Identifying Security Issues in the Industrial Internet of Things

The Industrial Internet of Things (IIoT) allows the collection and communication of data from production processes as well as sending and receiving commands for interaction and actuation to, e.g., increase the efficiency of processes. However, a secure and safe operation is essential to protect, e.g., workers laboring in the operating space of machines and the environment, which were shown to suffer from the misoperation of critical IIoT deployments. As a foundation for such a secure and safe operation IIoT protocols nowadays include security features. However, it is unclear whether these developments of protocol specifications lead to a secure IIoT in practice.

In this dissertation, we address the open research gap of the current uncertainty on IIoT security. To this end, we first set out to assess the security of today’s IIoT. Second, we analyze the pitfalls that hinder operators from operating securely despite the existence of secure protocols. Last, we give an overview of novel approaches that help operators secure their deployments.

Our first three contributions show from various angles that the majority of Internet-exposed IIoT deployments are insecurely configured, independently of their potential deployment date and the protocol used being either secure-by-design or retrofitted. In our fourth contribution, we trace this problem back to modern technologies like containerization that ease deployment processes but also disguise security issues. Our last two contributions propose two novel mechanisms that can increase the security of the IoT in the future.