What Stuxnet Can Teach Us About IoT Security

In June 2010, a client contacted their malware detection firm to find out why their machines were constantly rebooting. This company, headquartered in Belarus, identified the root cause as a piece of malware that masqueraded behind what appeared to be a valid digital certificate from a trusted vendor.

This was the first confirmed detection of the Stuxnet virus by anyone in the antivirus community and it took some time before the breadth of Stuxnet’s capabilities became known.

By the time the digital taxonomy of Struxnet had been established, the worm had already wrought havoc within Iranian nuclear facilities, slowly (even insidiously) sabotaging centrifuges and ultimately the entire Natanz nuclear plant.

Zero Days Movie Poster
Credit: Magnolia Pictures

The whole affair makes for a compelling story, even being made into an award-winning documentary.

Stuxnet should be the bellwether for anyone who relies on Internet of Things (IoT) technologies to support infrastructure or other large-scale networking applications. If a program like Stuxnet can shut down a nuclear plant, imagine what a similar worm could do to a public electrical grid or a seaborne drilling platform. The consequences could be disastrous.

What This Means for IoT Security

Shared Assessments recently published a paper that shows just how vulnerable many businesses are to a third-party intrusion that relies on poorly protected IoT channels as an entry point.

According the research, companies are relying on “legacy technologies and governance practices to address potential threat vectors, with 94 percent indicating they still use a traditional network firewall to mitigate threats. Such risks include the ability of criminals to harness IoT devices, botnets to attack infrastructure and launch points for malware propagation, SPAM, DDoS attacks and anonymizing malicious activities.”

It’s not ignorance of the dangers of insecure IoT networks that is hamstringing efforts to combat these intrusions. The study also found:

  • 78 percent believe loss or theft of data could be caused by IoT.
  • 76 percent think a cyber-attack could be executed through IoT.
  • 69 percent of risk managers don’t regularly report to the C-Suite and Board the effectiveness or maturity of third-party risk oversight programs.

As dire as all of this sounds, IT professionals are at least acknowledging these shortcomings with two-thirds saying that a “new approach” is needed for IT departments who rely on IoT technology.

If you’re an IT manager looking to mitigate third-party threats to IoT access points, Sub U Systems is that “new approach.” We offer enterprise-level information security solutions no matter where you do business. Contact us today to discuss how our customized IoT networking devices can safeguard your networks.

Share on facebook
Share on Facebook
Share on linkedin
Share on Linkedin

About SUB-U

The Sub U Systems (formerly IAS) team draws on decades of secure communications industry tenure. We have deep working knowledge of legacy Type 1 NSA Certified deployable communications solutions technology, and we are experts in the design and use of Commercial Solutions for Classified solutions.  

Get SUB-U's latest news, events & updates in your inbox!

Contact Us

Call us at 202-640-2623 to get a custom quote or fill out this form and we will get in touch with you.