By Adam Weinberg
Digital transformation allows utilities to go from data drought (and actual drought) to a deluge of efficiency, but security is paramount.
Cellular Internet of Things (IoT) devices are an integral part of helping water utilities optimize their operations and lower costs. Using connected technology, companies can monitor water meters from a distance, remotely manage water supply facilities, and get a clearer picture of wastewater treatment processes. This reduces the amount of labor required and allows for better crisis preparation.
Currently, the cost of wasted water amounts to $39 billion a year,1 financially burdening countless businesses and systems. Through the use of connected cellular IoT devices, fresh water and wastewater will be better managed at a lower cost while gathering more useful data than ever.
IoT Cellular Security Risks
It’s a double-edged sword when implementing IoT cellular connectivity in water utilities. The benefits are enormous, but the risk remains high — a threat actor may gain access to the IoT cellular devices for a range of nefarious purposes. For example, once a hacker gains control, data on that IoT cellular device can be compromised, as well as the entire network itself.
Vulnerable IoT cellular devices may also enable an attack where homes, businesses, schools, and farms may be left without clean running water — or untreated waste can be released directly into the living water system. Therefore, taking security measures is a necessity when it comes to connected devices.
Maintaining Continuous Service Availability
The main challenge for any critical infrastructure organization is to ensure continuous service, with the goal of mitigating the threat of disruption as much as possible. Network attacks come in all shapes and sizes, and IoT cellular security systems need to be prepared to fight off these strikes.
Threat actors are seeking to exploit unsecured networks. They may drain batteries on the IoT cellular devices in a malicious act, override passwords and security, or use the IoT cellular devices as a gateway to steal sensitive information.
Here are a few examples of IoT cellular network-based attacks:
- Denial of service (DoS) and distributed denial of service (DDoS) attacks. These attacks aim to disrupt the service of a host connected to a network by making a machine or resource unavailable. They come in two “flavors” — targeted and nontargeted. Targeted attacks focus on disrupting the service of one device within the network, whereas nontargeted attacks aim to attack the entire network. The goal of the attack is to shut down a network and make it inaccessible.
- Service DoS attacks. These attacks are similar to the other DoS attacks but focus on disabling service — such as access to clean water. A service DoS attack may disable the logging service of the IoT cellular device while making no change to functionality, allowing the same device to be used later as part of a multilayered attack.
- Location tracking. While these attacks may not pose a direct threat, they can lead to the leak of vital geographical information and can be used to execute wide-scale and devastating attacks on physical pieces of machinery.
- Functionality attacks. Threat actors gain access to control functions by exploiting loopholes in the networks or IoT cellular devices directly. Once they are “in,” they can interfere with operations, implement DoS or DDoS attacks, or use the IoT cellular devices to spread botnets.
- Data channel rerouting. In these attacks, hackers modify the data path coming to and from the device, allowing them to interfere with the data. They often alter the access point name (APN) registered on the device; the APN defines the gateway from the IoT cellular network to the internet. They may also change the domain name server (DNS) to control the IP address for the APN.
The protection of IoT cellular devices must focus on strategic planning at the foundation level. Connectivity has to be implemented in a way that allows the IoT cellular device to be resilient to a network-based attack or breach.
Water utilities can protect themselves from attacks by using a connectivity management platform that can automatically monitor, alert, and detect suspicious activity within the IoT cellular network or using on-device SIM applets, which have a security program directly on the SIM cards.
Attack preparation needs to occur on the company management level, as well. Clearly defined roles and responsibilities must be assigned before anything ever occurs, so the organization is prepared to handle these challenges. Most notably, security personnel must ensure all risks are addressed and prepared for. The top management teams within the water organization must verify that each security risk is analyzed, and that each person is assigned a specific role and knows exactly what must be done in the case of an attack.
When choosing their IoT cellular connectivity and security management platform, water utilities need to make sure it meets all the required standards and enables them to gain full control over their IoT cellular devices. The right technology ensures function and protection simultaneously.
A unified platform lets companies manage their devices as a group. This provides simultaneous control of millions of devices, saving costs, time, personnel, and other resources, allowing the facility management team to focus on all their other critical duties.
With the right solution, water utilities can continue to leverage smart devices to improve the efficiency and operation of water services while ensuring security protection against all types of IoT cellular attacks.
The best of both worlds? Combine a connectivity management system that gives full control over its IoT cellular connected devices with a built-in, comprehensive security solution to ensure ongoing operation.
About The Author
Adam Weinberg, cofounder and CTO of FirstPoint Mobile Guard (www.firstpoint-mg.com), applies his extensive executive R&D experience in communications intelligence and cyber technologies in shaping FirstPoint solutions, which streamline management and security of any IoT cellular device.