Data security is an ongoing issue as more manufacturers embrace digital technologies. And, unfortunately, the threat landscape continues to intensify as wireless environments become the new norm.
Simply put, the corporate airspace is under attack with foreign governments, competitors and cyber criminals conducting radio field (RF) attacks using cell phones, Bluetooth Low Energy accessories and radio-controlled lights to gain access to company secrets.
Should manufacturers be concerned about RF espionage?
Absolutely! A quick look at the stats, shows that not only is the threat real, its significant. And, the number of radio-enabled devices operating within today’s manufacturing environments only continues to multiple. According to a recent report by Statista, there will be 75.44 billion worldwide Internet of Things (IoT) devices in operation by 2025.And unfortunately, according to a recent Forrester report, 84 percent of IoT devices are more vulnerable than corporate-managed computers.Given the gravity of these stats, it’s a growing concern for enterprises, but the concern still lags behind the threat, explains Chris Risley, CEO at Bastille. “However, in government, they’ve already accepted the threat of RF espionage and they want to know every transmitting device in the facility and what that device is doing,” he says. “Government facilities with valuable secrets have policies to exclude RF devices to keep the threats at bay.”
According to Risley, adding to the problem, “IoT is spawning 100 new radio protocols, each optimized to maximize battery life for the device which uses the protocol,” he says. “With billions of devices using protocols which have not yet been battle-tested, security, vulnerabilities are going to become huge issues.”
What do manufacturers need to know?
Manufacturers are already tremendously reliant on wireless protocols: BlueTooth, WiFi, Bluetooth Low Energy, Zigbee, Z-Wave, etc. The more modern the factory and its robots, the more radios the company will depend on.
“Unfortunately, most manufacturers have no idea what’s going on in their radio space. Most assume that all radio traffic is encrypted. We almost never see a factory where some of the radio protocols are not running in the clear (unencrypted),” he says. “That means that not only can an RF attacker listen to your traffic, they can also send their own instructions to cause you equipment to misbehave. The range of a radio attack is easily a mile, limited only by how much the attacker is prepared to spend on antennas and amps.”
The key to protecting access is to first find out what devices are operating in their radio space and whether that traffic is encrypted on not. After all, manufacturers need to be able to detect and accurately locate all the individual cellular devices in addition to providing accurate locations for the more common Wi-Fi, Zigbee, Bluetooth, BLE based devices.