Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down a little more. For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure. What the ethical hackers say As digital processes become deeply embedded across every industry, it makes sense that industrial control systems were tested at this year’s Pwn2Own contest. Hackers were asked to seek out vulnerabilities in industrial software and systems. Contest winners Daan Keuper and Thijs Alkemade found that once they managed to break into the IT networks used at these companies, it was “relatively easy” to then cause havoc with systems and equipment. In part, this is because at this stage of the transformation, much of the equipment used in manufacturing wasn’t originally designed to be connected to the internet or has weak or outdated security. IT understands this, of course, which is why industrial IoT deployments tend to secure the IT networks they use, but this also means that if those networks are penetrated, much of the deployed equipment lacks additional protection. And it means that numerous potential attack surfaces exist. This is never good, but at present the threat to critical infrastructure is growing. When things go wrong In the event that security is broken, attackers may take over machinery, modify processes, or simply choose to shutter production. This can have huge consequences — on the company, its customers and partners, and across already creaking supply chains. Louis Priem, consultant at ICT Group, said, “Systems in factory environments typically run 24/7, so there is very little opportunity to patch vulnerabilities. In addition, there is a lot of legacy, as machines are purchased for the long term, and there is usually no opportunity to install antivirus applications. All these make the industrial sector vulnerable to malicious parties.” Speaking to MIT Technology Review, the Pwn2Own winners warned that security in industrial control systems is lagging behind badly. Think of how a successful attack against Target a few years ago made use of an insecure HVAC system to penetrate the corporate network, which shows the need to protect every available endpoint. These days more than ever, security lives at the edge. The writing was on the wall It’s not as if we couldn’t see problems like this coming. The evolution of industrial IoT has seen the creation of a myriad of different standards with differing security levels. This has driven many in the space (including Apple) to develop joint standards for connected devices. Matter, the consumer IoT standard that is the first fruit of that effort, should arrive this year, while the more industrial Thread standard is already seeing deployment. (I’m expecting more news regarding Matter pretty soon, potentially at WWDC.) [Also read: WWDC: Is Apple preparing to give iPad a mammoth upgrade?] “Thread is based on the universally deployed Internet Protocol version 6 (IPv6) standard, making it extremely robust. A Thread network does not rely on a central hub, such as a bridge, so there’s no single point of failure. And Thread has the ability to self-heal – if one node (or accessory in your Thread network) becomes unavailable, the data packets will select an alternate route automatically and the network simply continues to work,” Eve Systems has explained. The Apple way To some extent, one way to protect any device is to follow Apple’s core mission, which is to ensure systems do as much as possible with as little information as possible. While the effort has arguably slowed the company’s progress in AI development in comparison with more cloud-based competitors, Apple’s focus on placing intelligence at the edge is increasingly seen as appropriate. Mimic Technology and Business & Decision, for example, seem to be developing industrial IoT systems that follow a model in which intelligence sits at the edge. When combined with other emerging network technologies, such as SD-WAN or private 5G networks, placing intelligence at the edge helps secure industrial networks by helping cordon off individual endpoints. The problem, of course, is that not every connected system is smart enough to be so protected, while the different priorities of IT and operational intelligence mean attackers enjoy a luxury of potential vulnerabilities for attacks. And that’s even before dumb, short-sighted governments force sideloading and inherently insecure device security back doors onto the mobile systems and platforms we increasingly rely on to keep our connected infrastructure secure. Perhaps enterprise IoT needs to borrow a page from the Apple book and design systems that are inherently more secure than anyone thinks they need? Because it’s only a matter of time before they find that anything less won’t do. Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Mosyle and Fleet bring new device management options to Apple enterprise Apple's growing enterprise market share is generating tons of opportunity for the company's partners in the device management market. Their approaches reflect the diversity of use. By Jonny Evans May 01, 2024 4 mins Apple Mobile Device Management Mobile Security feature Apple is intensely focused on its global AI efforts When the ship that is Apple moves in any direction, you can always count on careless whispers to expose the destination. From research labs to sophisticated AI models and Apple Silicon for server farms, here's what we've learned in just one By Jonny Evans Apr 30, 2024 6 mins Apple Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe