A vulnerability in just one IoT device puts the entire system at risk. With a single device, attackers can access an organization's data, which could result in infrastructure failure or suspension.
This IoT security challenge is especially prominent with connected energy sources. Think of a power grid that covers entire cities or oil refineries that have hundreds of valves and sensors. If someone were to hijack and take control of these systems, the consequences could be devastating. Despite all the talk around security by design, most IoT systems are far from such a model.
To fully address the security concerns that accompany smart energy devices and power grids, admins must understand the technology that underpins and connects these systems. They must also know how to reduce the overall attack surface and potential vulnerabilities with smart meter security measures and network protection.
Devices for IoT energy infrastructure
The IoT technology stack has several layers: hardware, software, communications and the cloud. These layers all play a role in smart energy security, but there are specific hardware devices admins must know how to manage.
Smart meter hardware is common for energy grids. The goal of these devices is to lower costs and increase efficiency. With smart meters in office buildings, for instance, energy suppliers don't need to collect data from individual users; smart meters automatically send the data to management software.
However, the more devices that connect to a network, the more vulnerable the network is, due to an expanding attack surface.
The first challenge is that, with few exceptions, smart meters must always be online. Second, their use in office building networks poses an additional security risk. These networks can lack proper monitoring for incoming attacks, so smart meter data can be intercepted and used as an access point.
Most smart meters come with some protective measures, such as data encryption, but encryption might not be enough if the network is not secured.
Sensors are one of the foundational elements of IoT. They are small pieces of hardware that can detect system changes and collect and transmit huge amounts of data.
Typical IoT sensors track temperature, gas, smoke, pressure and proximity. They are embedded in the equipment to provide accurate, up-to-date information. Security risks include information leaks -- especially when sensors don't support encryption and the network isn't properly secured -- and cross-device tracking and linking.
Sensors that aren't secure can put the entire device at risk, not just the data processed by the sensors themselves. Securing IoT sensors comes with some unique challenges. Some sensors can support encryption, but some can't. Even those that do support encryption have limited processing and storage capabilities.
Options for IoT energy, smart meter security
Admins that manage IoT security must ensure data protection, secure communication, secure device startup and regular firmware updates. But how exactly admins address security concerns may change depending on the individual device.
With sensors and smart meters, consider perimeter security. Hackers can often physically access these devices and attack through communication ports. Physical proximity attacks don't necessarily require a hacker to be in the true vicinity of the device. Hackers, for example, can use drones to gain access.
Implementing core security services into the sensors is one measure against physical attacks. Use cryptography, for instance, whenever possible. In addition, restrict a sensor's OS access, especially when the sensors have known vulnerabilities or don't support encryption.
To address overall network security, focus on sensors and gateway devices. These devices aid in data collection, storage and analysis and are a crucial part of the system's function.
For a smart energy security strategy that addresses IoT's multiple layers, admins can use the following:
- Network segmentation. This is an architectural approach that separates guest and user networks. Depending on the size of the business, admins can create more granular network segments for different departments. Segmentation enables better network control and lets admins quickly identify and remedy problematic devices.
- Communications security. Most wireless protocols include some form of protection. Transport Layer Security and Datagram TLS are often preferred. Some networks use different protocols, such as Bluetooth Low Energy or Zigbee. These options do have built-in encryption, but they also have known encryption vulnerabilities. In this case, the best approach is to add encryption protocols to the application layer for an added layer of sensor and smart meter security.
- Cryptography. This technology is used in the hardware layer to ensure secure boot and firmware updates. Hash validation helps verify the updated firmware before admins install it on the device. Cryptographic hashing techniques can protect against software spoofing. Cryptography ensures that the IoT system only executes verified software.
- Access control and authentication. When used with network segmentation, access control provides a way to inspect IoT devices and isolate malware to prevent it from spreading. Smart meters, sensors and networks with access control features ensure only those with approved credentials can view and make device changes.
IT teams can use machine-to-machine (M2M) authentication at the hardware level. It can be easier to implement than other authentication methods, as it usually just requires sensors, Wi-Fi and a software layer.
M2M authentication does have drawbacks. It is currently optimized only for a few network devices, which can be a problem for enterprises that use a wide variety of devices. Interoperability between cloud and M2M devices may also be an issue, as IoT deployments can use multiple protocols and device types. As a result, this authentication method may be a large undertaking for IT admins and not realistic for every organization.