Is a native-level attack an immediate threat to industrial internet of things (IIoT) devices?
CIO in Services (non-Government), 201 - 500 employees
It is indeed an immediate and present threat.As others have pointed out, the Mirai attack was something that we all knew was going to happen sooner, rather than later. I wrote about exactly that kind of threat about 8 months before the Mirai attack happened.
There are many other IoT devices that I know are compromised; not quite to the level that the Mirai devices were, but one of my friends that runs a security business that concentrates on IoT devices and their component parts like GBICs, runs various checks on behalf of the US government and military, and he has told me of many instances of his company finding embedded firmware backdoors, etc., in IoT devices.
Director, USC Center for Computer Systems Security in Education, 5,001 - 10,000 employees
I believe that what you describe as a native-level attack should be a significant concern for industrial control systems and critical infrastructure, the main constituents of IIoT (Industrial Internet of Things). Attacks on IoT, and more specifically CPS (Cyber Physical Systems) are carried out in both the physical and cyber domains. Certain components of IoT/CPS enable such attacks to cross domains.Within the cyber-domain, basically your traditional IT kinds of attacks, we see amplification (though automation and replication of the attack). This means that an adversary can attacks large numbers of endpoints simultaneously. The impact of each of these replicated attacks might be minor in the physical domain (which is how I am interpreting the native-level term that was in the posted question). But, in aggregate, these small perturbations in the physical domain add up and can destabilize the entire physical system.
Consider an attack on the power grid caused by manipulation (synchronization) of charging times for electric vehicles, facilitated through malware infecting the cell phones of millions of electric vehicle owners. Destabilization of the grid could occurs through the load imbalance imposed in the physical domain (native level for a power system).
Mitigation of these kinds of attacks requires defenses not just in the cyber domain, but also in the physical (native) domain. As an aside, In the case of the power grid, one of the most useful mitigating defenses is distributed energy storage.
Content you might like
Read More Comments
SANS Cyber Security Leadership NOVA10%
ENISA Cybersecurity Standardisation Conference 202343%
Gartner Security & Risk Management Summit13%
SANS Cyber Security East (Feb edition)3%
Nope30%
119 PARTICIPANTS
Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Our quickest spend reduction came from end point standardization and the narrowing of standard equipment to a menu of options. A standard replacement scheduled was implemented allowing a reliable prediction of endpoint costs. ...read moreCTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Yes54%
No, but I plan to36%
No, and I do not plan to10%
253 PARTICIPANTS
The heat maps of Mirai’s impact show how powerful it was. Imagine a native attack on that level happening to our critical infrastructure. That's never happened before, but no one can tell me that the code is not out there. We were able to write some of that offensive code as a Proof of Concept (PoC) when I was at Bayshore Networks, so I know bad actors are able to do the same. 10 years ago, the argument was that nefarious actors don't understand the ICS protocols, therefore they don't think that way. But it’s a mistake to think they haven't learned in 10 years. I'm convinced they have and that's why I'm concerned about the IoT space.
Andres, this is one of the best and most spot-on relies I have read in a while. Great input!