Featured Product
This Week in Quality Digest Live
Operations Features
Emily Newton
With Industry 4.0 technology, businesses can enable new equipment testing, monitoring, and maintenance techniques
Jason Chester
Exploring essentials to manufacturers’ present and future success
MIT News
Two-part transaction would turn edX into a public benefit company while funding a nonprofit dedicated to strengthening the impact of digital learning
Bruce Hamilton
Boundaries between production, inspection, and engineering obscure opportunities for process improvement
Matt Fieldman
In addition to attraction and recruitment, U.S. manufacturers must also focus on keeping and cultivating the workers they already have

More Features

Operations News
Counters and linear gages enable real-time measurement and data management in any type of work environment
Both quality professionals and their business leaders agree that openness and communication is essential to moving forward
Voxel8 patented technology will provide printed lattice structures to be used as inserts in midsoles
JEP181 standard is ideal for emerging technologies that demand increased power dissipation density
New offering addresses cost efficiency and reliability requirements of urban security screening
Optimized operating efficiencies for more accurate flow measurement under diverse conditions
Engineered to cover the core business needs of smaller companies and projects
Purpose-built for cannabis analysis

More News

Zane Patalive

Operations

If You Connect It, Protect It!

Segregation and isolation can help us live safely, securely, and happily ever after

Published: Wednesday, October 28, 2020 - 12:02

Meet Humphrey. Humphrey is a gray squirrel that a friend of mine rescued as an abandoned baby squirrel. For weeks, my friend and his family nursed the young creature by hand. While Humphrey was growing, he became very friendly with the family members, often perching on their shoulders and snuggling in their arms for naps.

Humphrey was permitted the run of the house and had a basket for his sleeping quarters, which he often used at night. As time passed, he grew strong enough to survive on his own, and the family released him back into the wild to enjoy the life of a healthy gray squirrel. Having grown fond of his human family, Humphrey built a nest in a tree just outside their back door and still hops on laps and shoulders while the family sits together outside.

The ‘tail’ of two cities

So how does a story of a rescued squirrel connect with the timely topic of cybersecurity? There is a rampant and significant vulnerability that exists for homeowners and enterprise businesses alike, and in many ways correlates with Humphrey’s story.

In our technology-laced society, “connected things,” or the internet of things (IoT), are sprawling. The IoT moniker represents the plethora of internet-connected items that provide useful but narrowly focused benefits. An estimate from SecurityToday.com states that there will be 31 billion (with a b) IoT devices installed in 2020 and more than 75 billion connected by 2025. I know in my own house, my refrigerator and stove are both connected to the internet, as well as my home’s thermostat, doorbell, TVs, and smoke detectors. Additionally, there are “smart” coffee makers, slow cookers, light bulbs, speakers—the list goes on and on. Pretty soon, if a device plugs into the wall, it will also “plug” into the internet.

So, what is the cybersecurity concern that haunts every CIO and should also haunt every homeowner and manufacturer in our country? The reality is IoT devices are engineered to be functional, inexpensive, easy to set up and easy to use, but not necessarily secure. As a result, there is a rapidly growing installation base of questionably secured devices that are providing a heyday for hackers. The true vulnerability is not necessarily losing function of an IoT device to a hacker, but rather offering a hacker backdoor access into a corporate or home network and potentially exposing valuable data for theft or destruction. This is how Target was hacked in 2013, resulting in more $200 million in losses for the company.

This is nuts!

Stop and consider the valuable data that live on your home or business’s network. If a hacker were to infiltrate your environment and launch a ransomware attack, removing your access to all of this information, would you be able to recover without paying the ransom? Making matters worse, what if the hacker first destroyed your backups prior to launching the ransomware attack?  Do you have offline data backups that you could use for recovery? We could stop here and write an exposé on the need to implement a resilient backup solution, but that is for another day.

Reflecting on Humphrey’s rescue, we don’t need to pause too long to recognize the risks of handling a wild animal. Although Humphrey is cuter than cute, he also has sharp nails, sharp teeth, and powerful jaws. If we were to focus only on the beauty of the animal but fail to take reasonable safety precautions, a trip to the emergency room would not be unexpected. Similarly, with our IoT devices, if we focus only on their functionality but ignore their inherent security risks, we are simply in the queue, waiting for our data and systems to be victimized.

Squirrel cage

To protect our sensitive data from hackers, we need to reconfigure our networks so that we can enjoy the functional benefits of our IoT devices while maintaining separation from our valuable data systems. The networking terms for this are segregation and isolation.

Reflecting back on Humphrey’s situation, he fortunately never bit or scratched his rescuers to the degree they had to seek medical attention, but if he was protected by using a cage during the day, his own safety would have been ensured as well as reducing the risk of harm to the humans. Similarly, with our IoT devices, we need to consider putting our valuable assets in a “cage” in order to protect them from a possibly hacked IoT device. Additionally, because numerous IoT devices typically coexist on a network, we may also want to isolate each IoT device into its own cages to prevent a hacker from being able to continue their hack once they penetrate one device.

Stay in your lane

Be it a small home network or a large corporate network, segregation and isolation is a fairly easy solution to implement, although it does take planning and requires capable hardware. Numerous guides are available on the internet to give specific instructions on how to segregate and isolate devices on specific pieces of hardware—firewalls, switches, and wireless controllers—but we will only address this conceptually.

Segregation allows our IoT devices to operate on our network and connect to the internet, but then limits their ability to “talk” to other internal network devices. This solution effectively places a firewall between each IoT device, which allows a network administrator to specifically limit the connections permitted from that device to other devices. Using segregation and isolation, if an individual IoT device was compromised, the hacker would be isolated from the rest of the components in the network.

Acorns and twigs

Just as squirrels use native building supplies for their nests, segregation and isolation also use their own unique set of configuration tools and settings. Most home and small office wireless routers have the ability to create an additional guest wireless network that is separated from the full-access, primary wireless network. Guest settings are a preconfigured segregation solution offered in many routers that will only permit connected systems to access the internet and will prevent them from connecting to devices on the other networks, wired or wireless. Additionally, some routers will also offer isolation, which will prevent these devices from being able to see any other device connected to the guest wireless network. Consider connecting noncritical IoT devices to the guest network to implement segregation. For enterprise networks, segmentation is accomplished with virtual local area networks (VLANs), routing rules, and access rules, which provide an enhanced level of customized protections.

IoT devices generally do not allow access to their built-in management tools, so we largely are unable to perform simple security functions on them, such as changing default user names and passwords. As such, separation is our primary tool for securing these devices within our networks.

As we seek to live in harmony with a “friendly” wild animal, be it Humphrey or our beloved IoT devices, implementing sensible safety protocols will help us all to live safely, securely, and happily ever after.

First published Oct. 6, 2020, on the NIST Manufacturing Innovation Blog.

 

Discuss

About The Author

Zane Patalive’s picture

Zane Patalive

Zane Patalive is a founding partner at Real IT Care and regularly works with PA MEP’s small and medium-sized manufacturing clients to identify and implement technology and cybersecurity solutions. PA MEP is part of the MEP National Network.