitude can be if in the wrong hands.

In due time, other scary big hacks hit such as:

  • The destruction of a water utility pump through a SCADA System back in November 2011
  • Target’s personal database hack through the company’s HVAC system in December 2013
  • The remote unlocking of BMW vehicles in January 2015
  • Wired’s video of a Jeep hack that remotely controlled the car while it was on the highway in July 2015
  • Ukraine’s power grid hack where stolen credentials shut down 30 substations in March 2016

Perhaps the scariest part of these hacks was seen in the Ukraine power grid attack as the black hats installed custom firmware, deleted master boot records and disabled the phone system. This could truly devastate and cripple a city leaving it defenseless.

Protecting Engineering Tools, Products and Equipment from Cyber-Attacks

However, fear not. As there are steps that engineers can take to protect their designs, products and equipment from anonymous threats.

Here are some tips that GlobalSign suggests for protecting your IoT network:

  • Think of security early in the development cycle as it’s hard and costly to add security measures late in the design process.
  • Implement security protocols into your design (verify human-to-thing and thing-to-thing communications); also test the integrity of the data that has been transferred.
  • Ensure that proven security technologies and standards are used like trusted platform module (TPM) and Public Key Infrastructure (PKI).
  • Consider cloud software-as-a-service (SaaS) models that include high scale certificate deployments. There is no need to create your own certification system with an on-premise cloud.
  • Don’t reinvent the wheel and rely on internal and external partners. No one can protect the IoT alone, and people have been where you are now. Learn from them.

For more strategies to protect your IoT system and products, read: IoT Security: How to Protect Connected Devices and the IoT Ecosystem.

A history of IIoT cyber-attacks and the future of security. (Image courtesy of GlobalSign.)