The energy sector is one of the key infrastructure sectors and certainly a highlight of the IoT vision, for example, the SmartGrid. As such it’s a key target for attack since significant disruption of service has large economic effects (possibly strategic as well.) Unfortunately, it’s a very vulnerable sector since many of the existing systems are exploitable and it doesn’t seem that company executives are taking the problems seriously.
Complacency a key issue
Executive complacency is probably the key issue in IoT and specifically energy sector manufactures. With a startling 88% of companies lacking confidence that their shipping devices are configured appropriated for secure operation.
The energy sector is particularly vulnerable via many of the same vectors that other industrial control systems are with possible higher impact given the targets. These include:
- Unauthorized access and exploitation of Internet facing interfaces
- Exploitation of vulnerabilities in control system devices and software
- Malware infections control system networks
- SQL injection via exploitation of web application vulnerabilities
- Network scanning and probing
- Targeted spear-phishing campaigns (specialized phishing campaigns targeted at employees and known targets.)
- Strategic web site compromises
What needs to be done
A Four-Step Guide to Security Assurance for IoT Devices