https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Image shows programming source code.

Cybersecurity Professionals Fear Critical Infrastructure Hacks

The health care, water and wastewater, and energy sectors are likely hacking targets according to a Pwnie Express survey of cybersecurity professionals.
  • Written by Brian Buntz
  • 17th May 2018

Cybercriminals have been ramping up attacks on industrial systems in recent years, but to date, most countries haven’t seen a significant attack on their critical infrastructure. That may change in years to come, based on results from a recent survey from cybersecurity firm Pwnie Express. A full 85 percent of the respondents expected such an attack to hit their nation in the next five years. “The interesting part here is that we found a level of concern extending across categories,” said Todd DeSisto, Pwnie Express chief executive officer, referring to the 16 critical infrastructure sectors defined by the U.S. government. Of those categories, respondents pegged health care, water and wastewater treatment facilities, and the energy sectors as the least prepared for cyberattacks.

The survey, which polled 582 cybersecurity professionals from across the world, also revealed a persistent gap between awareness of the IoT cybersecurity problem versus action to address it. The research found organizations are more than twice as likely to have a security policy for traditional IT devices like PCs and smartphones than they are for IoT technology. Fewer than 50 percent of security professionals were involved in the purchasing approval devices for building-level IoT devices such as connected HVAC systems, industrial IoT devices or consumer-grade IoT products.

DeSisto said this year’s findings were the scariest yet in the firm’s fourth annual “Internet of Evil Things” research series. He sees a growing IoT cybersecurity awareness among cybersecurity professionals, but many are still struggling to translate that concern into action. “But people are struggling with what to do. I think it is because of the complexity of the problem,” DeSisto said. “It is almost like an algebra equation with too many variables in it. You have to take some of the variables out of the equation to be able to solve that complexity.”

In the traditional IT security landscape endpoints were constrained to fairly standardized devices such as PC workstations, laptops and smartphones with a typical life span of a few years. With IoT, on the other hand, deployments tend to vary considerably, extend across an array of application areas and often have connected endpoints that are in use for decades. “With IoT, the environments are in the wild. You could have an oil rig in the middle of the Bering Sea that is now susceptible to nation-state hackers,” DeSisto said. To cite another example, the health care example must contend with the risk of breach to connected medical devices that could include everything from pacemakers to infusion pumps to MRI machines. “Technologies like medical devices are new attack surfaces that, a lot of times, the guys in IT security aren’t thinking about,” DeSisto noted.

The uptick in hacking from nation-state actors is another troubling recent trend. “Critical infrastructure is pretty ripe for them,” DeSisto, pointing to the disruption that last year’s WannaCry ransomware attack did to UK’s National Health Service — especially in England and Scotland — as an example.

Also worrying is the recent uptick on industrial targets and SCADA systems used in industrial and critical infrastructure applications. Cybersecurity researchers recently unveiled a type of malware known as Triton or Trisis that targets Triconex safety instrumented systems from Schneider Electric. Triconex is frequently used in oil-and-gas facilities, nuclear sites and other sensitive infrastructure. “The Triton attack on Schneider is interesting in that it targeted a safety system and sought to disable that,” DeSisto said. This is a markedly different type of attack that does more than attempt to steal sensitive data or extort money from its victims. And based on the recent Pwnie Express survey data, this type of an attack could be a preview of future attacks targeting critical infrastructure. “An attack like that can do more than cost you money or grab your attention,” DeSisto said. “It certainly would indicate that whoever was behind it was looking to do real harm.”

Tags: Article Security Technologies News

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Black Hat 2022: Sophisticated Cybercriminals, Increased Ransoms
  • Black Hat 2022: Adapting to the Growing Cyberthreat Landscape
  • Security: The Hidden Risks of Connected Devices
  • Northrop Grumman Harnesses IoT for New Missile Integration Facility 

Roundups

View all

IoT Product Roundup: Verizon, Microshare, SmartCow and More

15th August 2022

IoT Deals & Partnerships Roundup: Nokia, Accenture and More

29th July 2022

IoT Deals & Partnerships Roundup: Nokia, SoftBank, Microsoft and More

15th July 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Events

View all

IoT World Expo Austin

2nd November 2022 - 3rd November 2022

Latest Videos

View all
Image shows a road within the Curiosity Lab at Peachtree Corners

Brandon Branham, Peachtree Corners, on Smart Cities

Peachtree Corners CTO and assistant city manager chats with IoT World Today’s Chuck Martin about what’s happening at Curiosity Labs

Image shows a Beep electric autonomous shuttle

Joe Moye, Beep, on Self-Driving Shuttles

Beep’s CEO chatted with IoT World Today’s Chuck Martin about the deployment of the company’s electric autonomous shuttles

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Building trust for a connected world

25th August 2022

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Special Reports

View all

Security: The Hidden Risks of Connected Devices

11th August 2022

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

🎉SPEAKER ANNOUNCEMENT ALERT!🎉 Brandon Satrom, the VP of experience engineering at @blueswireless, will speak at… twitter.com/i/web/status/1…

17th August 2022
IoTWorldToday, IoTWorldSeries

Meet business-wide goals with Equipment as a Service dlvr.it/SWn1g0 https://t.co/Ya1F8QUhpw

17th August 2022
IoTWorldToday, IoTWorldSeries

Smart Shopping Cart Startup Raises $35M dlvr.it/SWmd0Q https://t.co/qIAhJNfvDG

17th August 2022
IoTWorldToday, IoTWorldSeries

The Forrester Total Economic Impact of Lightbend Akka Platform dlvr.it/SWmcFd https://t.co/L9JSOlkiOr

17th August 2022
IoTWorldToday, IoTWorldSeries

Semtech Acquires Sierra Wireless for $1.2 Billion dlvr.it/SWmXWz https://t.co/oa2WgxyZyI

17th August 2022
IoTWorldToday, IoTWorldSeries

Robotaxi via Lyft App Launched in Las Vegas dlvr.it/SWmXT0 https://t.co/2i9bNaWRwG

17th August 2022
IoTWorldToday, IoTWorldSeries

Smart Cities Featured at IoT World in Austin dlvr.it/SWmVt7 https://t.co/I7jdnEI89w

17th August 2022
IoTWorldToday, IoTWorldSeries

📣 Join us on August 18th to explore how MQTT has been helping system integrators to overcome the challenges of hybr… twitter.com/i/web/status/1…

16th August 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X