This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NTM and IOT - Has anyone run into issues?

My company provides engineering services to organizations that provide critical infrastructure. Critical Infrastructure provides essential services such as water, electric and transportation that underpins American society and serve as the backbone of our nation's economy, security, and health.  We deal largely with water and waste water and have in recent years extended our services to include Operational IT services. We work extensively with programmable logic controllers (PLCs) which in turn control valves, switches and measuring devices among other things and the software that monitors and reports on these devices.

When we get a new customer, it is not uncommon to find out that there is little to no documentation or knowledge of the existing infrastructure. A tool such as NTM would be perfect IF there weren't reports of PLCs being damaged or even bricked by netscans and similar.  The problem most always stems from older hardware that has not been updated, but with hundreds if not thousands of items that make up the Internet of Things we support, running any utility that has the potential to do damage is not going to happen.

I'm curious if anyone else has had this experience, or what you do to prevent this from occurring.  NTM has the potential to save us hundreds of hours a year, but only if it doesn't cost us millions in damage!

  • I'm sorry I don't have the exact information you request, but your query brought some ideas to mind:

    • If IoT or other devices become bricked by net scans, that's a significant red flag.  Someone will eventually scan them, and you're probably well advised to remove or remediate those devices proactively before they end up being damaged or worse--compromised.  Once they're compromised, it's challenging to understand or imagine all the potential ramifications.
      • Can they be used to remotely infiltrate your corporate network, doing additional compromising, probing, hacking--discovering new vulnerabilities or shutting down or readjusting your systems, maybe gaining access to accounts, billing, H.R. files, etc.?
      • Can those convenient IoT devices be used to compromise or damage your customers' homes or businesses?
    • How hard / expensive will it be to remediate (or replace!) those devices so they meet your security needs, industry standards, security standards, etc.?
    • How expensive will it be to recover from an exploit of those devices?
      • How about if the exploit caused a fire or personal injury to a home owner or their family members?
      • The same for corporate--if a compromised IoT remote monitoring tool ultimately provided access to a corporation's resources and those resources were adjusted, shut down, contaminated, etc., how expensive will it be in Public Relations nightmares, EPA involvement, federal investigations and law suits, personal injury or class action law suits, etc.?

    IoT devices may have great utility and convenience, and I can see how they'd save water metering and gas metering and electric metering services a LOT of money.  But they may also provide convenient access to folks who are interested in compromising them and exploiting their access into homes and businesses.  Adequately secure / isolate them before those vulnerabilities are discovered and exploited--or remove them.

    Taken in that light, one can creatively imagine that if NTM happens to brick these remote monitoring devices, that might be less expensive than leaving them up and open and vulnerable, and the resulting ramifications of being exploited.

  • Traditionally, these IOT environments are highly segregated and fire-walled and kept separate even from traditional IT networks because of the risk. These environments have manual overrides as well in the event of failure.

    To add to the complication, these environments often consist of dozens or even hundreds of remote sites (things like a water tank or a sewage lift station).  The cost to upgrade and replace can easily be hundreds of thousands of dollars... or more.  So customers often squeeze as much life out of their components as possible. Part of our services are ensuring these networks are isolated, secured, patched and hardened.

    Because of the complexity of the environment. it is difficult is in knowing exactly what is there. Components of these systems can be 20 years old and with tight budgets, often only essential items get replaced with items that should be essential getting overlooked

    Replacing/upgrading is happening, but many vendors that supply key components are woefully far behind the technology curve (Several software suppliers will only certify their software to run on Windows XP).  And then given the complexity of most environments, 'tribal knowledge' often leaves as employees move on leaving poorly documented environments.  That is where NTM would have huge benefit, if it weren't for the risk. 

    I don't see the industry we serve changing quickly. It may be another 10 years before VMware is recognized, let alone all IOT devices being capable of being scanned.

    I'm trying to find others that face this challenge, and how they have worked around or through the issues.

  • I hear you, brother!  I still have to support "hardened" Windows 95 boxes behind private firewall appliances, along with Vista, 2000, NT, and XP.  Fortunately my Security Team is empowered to seek out & replace/remediate them.

    But we continually get "new" gear that's already proven to have flawed/vulnerable/obsolete network technologies, and training users to stop buying it, or to work with I.S. before going shopping, is the only way that flow can diminish (notice I didn't say it can be stopped).