Industrial IoT: Security risk firmware gap

IoT in der Industrie: Firmware-Lücken sind ein unkalkulierbares Risiko. Bild: IoT Inspector

Industrial IoT: Security risk firmware gap

According to a market study by IoT Analytics, global spending on Industrial Internet of Things platforms for the manufacturing industry will increase significantly: 24% growth is expected in 2021, and 26.7% in subsequent years. In 2020, a total of $128.9 billion was spent on IIoT equipment. “With the investments, the risk also potentiates – because unlike PCs in the network, IIoT devices are implemented with significantly less risk awareness,” explains Florian Lukavsky, IoT expert and managing director of IoT Inspector. The security company examines the firmware of IoT devices. In random samples, the company has found serious security vulnerabilities in nine out of ten devices – ranging from routers to printers and also production machines that are integrated into manufacturing facilities.

Computer worm Stuxnet was a start

The Stuxnet worm has been known since 2010, and at that time already attacked several industrial plants worldwide. Among them was the Iranian nuclear power plant Bushehr. It was not until July 2021 that another, undefined incident occurred there – the power plant then went offline. According to its own information, IoT Inspector has a platform for the in-depth examination of factory-installed device software, the firmware, for security vulnerabilities. A common problem here is that production computers and other IoT devices often contain OEM technology from numerous third-party manufacturers. This means that the security gap is often hidden and almost invisible to the company’s own IT department – as long as no deep firmware analysis is carried out, the company explains.

VDMA: Downtime threatens existence

Production plants can easily come to a complete standstill for four to six weeks due to a hacker attack via the firmware vulnerabilities. “With all the knock-on effects, this can take up to three quarters of a year – in the end, the company will no longer look the same as before,” says Steffen Zimmermann of the VDMA (German Engineering Federation). Ultimately, this means that a hacker attack poses an existential threat to a company. If the infection is introduced via a firmware vulnerability, the entire network must be shut down. This means that not only production but also administration is incapable of acting. Often, not even the customers can be informed – as access to CRM and ERP systems is also denied. Further digitalisation in the course of Industry 4.0 can therefore only take place if IT security is an integral part – and that already from the planning stage of industrial plants.

Source and image: