Is a native-level attack an immediate threat to industrial internet of things (IIoT) devices?

1.8k views1 Upvote4 Comments

SVP, Chief Information Security Officer in Education, 5,001 - 10,000 employees
A native-level attack in the immediate future is very plausible. Considering some of the APT modes of operation that I've encountered, the bad actors that would launch an attack like that have already infiltrated their target. They just haven't had the right motivation to kick things off. And that's disturbing. For instance, if you look at the Mirai botnet, the attackers owned thousands of devices and just had them sitting idle until they decided to turn it on. The breached devices went about their normal day-to-day operations until someone upset the owner, or customer, of the botnet. And all of a sudden, the internet as we know it got impacted on a mass scale.

The heat maps of Mirai’s impact show how powerful it was. Imagine a native attack on that level happening to our critical infrastructure. That's never happened before, but no one can tell me that the code is not out there. We were able to write some of that offensive code as a Proof of Concept (PoC) when I was at Bayshore Networks, so I know bad actors are able to do the same. 10 years ago, the argument was that nefarious actors don't understand the ICS protocols, therefore they don't think that way. But it’s a mistake to think they haven't learned in 10 years. I'm convinced they have and that's why I'm concerned about the IoT space.
1 1 Reply
CIO in Services (non-Government), 201 - 500 employees

Andres, this is one of the best and most spot-on relies I have read in a while.  Great input!

CIO in Services (non-Government), 201 - 500 employees
It is indeed an immediate and present threat.

As others have pointed out, the Mirai attack was something that we all knew was going to happen sooner, rather than later.  I wrote about exactly that kind of threat about 8 months before the Mirai attack happened.

There are many other IoT devices that I know are compromised; not quite to the level that the Mirai devices were, but one of my friends that runs a security business that concentrates on IoT devices and their component parts like GBICs, runs various checks on behalf of the US government and military, and he has told me of many instances of his company finding embedded firmware backdoors, etc., in IoT devices.
Director, USC Center for Computer Systems Security in Education, 5,001 - 10,000 employees
I believe that what you describe as a native-level attack should be a significant concern for industrial control systems and critical infrastructure, the main constituents of IIoT (Industrial Internet of Things).  Attacks on IoT, and more specifically CPS (Cyber Physical Systems) are carried out in both the physical and cyber domains.  Certain components of IoT/CPS enable such attacks to cross domains.

Within the cyber-domain, basically your traditional IT kinds of attacks, we see amplification (though automation and replication of the attack).  This means that an adversary can attacks large numbers of endpoints simultaneously.  The impact of each of these replicated attacks might be minor in the physical domain (which is how I am interpreting the native-level term that was in the posted question).  But, in aggregate, these small perturbations in the physical domain add up and can destabilize the entire physical system.

Consider an attack on the power grid caused by manipulation (synchronization) of charging times for electric vehicles, facilitated through malware infecting the cell phones of millions of electric vehicle owners.  Destabilization of the grid could occurs through the load imbalance imposed in the physical domain (native level for a power system).

Mitigation of these kinds of attacks requires defenses not just in the cyber domain, but also in the physical (native) domain.  As an aside, In the case of the power grid, one of the most useful mitigating defenses is distributed energy storage.

Content you might like

SANS Cyber Security Leadership NOVA10%

ENISA Cybersecurity Standardisation Conference 202343%

Gartner Security & Risk Management Summit13%

SANS Cyber Security East (Feb edition)3%




CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
48.9k views133 Upvotes326 Comments


No, but I plan to36%

No, and I do not plan to10%


2k views2 Comments