Wireless Device Monitoring for Better OT Cybersecurity

Summary

There was a time years ago when wireless was a brand new technology seldom used in the manufacturing environment, but over time it has become more robust, and it now sees action in just about every facility in some way and form.
 
The catch is how can a manufacturer ensure wireless technology is free and clear of any kind of threat? The answer is no one will really know until it connects to a wired network. That is a problem.
 
“In some ways wireless is in its infancy, but in other ways it is a huge risk because now I don’t even have to attack you coming in through the business network and pivoting and getting into the IT network and then pivoting and getting into the OT network,” said Tim Sanguinetti, director of product management at Nozomi Networks. “I can be in a van parked in your driveway because wireless does not respect gates, it does not respect a wall. It will go wherever it can propagate, which means I can sit in your parking lot, tap into your WIFI and see all the devices talking on your WIFI network without ever setting foot in your plant.”
 
To that end, network monitoring provider Nozomi Networks launched Guardian Air, a wireless spectrum sensor for OT and IoT environments. No one can deny the benefits of wireless technology. But the integration of these systems into industrial and critical infrastructure environments continues to expand the attack surface.

“You can’t defend what you don’t know what you have,” Sanguinetti said. “It comes back to discovery. What do I have?
 
When monitoring technology launched years ago, it was a new vision hitting the industry where manufacturers could actually see what devices they had on the plant floor, but also if any kind of malware was present, or if an attack was occurring.
 
What has come to light was they could only tell if a wireless network or device was out there only if it connected to the wired network. If there was a wireless device or network not connected to the wired network, it was invisible.
 
Customers said this is a problem we have in our environments we don’t have a solution for, Sanguinetti said. “This wireless environment is likely in your (facility) you don’t know anything about.”
 
“We are a wired network monitor solution,” Sanguinetti said. “We are plugged into a network cable going toward a router. Once that wireless devices communicates and converts to an Ethernet signal and goes into the network to talk to other devices, we will see its existence, but if there is a rogue devices that doesn’t touch the environment, we will not be able to monitor it.”
 
Guardian Air allows for visibility into wirelessly enabled devices. It can monitor several wireless frequencies to provide visibility of connected sensors, devices, laptops and cell phones.
 
Like the traditional visibility tools, this provides asset inventory and shows what end points are out there making sure rogue deployments are not there or ensuring the deployments that are there are secure, Sanguinetti said.
 
In terms of a wireless attack, Sanguinetti mentioned a hack at a Las Vegas hotel that occurred. The hotel knew they ended up attacked, but couldn’t figure out how. After conducting an investigation, they realized they suffered an attack via a wireless connection in a fish tank. Attackers were able to get in and then pivot and get into the IT network and then the hack was on.

With Guardian Air, it will be possible to:

• Monitor prominent wireless frequency technologies used in OT and IoT environments including Bluetooth, Wi-Fi, cellular, LoRaWAN, Zigbee, GPS, Drone RF protocols, WirelessHART and more
• Immediately detect wirelessly connected assets and gain asset information to address unauthorized installations
• Detect wireless-specific threats, including brute force attacks, spoofing, and bluejacking–with the added ability to determine the location of the devices performing the attacks
• Integrate wireless data into a single OT and IoT security platform that unifies asset visibility from the endpoint and across wired and wireless networks