What Do You Mean it Doesn’t Have an IP Address?

We are becoming an IP-connected world. Home energy, city lights, cars, television, coffee machines, IP-enabled mobile devices, home security cameras, watches, manufacturing process automation, Star Trek-like hospital monitoring beds, you name it. If it’s been built in the last five years and has any kind of management or monitoring need, the device probably connects to an IP network.

Most of these systems should be non-routable, internally controlled networks to reduce the risk of tampering or accidental or intentional data loss. But we know that even if these networks are designed to be closed, some business need, convenience, or a clever hacker could open them up to external access. Consider the Target breach via an HVAC vendor[1], or the remote hack of a Jeep Cherokee[2] via an open port on the Sprint cellular IP network. (Sprint points out that it was merely providing the connectivity and transport for the attack, and that its network did not contain the end device vulnerability[3]). 

First, maintaining a strict policy of no remote connections creates a sense of assurance.  Second, such networks can drift from their original configuration, or become out of date with respect to patches and updates. Third, closed networks are more costly to maintain. The cost of an onsite visit to resolve a configuration issue or a patch gone wrong is certainly more expensive than remote remediation. Imagine the havoc that would ensue if the new LED road lighting system being deployed by the city of Los Angeles[4] were hacked?  Still, the benefits of a connected LED lighting system, including reduced energy, better management, and real-time communication, are likely a higher priority than the risk of hackers taking over nighttime lighting. 

It’s worth reviewing the Jeep situation because it illustrates the challenges of adding systems to IP networks. First, as we add remote access to previously disconnected complex systems, the design of command and control vs. the data path needs to be carefully considered. Jeep designers believed their systems were disconnected, but researchers were able to find a connection. Once the connection was found, further engineering enabled the researchers to use the entertainment system with its necessary network connectivity to piggyback commands into the control system, radio, windshield wipers, steering, and brakes. Computers have made cars safer by giving them the ability to sense obstacles, feather the brakes, and warn the human driver when maintenance is needed. But those same computers become dangerous if accessed by unauthorized users.

As devices become increasingly interconnected, system functions and controls may be accidentally accessed. We can mitigate this risk by understanding our network baseline protocols and carefully monitoring new types of devices that appear on the network.

In the words of Arthur Conan Doyle, “Never trust to general impressions, my boy, but concentrate yourself upon details.”

[1] http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

[2] http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

[3] http://www.fiercewireless.com/story/sprint-says-its-network-not-fault-hacking-demonstration-chrysler-vehicles/2015-07-28

[4] http://www.wired.com/2015/09/design-issue-future-of-cities/