The introduction of Industrial Internet of Things (IIoT) is driving a convergence of Information Technology (IT) and Operational Technology (OT) systems across the world of critical infrastructure. This industrial transformation creates amazing advances in improving operational efficiency and productivity, enhancing worker safety, reducing downtime and creating new business opportunities that benefit society and reduce our impact on the planet.
However, as the world becomes more connected and driven by smart devices and sensors, critical infrastructure grows as a target for the most sophisticated attackers threatening the very core of the infrastructure the world relies on. Safety, reliability, privacy, and resiliency must be at the forefront when securing these systems.
This interconnectivity poses unique challenges as legacy systems that were not designed to be connected can be difficult to replace and at times impossible to patch. Understanding how to build best-in-class defensive layers that can effectively protect the infrastructure in place requires a deep understanding beyond just the latest threats. It’s crucial to understand the nature of these legacy systems, to keep up with the rate of innovation, know how to breach them, and have deep knowledge on the impact to the physical world if breached.
Our team of industrial control security experts have vast experience across all facets of the cyber security and cyber physical worlds of critical infrastructure. Their work plays a key role in defining industry standards and best practices such as NIST 800-53 and 800-37, and they are entrenched with organizations such as the Process Control Security Forum, the Industrial Internet Consortium, SANS, and ISA.
Our experience allows us to perform efficient, thorough assessments and deliver critical, strategic counsel on the means to strengthen and maintain secure, functioning, and resilient critical infrastructure. Experience is critical to success, especially when working in ICS environments where interruptions of service are both costly and dangerous to physical and environmental safety.
IOActive’s work is fueled by in-depth research. Our team was at the forefront of the space when we developed the first proof of concept worm against the smart grid in 2009. Recently, IOActive researchers discovered a common weakness involving the key distribution solution in all wireless devices developed over the past few years by three leading industrial wireless automation solution providers. These systems are widely used by asset owners in energy, oil, water, nuclear, natural gas, and refined petroleum companies. We demonstrated how a memory corruption bug could be exploited remotely through wireless communication to disable all the sensor nodes, having potentially catastrophic consequences.