Could industrial IoT devices be part of a DDoS attack?
It depends, but: yes, it could. In the light of current events, I was asked if IoT DDoS attacks, such as the latest on DynDNS end of October, could also involve devices of industrial manufacturers.
First of all, not every industrial device is connected to the internet. Some aren’t connected at all and most are connected to isolated networks, which have no connection to the internet for security reasons.
Now, questions might arise if it is really a good idea to connect every possible device, as industry 4.0 companies propagate. We don’t have to stop this industrial revolution. However, the recent events show that connectivity is not as trivial as some companies think. We should question if the planned way of connectivity for our industrial devices is really the most secure one. Lots of industry 4.0 projects pay little attention to the connectivity at all. „Connecting the devices“ is a task that should be accomplished along the way, but the focus lies more on tasks which seem to be more relevant for the aspired business case, or at least its visible parts, such as a great monitoring dashboard.
I would like to raise awareness. We neither want to get DDoS’ by our toaster, nor by an elevator or by manufacturing robots. Therefore, I claim „Connectivity first“. The industry 4.0 revolution uses well-tested technology, which has been used for a while in other industries. Security is not a lack of tooling. It’s a lack of priority. Don’t take the cheapest available student and let him configure the cheapest Raspberry Pi with copy and paste software he found on Google. Don’t be satisfied as soon as you have a somewhat working solution and spare the time for security architecture. Don’t assume that network ports don’t have to be secured when you are only opening them within your intranet. Don’t even dare to assume that IP addresses are cryptic enough to act as a security feature. Don’t trust every teenage open source snippet. Don’t use default configurations for databases, MQTT brokers, even popular NodeRed, which usually allow full anonymous access. Don’t expose unsecured, legacy protocols like ModBus to the open internet. We’ve seen all of that in production.
The mechanism to prevent DDoS attacks are well known and tested by the web industry. Examples:
Traffic redirection into a blackhole
Intrusion prevention systems (IPS) to identify attacks with signatures
DDoS defense system (DDS) to block connection-based DDoS attacks
Firewall to block incoming traffic from attackers based on protocol, port or IP address
Routers & Switches with rate-limitation and Access Control Layer
Upstream traffic filtering via Proxy
While all of that is a hassle for you, a bunch of stones on your road, we at Cybus have decided to make this our core competence. If you want to make sure that your industrial devices are not part of the next IoT DDoS attack without missing the upcoming industrial revolution, then check out our middleware solution, which provides security and access control on data point level.
Michael Kühne-Schlinkert is Head of Development at Cybus, working on the Connectware to make it secure and reliable for the industry. Previously, he worked as an independent API specialist for many years on API design, software architecture, authorization standards, development processes and the implementation itself.