Manufacturers Need to Secure Their IoT Against Remote Access Risks
Internet of Things (IoT) devices have caused a stir in the manufacturing space. Connected industrial machinery used for remote monitoring, predictive maintenance, inventory management, and more has transformed industrial workflows – making manufacturers more efficient overall.
The problem is that IoT devices manufacturers leverage their operations, for all the benefits they provide, increasing risk. We’ve written about the issues with IoT devices in the past, including weak default passwords, poor security practices from manufacturers, and unencrypted communication protocols. But this blog will cover another, potentially more serious risk for manufacturers: insecure remote access.
Why Should Remote IoT Access Cause Concern?
Any access to IoT devices outside the corporate network can create a security risk if not managed properly. Remote monitoring of manufacturing environments can be necessary, especially in terms of reporting, but mitigating the potential operational risk to the business’s day-to-day activities needs to be paramount.
The two types of users who might need to remotely access IoT devices are distributed employees and third-party vendors. These types of users have different needs when it comes to accessing remote devices; vendors might need to log in for predictive or preventive maintenance purposes, while employees might need to collect and analyze data.
A few of the major risks for remote IoT access in manufacturing environments include:
- Inconsistent password hygiene – Vendors and employees may have different password processes and hygiene standards. There are no guarantees that third-party vendors will have secure passwords to remotely access connected devices, especially given the generally poor password practices regarding Internet of Things devices. Default passwords for connected equipment are easily found online, empowering anyone with the ability to leverage default credentials if security teams aren’t careful.
- Unencrypted device communication protocols – Most network traffic to and from IoT devices isn’t encrypted. Given the sheer number of routers that most data must pass through for remote users to gain access, transmitting information in an unencrypted format allows for man-in-the-middle attacks from any number of possible threat actors. Remote access increases the possibility of these attacks succeeding.
- Connected device hijacking – Enabling remote access on IoT devices increases the possibility of that access being used to hijack a connected device. Stolen credentials can be used to access critical IoT and operational technology (OT) and then that equipment is used as a launching point for lateral movement.
These remote access security risks should be taken seriously. Manufacturers can expect to see far more threats with how complex it is to protect OT and industrial IoT systems. As more companies leverage the Internet of Things to increase efficiencies and improve operational processes, security teams need to adopt more cohesive protective measures to prevent attackers from gaining a foothold in their environments.
How Manufacturers Can Provide Secure Remote IoT Access
The need for remote access is a reality of the modern workforce. While earlier technologies for both batch and process manufacturing could once assume all changes would be made on-site, it is becoming rarer. General goals for digital transformation and agility require more remote access to provide additional benefits. Giving customers knowledge of how their jobs are doing and giving suppliers real-time inventory information are just two examples of concrete benefits for manufacturers that require expanding access to information collected through IoT devices. For manufacturing companies, this means allowing distributed workers to access systems offsite when they need to collect data for analysis, monitor operations, or perform their day-to-day jobs. It can also mean creating secure remote access for vendors who may need to perform preventive or predictive maintenance on their IoT devices deployed within the operational environment.
Manufacturers need to ensure that this remote access is as secure as possible. Enabling secure remote connections for IoT and OT systems involves a few key decisions:
- Implementing additional password security measures, such as multi-factor authentication, to limit the possibility of unauthorized access. This is especially key to limiting the effectiveness of credential theft. Even if usernames and passwords are stolen, multi-factor authentication reduces the likelihood of malicious actors gaining access. This can be done with either an authenticator application on a mobile device or via additional hardware-based authentication.
- Encrypting user traffic via a VPN or other encryption. When remote users access IoT devices with a VPN, the data they access is protected along with their location and any user access details. This limits the possibility of credential theft from occurring.
- Specifying strict access controls for critical systems to ensure that anyone with access to IoT devices has the least privileges necessary to accomplish the business goal. If third-party vendors must access connected systems in a manufacturing environment, their access should be strictly limited to the device in question and come from specific IP addresses if possible. This ensures that should the third party be breached and credentials stolen, malicious actors can’t perform any lateral movement because those permissions are limited in scope.
- Implement network traffic encryption for all IoT devices to ensure that data transmitted across the network can’t be readily accessed. Network traffic from IoT devices needs to be encrypted, which should be possible with most modern connected equipment but may need to be enabled on the device itself.
- Implement behavioral safeguards to put limits on what even “authorized” users can do. Just as financial services firms have dollar-based thresholds for scrutiny, many manufacturing organizations can implement similar guardrails for IoT. For example, very few devices should be generating network traffic in the TB or sometimes GB range in a short period of time. Data traffic exceeding those thresholds can be a telltale sign of data exfiltration via IoT.
- Monitor all IoT network traffic for any anomalous behavior. Data caps are just one example of how IoT network traffic generally follows prescribed pathways. If a vendor is receiving telemetry from a device, there would generally be communication with a specific IP address. Should any IoT equipment start transmitting data to a different location, that might be a sign that a threat actor has gained access to the system.
These are only some features to ensure secure IoT remote access. Security teams at manufacturers need to be cognizant of the risks of connected systems, and include them as key parts of a defensive strategy to protect critical infrastructure and ensure business continuity.
How Asimily Helps Secure Remote IoT Access
Asimily’s IoT security platform was built to simplify the work of manufacturing security teams. With Asimily, manufacturers gain unparalleled visibility into IoT devices on their networks to ensure they have insight into device type and any associated vulnerabilities. Asimily’s anomalous behavior detection can also provide clues into whether a device is compromised, empowering security teams with intelligence to act on potential compromises.
Asimily’s continuous intelligence empowers manufacturers to monitor IoT traffic and vulnerabilities without interruption. This ensures that security teams can act quickly on potential issues. Manufacturers can also use Asimily’s Risk Simulator to assess options for mitigating the risk from a given vulnerability on a device. Simulating a fix before performing the work can help you determine criticality and whether the weakness is even of interest to attackers. That’s critical information when deciding how to improve your security posture.
Asimily empowers manufacturing security teams to pinpoint potential weaknesses, vulnerabilities, and their severity with laser precision, all while contextualizing the data to help you prioritize remediation and reduce true risk. With Asimily, manufacturing customers can provide secure remote access and protect what really matters.
Manufacturers need to be wary of remote access to their IoT devices. With Asimily, they’re able to provide secure access to the teams that need it and defend their critical infrastructure against attackers. That’s going to be key now and in the future.
To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.