Wondering where Sub U Systems is exhibiting, who is talking about us, and what we are up to?

What Stuxnet Can Teach Us About IoT Security

In June 2010, a client contacted their malware detection firm to find out why their machines were constantly rebooting. This company, headquartered in Belarus, identified the root cause as a piece of malware that masqueraded behind what appeared to be a valid digital certificate from a trusted vendor.

This was the first confirmed detection of the Stuxnet virus by anyone in the antivirus community and it took some time before the breadth of Stuxnet’s capabilities became known.

By the time the digital taxonomy of Struxnet had been established, the worm had already wrought havoc within Iranian nuclear facilities, slowly (even insidiously) sabotaging centrifuges and ultimately the entire Natanz nuclear plant.

Zero Days Movie Poster

Credit: Magnolia Pictures

The whole affair makes for a compelling story, even being made into an award-winning documentary.

Stuxnet should be the bellwether for anyone who relies on Internet of Things (IoT) technologies to support infrastructure or other large-scale networking applications. If a program like Stuxnet can shut down a nuclear plant, imagine what a similar worm could do to a public electrical grid or a seaborne drilling platform. The consequences could be disastrous.

What This Means for IoT Security

Shared Assessments recently published a paper that shows just how vulnerable many businesses are to a third-party intrusion that relies on poorly protected IoT channels as an entry point.

According the research, companies are relying on “legacy technologies and governance practices to address potential threat vectors, with 94 percent indicating they still use a traditional network firewall to mitigate threats. Such risks include the ability of criminals to harness IoT devices, botnets to attack infrastructure and launch points for malware propagation, SPAM, DDoS attacks and anonymizing malicious activities.”

It’s not ignorance of the dangers of insecure IoT networks that is hamstringing efforts to combat these intrusions. The study also found:

  • 78 percent believe loss or theft of data could be caused by IoT.
  • 76 percent think a cyber-attack could be executed through IoT.
  • 69 percent of risk managers don’t regularly report to the C-Suite and Board the effectiveness or maturity of third-party risk oversight programs.

As dire as all of this sounds, IT professionals are at least acknowledging these shortcomings with two-thirds saying that a “new approach” is needed for IT departments who rely on IoT technology.

If you’re an IT manager looking to mitigate third-party threats to IoT access points, Sub U Systems is that “new approach.” We offer enterprise-level information security solutions no matter where you do business. Contact us today to discuss how our customized IoT networking devices can safeguard your networks.