As if rogue governments, Anonymous vigilantes and international terrorists didn’t pose enough of a cyber-security threat, it seems the humble fridge may be placed on the watch list if the Internet of Things takes hold in the energy industry.
That’s the stark, if somewhat bizarre, scenario highlighted by a leading cyber security expert Professor Chrisina Jayne, head of Robert Gordon University’s School of Computing Science.
The Internet of Things (IoT), promises a new era of efficiency and technological benefits by controlling operational equipment, drones and even household appliances such as refrigerators and toasters, through the Internet.
IoT is said to represent the next evolution of the Internet, taking a massive step forward in its ability to gather, analyse and distribute data that can then be used for information and knowledge.
Prof Jayne warned organisations must start thinking about potential cyber security attacks for a technology that is still in its infancy.
“Like almost any technology, it serves to bring tremendous advantages, but also brings with it new risks and unforeseen problems that will have to be addressed,” she said.
“IoT is still developing, but it is predicted there will be more than 25 billion devices connected to the Internet by 2020.”
Security firm Kaspersky has criticised the array of opportunities for those with malevolent intent to hack into systems.Last year they cited examples of car washes and police surveillance systems being hacked and controlled remotely.
Kaspersky’s Alex Drozhzhin, said: “Things get even worse when it comes to the users of connected devices. They don’t bother with security at all. For an average user, a connected microwave is still just a microwave. A user would never imagine it is a fully-equipped connected computer which has means of influencing the physical world.
“For users, our advice is limiting the use of way-too-smart connected tech.”
In oil and gas, IoT is seen as a means of integrating, sensing, communications and analytics capabilities to deliver greater efficiency in an era where streamlining, cost reduction and collaboration are a focus for industry leaders.
Prof Jayne took part in an international conference last month in Amsterdam highlighting how oil companies can better protect themselves against cyber threats.
She joined speakers from Statoil, Total and the Industrial Cyber Security Centre for a presentation on the security challenges posed by IoT.
Senior oil and gas managers met with academics, technical experts and civil servants to exchange knowledge, challenges and best practice.
“It is logical that increased connectivity leads to increased risks. In the energy sector there are increasing concerns that operational technology – the equipment used to control delivery systems, pipelines for example could be targeted,” said Prof Jayne.
“Most cyber attacks to date have targeted software systems, but many people are looking at the threat posed to infrastructure and operational systems.
“A lot of oil and gas equipment is proprietary, but there will be greater standardisation as it becomes more connected.
“IoT is still in its early stages but people at a very high management level are giving considerable thought to how it will affect their business.”
Open industrial control systems (ICS), often used by industry to improve efficiency and streamline operations, have already provided hackers access to “back doors” to exploit weaknesses in the systems.
While IoT is still in the realm of “potential threat”, the most clear and present danger comes from the human factors, explained Prof Jayne.
“Oil and gas engineers are not trained in cyber security and cyber security specialists don’t know a lot about oil and gas. There is a skills gap. Understanding and training is the big challenge. Even home users should know much more about basic security – particularly as IoT means devices become ever more connected.”
Because home appliance firewalls are relatively easy to bypass, they are attractive to cyber criminals for use as “botnets” for denial of service attacks, .
“The challenge for everyone involved in cyber security is that we are involved in an evolving battle and it is never-ending. Technology never sits still,” said Prof Jayne.
“85% of cyber attacks can be avoided by small measures and simple housekeeping such as logging out after using your computer and not opening suspicious attachments. Most people know this, but that doesn’t mean they follow best practice. Most attacks are at the nuisance level rather than mission critical. Unfortunately, it’s a matter of when not we are going to see something dramatic.”