Book Image

Practical Industrial Internet of Things Security

By : Sravani Bhattacharjee
Book Image

Practical Industrial Internet of Things Security

By: Sravani Bhattacharjee

Overview of this book

Securing connected industries and autonomous systems is of primary concern to the Industrial Internet of Things (IIoT) community. Unlike cybersecurity, cyber-physical security directly ties to system reliability as well as human and environmental safety. This hands-on guide begins by establishing the foundational concepts of IIoT security with the help of real-world case studies, threat models, and reference architectures. You’ll work with practical tools to design risk-based security controls for industrial use cases and gain practical knowledge of multi-layered defense techniques, including identity and access management (IAM), endpoint security, and communication infrastructure. You’ll also understand how to secure IIoT lifecycle processes, standardization, and governance. In the concluding chapters, you’ll explore the design and implementation of resilient connected systems with emerging technologies such as blockchain, artificial intelligence, and machine learning. By the end of this book, you’ll be equipped with the all the knowledge required to design industry-standard IoT systems confidently.
Table of Contents (22 chapters)
Title Page
Copyright and Credits
Dedication
Packt Upsell
Foreword
Contributors
Disclaimer
Preface
I
I
Index

Evolution of cyber-physical attacks


Over the last decade, the frequency and sophistication of industrial cyberattacks have evolved remarkably.

Prior to the year 2000 and the related Y2K concerns, cyberattacks were much less frequently reported and less sophisticated, and generally involved breaking into computers by cracking the passwords. In the past decade, the attacks have become more sophisticated, involving ransomware, malware injected denial of service attacks, data spoofing, and so on. Increased coordination and the formation of botnets of up to 100,000 nodes paints a bleak picture as to what to expect in the future. Nation state actors and cyber criminals backed by major funding are in a position to exploit a nation's social, financial, and critical infrastructures.

 

 

The cybersecurity for the C-Level fact sheet (DHS-NCCIC) from the Department of Homeland Security (DHS) entreats industrial enterprise leaders to prioritize cybersecurity strategies in increasingly connected industry environments. It highlights the growing rate and sophistication of malware attacks, citing Havex and BlackEnergy as examples. Havex, which operates as a Remote Access Trojan (RAT), can inject unauthorized control commands onto ICS/SCADA devices and cause denial of service in critical infrastructures (for example, water, and energy); BlackEnergy, another Trojan-type bug, can compromise HMI software to gain access to control systems:

Figure 1.12: Categories of cyberattackers—types and motives; Source: Adapted from frost and sullivan (FSV-IoT)