IIoT Security and the Threats invited by Public Networks

by Stewart Kantor, CEO, and co-founder of Full Spectrum Inc.

Interconnectivity has become a norm in today’s society, with everything from your smartphone to your increasingly automated home and vehicle. Experts predict that there will be 50 billion connected devices by 2020 and with this ever-growing expansion, the Internet of Things (IoT) is progressively making its way into the industrial sector. But, as the classic Spider-Man quote goes, “With great power comes great responsibility” and this is especially true with the continued push for internet connectivity within industrial applications. The Industrial Internet of Things (IIoT) poses emerging security concerns in which mission-critical sectors, in particular, must find different solutions to mitigate these risks.

The benefits of accessing information and remotely controlling thousands of industrial devices are unparalleled to what was available just a decade ago, helping to save time, effort and money. Many critical sectors including the electric, natural gas and water utilities, military & defense and transportation industries have begun to leverage automation in one way or another and are already benefitting from the interconnectivity of the IIoT. However, as our systems become smarter and more interconnected, the likelihood of a significant cyber threat increases.

While the IIoT becomes more advanced, so do the hackers who are constantly targeting mission-critical operations and looking to cause damage that could be far more devastating than a simple hack on your laptop or smartphone. As a result, mission-critical entities are focusing on one of the key components of cybersecurity, establishing a secure network to create a customized defense for IIoT technologies. To do this, many operators are leveraging separate and private wide area wireless network technology.

Where Automation Has Led Us

With the ever-increasing growth of the consumer IoT, wireless connectivity has grown from 2G to 3G to 4G and now with the rollout of 5G to enable faster speeds and greater capacity. This growth has been great for the consumer, but industrial sectors are finding serious concerns in using the same public cellular data networks for industrial applications as these networks fail to meet the capacity and reliability demands of mission-critical applications.

The public wireless data networks from AT&T, Sprint, Verizon and T Mobile have been engineered for much greater downlink capacity to enable streaming video and other data-intensive services. Industrial applications, on the other hand, require greater coverage, capacity, and reliability in the uplink given the information is located at the grid or network edge (in the “fog” vs the “cloud”). This includes SCADA and sensor data for industrial applications that are often latency sensitive.

This lack of predictable capacity and coverage in the uplink from the major wireless carriers has led some mission, critical operators, to leverage unlicensed spectrum technology in order to meet capacity and quality demands. This approach, while it may seem like a ‘quick fix’ solution to the capacity problem, ultimately creates a new concern in the lack of security for these operations – opening up more access points for hackers and threats from interference.

We’ve seen these threats continue to emerge for critical infrastructure operations that are connected to the public internet or that leverage unlicensed spectrum. In December 2016, we bore witness to one of the largest attacks on a nation’s power grid in Ukraine, after hackers took down an electric transmission station north of Kiev and blacked out a fifth of its total capacity. Hacks have also occurred in the transportation sector including targeting passenger rail.

In the wake of these emerging security threats, mission-critical entities have faced a difficult choice, prioritizing either security or capacity, both of which are of the utmost importance to maintaining operations. To overcome this, some have sought out other options, outside of the traditional public or unlicensed networks in order to establish networks designed specifically for industrial applications.

A New Standard to Bolster Industrial Wireless Connectivity Needs

To create a better data communications solution capable of meeting security, reliability and capacity demands, associations including the Electric Power Research Institute (EPRI), the Utilities Technology Council (UTC), and over twenty of the industry’s leading utilities along with key technology providers set out to develop a new licensed wide area wireless standard. Published in October 2017, the new IEEE 802.16s standard leverages underutilized licensed VHF and UHF spectrum in a variety of channel sizes ideal for industrial internet applications. The expanded spectrum options and channel flexibility allows industrial providers to obtain licensed spectrum without having to compete with the consumer wireless operators.

802.16s networks can be built to operators exact requirements ensuring high security, low latency, prioritized capacity and reliability in an industry-wide area network. For example, in the power grid, where the integration of renewable energy requires the use of multiple, automated, interconnected smart devices, utilities can build a network specifically to meet those capacity demands, meanwhile an oil & gas operator, wary of cyber threats, can build a network separate from the public internet with layered security protocols on top of it. The flexibility of the standard gives mission critical operators the option of purchasing multiple licensed frequencies to add capacity if needed.

As IIoT emerges, so do the options for increased network connectivity, which can be either beneficial or detrimental depending on which option is selected. The new 802.16s standard is an ideal solution for the Industrial IoT allowing for separate private and secure wide area wireless networks.

About the Author

Stewart Kantor, CEO, and co-founder of Full Spectrum Inc.