The Internet of Things (IoT) is becoming increasingly popular within utilities. Connected technologies streamline operations, reduce costs, and improve customer service. Smart meters can keep the utility and consumer more aware of actual power usage; distribution sites can be more easily monitored; and utility companies have greater access to valuable data.
According to a Future Market Insights report, the IoT in utilities market is expected to be valued at nearly US$ 42 billion this year. Many governments are working to reduce carbon footprints, and the United States alone has allocated US$ 500 billion to building IoT-friendly infrastructures that will significantly reduce carbon footprints.
It’s Not Risk Free
Leveraging IoT for transmission and distribution comes with a host of advantages, but it also presents a unique set of risks - most notably, cyber attacks. Insecure networks by their nature give threat actors many more channels by which to attack. Because of this, choosing the right IoT management, connectivity, and security system is vital when expanding IoT operations.
How to Choose the Right Connectivity Technology for Your IoT Deployment
You can select from several connectivity technologies — Wi-Fi, LoRanWan, and cellular, to name a few. While each connectivity technology has its own advantages, cellular connectivity is regarded as the most secure. Additionally, cellular connectivity is very reliable and allows low-power, wide-area coverage, which is ideal for utility companies moving small amounts of data periodically.
Once they choose cellular as the connectivity technology, utility organizations still need to decide whether they will be using public or private cellular networks.
Public networks are administered by mobile network operators. A utility organization using a public network, can gain more control over the connectivity of its devices, by renting the lines itself and, in essence, become a virtual mobile network operator, with full control over all the devices within its network. Utility organizations using a public network can also choose to use multiple network operators, as long as they have an effective management system in place to ensure seamless control and administration.
Private networks on the other end ensure a higher level of grid security via controlled access to the network and be free of service fees since the network is privately owned, however, they are location specific.
Utility organizations may choose a combination of public and private networks – using public networks for more commonly distributed technologies such as smart power meters and implementing a private network for site-specific IoT cellular administration and security, such as at a generating station.
Inherent Risks when Using IoT Cellular Security Devices
While cellular connectivity is the most secure option, it is not risk free. Some threat actors seek access to the IoT cellular devices within critical infrastructure. They can simply be “mischievous” and drain batteries on the IoT cellular devices; they may enter the smart meters to steal customers’ personal data for identity theft; they can cause wide-scale blackouts to use as cover for physical theft and property damage; they can use their IoT cellular access to inject ransomware to try to get the utility organization to hand over millions.
As with standard cyberattacks, IoT cellular attacks come in a variety of flavors. To name a few:
● Battery drain Denial of Service (DoS) attacks - Because IoT devices rely on battery power to function, these attacks can be very costly. This is especially true when, as a result, company employees are forced to go into the field to replace batteries in potentially remote or dangerous locations
● Attacking functionality - These attacks exploit loopholes in the device or network systems to gain access to control functions. Such exploits can be used to impact service operation, spread botnets, or implement denial of service attacks, which overwhelm IoT devices and the network.
● In data channel rerouting attacks, the threat actors make changes to the data paths coming to and from the devices, enabling data interference. They may alter the access point name (APN) registered on the device; the APN defines the gateway from the IoT cellular network to the Internet. The threat actor may also modify the domain name server (DNS) to better control the IP address for the APN
How to Protect Your Cellular IoT Devices and Network
Protecting IoT cellular devices requires a combination of strategic and tactical planning. The organization itself must have contingency plans in place with regard to major attacks, such as service shutdowns resulting from DDoS (distributed denial of service) attacks. Each role and responsibility must be defined in advance to speed mitigation and recovery. Additionally, maintaining security hygiene is vital when ensuring network protection. Tasks such as replacing default passwords and putting up firewalls can make all the difference when it comes to cyber security.
An appropriate IoT network connectivity management platform is essential to ensure the IoT cellular devices maintain their resiliency during an attack or breach. The platform must be able to detect alerts and protect against any of the attacks explained above. It’s critical that organizations have a single view of their connected devices for monitoring, visualization, and operational control.
The combination of IoT cellular device management and security administration is critical to ensuring smooth operations. For example, it needs to be able to enforce different policies for different groups of devices that have similar connectivity and security needs. Furthermore, whatever solution the utility organization chooses, it must be able to monitor the devices across the entire network.
Benefits of Using a Connectivity Platform
Using a connectivity platform can reduce costs, increase security, make operations more efficient, increase flexibility, and optimize policy per IoT use case. This ensures continued protection and provides the security team a fully operational and relevant dashboard delivering all the information they need. Additionally, with a flexible network, public, private, and hybrid deployments can all be used, allowing you the freedom to choose the connectivity platform that best suits your individual needs.
IoT is the future of utility organizations, but this change shouldn’t be taken lightly. When moving over to a connected network, make sure all the tools are in place to maintain operations, even during times of crises.
