An excerpt from our latest whitepaper, “Proactive Fraud Prevention for Industrial IoT”
Throughout the history of computing, a clear pattern has emerged of malign activity that exploits standards and norms, appearing almost as soon as the technology in question reaches critical mass. As soon as people had PC’s and started copying games on floppy disks, malign viral code started proliferating. The invention of internet bulletin boards turned virus management from an obscure problem into a major industry. Fraudulent internet advertising costs are measured in billions per year.
VoltDB Knows Fraud Prevention
The telco industry, especially, has a long history of battling fraud, which accelerated rapidly as digital services took over from analog. It offers some valuable lessons that can be immediately applied to the prevention of IIoT fraud.
While standards and protocols are developed by standard bodies such as 3GPP for conducting standard business interactions between systems, the dynamic nature of fraud means there are no standards or protocols for addressing fraudulent behavior. The industry was simply not prepared for the lengths that fraudsters would go to in order to make money. Every industry experiences this and IIoT is not going to be any different.
So, if we look at the evolution of telco technology…
- Specialized ‘firmware’ equipment gave way to commoditized equipment.
- The specialty function is now software-enabled defined (virtualization, containerization, etc.).
- Intelligence is now within the software, making it more nimble and agile for faster updates and patches.
- While becoming software-enabled means the system is more prone to malicious attacks, it also means that it can be modified to address these threats in addition to satisfying the normal functional requirements.
…we can see the same progression in IIoT
- Specialized (and expensive) devices are giving way to commoditized sensors.
- Online articles predict that we will likely see <$6 devices by 2022.
- As with telco, the reason for this shift is that intelligence is moving from the device firmware into the controlling software. In other words, IIoT devices are becoming dumber in themselves, and depending on cloud interaction to provide intelligence. This creates the same vulnerabilities we have seen elsewhere.
While we are culturally predisposed to think of computer crime as the work of individual actors, the reality is that sophisticated ecosystems appear over time as unauthorized access becomes commoditized. The internet has ‘botnets for hire’, which give you wholesale access to other people’s compromised devices. Telco has a well-developed ecosystem for ‘SIM boxing’, which allows you to bypass international call costs. Because of the amount of money involved, and difficulty in obtaining prosecutions, the involvement of professional criminals is inevitable.
Given this trajectory, it would be naive to assume that there is no requirement for high level, automated, real-time oversight of IIoT networks. If history is a guide, we can expect to see dedicated businesses emerge whose goal is to secure the IIoT. Security will undeniably become a significant part of the total cost of ownership.
Download our latest whitepaper to discover the four essential capabilities to successfully prevent Industry 4.0 from becoming Intrusion 4.0.