Government of Canada issues warnings about the Internet of Things Devices
I'm old enough to remember the Hippies of the 60's - although I was a bit young to really understand what was going on. It was a time when the Baby Boomers were into their teens and early 20s - and like most events in the Baby Boomers' lives, they made a big splash; some good, most bad. A popular mantra of the day was Timothy Leary's Turn On, Tune in, Drop Out - a counter-culture call-to-arms that blamed the establishment for just about everything. Another popular phrase was It's the Government, Man, a lament that excused the Baby-Boomer generation from any responsibility and blamed the government-of-the-day for all of its’ woes. The phrase is still popular today. So, before you Drop Out, here's the tie-in.
I've written about the Internet of Things (IoT) before. It's the popular adoption of SMART devices that have computer capabilities, but operate autonomously (without human interaction). There are thousands of types of these devices - from light bulbs to industrial controllers to security systems. It's expected there will be 50 billion IoT devices worldwide by 2025 - outnumbering the global population by 6 to 1. IoT devices actually have tiny computers built into them.
One of the major drawbacks to IoT devices is their inherent lack of Security. Thus, hackers can easily exploit holes in the software, to spread havoc. They can take control of the device, alter it's established function, cause physical damage to it, or gain access to the rest of the network the device is connected to; none of these are good outcomes. And once one device of a particular make and model is hacked, all of the same devices worldwide are potentially compromised. It could be millions of devices.
Our Cyber Security Supervisor, Karl Buckley, alerted us to one such potential hack of a PLC (Programmable Logic Controller), that has drawn the attention of the Canadian government. Public Safety Canada has issued a warning about a popular PLC made by Rockwell. This PLC is embedded in all sorts of industrial machinery. At one such client, the Water Treatment plant uses these controllers. I'm sure there are more in use throughout Alberta.
The full article is here, but it's not a user-friendly read unless you understand PLCs, UDP and TPC ports, and version-patching embedded firmware. However, the article - and it's warnings need to be taken seriously. I would suggest you pass the information on to anyone in your organization who is responsible for industrial maintenance. They can contact the manufacturer of their equipment to see if the Rockwell PLC is used. It could be in HVAC units, (water treatment) pumps and controllers, generators, industrial lighting systems, and many more. Fortunately, there are software fixes to mitigate the risk from this security hole.
But we need to think in the larger context of how to manage the influx of IoT devices into our homes and workplaces. These devices are coming and you won't be able to stop them. It's predicted that most devices will have some sort of technology component. In 5 years, you won't be able to buy non-SMART devices - just like it's almost impossible to buy regular incandescent light-bulbs today.
So the best approach is to plan for - and manage these devices. For your business (and related to the home), here are a few simple tips: