He post-pandemic shift to remote work underscores a new trend in the industrial sector. Unlike digital-first companies, manufacturing organizations are heavily dependent on onsite employees as only 46 percent of the industry had remote monitoring processes pre-pandemic. If not complete plant shutdown, severe production disruptions were an inevitable result as onsite staff dwindled.

This highlighted the critical role of digitization, remote connectivity, remote monitoring and asset tracking in manufacturing. The result was an upward trend in IIoT adoption worldwide. But increased remote connectivity came with the price tag of major breaches since 2020 – impacting companies like Solarwinds, Colonial Pipeline, JBS and Kaseya, to name a few.

Additionally, the post-pandemic demand-supply disruptions caused an acute shortage of some electronic components, which heightened the risks of counterfeits. Today, increased IIoT adoption puts the spotlight on IoT security's most crucial aspect: securing IoT systems.

Sizing Up Security Threats to IoT Systems

IoT systems' attack surface spans firmware, operating systems, chipsets and the application software stack. After COVID-19, attacks targeting IoT systems widened significantly across both hardware and software.

In software attacks, the attacker gains access to firmware and analyzes it with attacker tools. Common techniques include binary reversing using IDA Pro; finding vulnerabilities with Flawfinder; examining firmware with FACT; using ZAP or GoBuster for web tests; using GDB for analyzing the source code, and so on.

Hardware fuzzing, timing attacks, hardware glitching and triggering a differential power analysis (DPA) to crash the device are some examples of non-invasive hardware attacks.

Light emission analysis that creates a photonic image of the chipset PCB is an example of a semi-invasive firmware attack, while linear code analysis exemplifies fully invasive raids. Attackers can flash malicious firmware on the device by compromising firmware updates lacking cryptographic signatures as proof of identity.

Man-in-the-Middle (MitM) attacks intercept both device-to-device and device-to-cloud communications in IIoT architectures. Tools like Bus Pirate, Shikra or logic analyzers allow an attacker with physical access to the device to sniff the data transported in the networks and dump the contents of the chips storing the data.

A Layered Security Approach

Securing your IoT systems against these attacks calls for a layered security approach in system design. A layered approach to secure IoT systems needs to ensure:

• Boot and firmware update integrity
• Isolation of security codes and keys
• Device identity protection
• Protection against physical tampering and remote attacks

Embedding security in hardware – Hardware-based security is tamper-resistant and has outperformed software in many attack scenarios. Establishing the root-of-trust in silicon and storing secrets in hardware vaults like Trusted Platform Modules (TPMs) significantly improves system reliability and minimizes risks of tampering. Hardware security is more power-efficient, and digital signatures in the hardware reduce the complexity of firmware updates.

Securing OS Boot and Device Identity – Boot process integrity can be secured by utilizing measured boot, verified boot, and secured boot. Security chips are available for managing the integrity metrics during device bootup. It is also essential to authenticate and control access for hardware elements, firmware, and application programming interface (API) calls, etc., by adhering to the principles of separation of duty, least privilege, and role-based permissions. TPMs allow the secured authentication of devices and systems that connect to clouds, servers, and other devices.

Securing Communication – Encrypted tunnels prevent man-in-the-middle attacks like eavesdropping, message tampering, etc. Security gateways can carry out security functions for resource-constrained components and sensors, actuators, etc., with a small footprint. System design should include DTLS-encrypted vaults to store security keys, certificates, etc., used in the communication protocols and cryptographic operations.

Protecting data integrity – IoT data includes device-generated raw data, secrets, libraries, binary executables, configuration and log files, etc. Data security must consider:

• Stored data – Data-at-Rest (DAR)
• Runtime data – Data-in-Use (DIU)
• Sent/Received Data – Data-in-Motion (DIM)

IoT threats require data integrity controls that are more advanced than traditional checksums. Cryptographic signatures can attest to data integrity at any point in the data flow using hardware trust root or the TPM.

Component authenticity in a disrupted supply chain

Post-pandemic, the global supply chain is sorely disrupted, particularly for electronic components. Counterfeit components are a growing threat. You should authenticate every device and point-of-entry using cryptographically-generated digital signatures.

It's more important than ever to validate your components are sourced from authentic suppliers. Cryptographic signatures at each step of the supply chain, starting from manufacturers, distributors to integrators, help authenticate components digitally. Encryption and other security best practices help ensure that both industrial IoT systems and user data are secure.