[Research] Risks of the Industrial IoT in Compromised Campus Networks

  /  Industrial IoT   /  Connected Industry   /  [Research] Risks of the Industrial IoT in Compromised Campus Networks
cybersecurity

[Research] Risks of the Industrial IoT in Compromised Campus Networks

5G, along with its role in industries, is a popular topic. An important part of this conversation is the campus network, which serves as one of the key implementations of 4G/LTE and 5G technologies in an industrial setting. In particular, campus networks were implemented to fulfill the growing requirement for higher availability and lower latency, without the cost and complexity brought by fixed lines. As the Citizen Broadcast Radio Service (CBRS) spectrum (the early enabler of private 4G/5G networks) was released, pioneer organizations either began their plans for campus networks, or started developing campus networks in their smart factories, remote power stations, pipelines, and remote mining sites. (1)

However, both the transition to 5G and the current threats to campus networks highlight security issues that are compounded by the fact that telecommunications and IT/OT exist in what appear to be nearly different fields of expertise. The network is either installed on-premises by a campus network provider or as a slice of a public telecom network. Still, IT and OT engineers often overlook the cost of maintaining campus networks. They either mistakenly trust the campus network or treat it solely as applications running on an IP network.

This is a problem due to the growing complexity of the role that telecom technologies play in factories, critical infrastructures, smart cities, and other industrial environments. As a result of such complexity, IT/OT experts might lack the knowledge necessary to help mitigate security issues involved in campus networks. Since the core competencies for both IT and OT differ from those that are needed for campus networks, IT/OT experts must learn and maintain new knowledge.

This research intends to fill the gap on what can be learned from practical demos. Overall, the research should be helpful for IT/OT personnel and should narrow the knowledge gap between the two fields and telecommunications. The attack scenarios discussed here demonstrate how to conduct the most common and generic attacks that IT professionals are familiar with and also introduce cellular-specific attacks.

In this paper, Trend Micro’s research team assesses and demonstrates the security risks in a real configuration of an ICS that is connected to a campus network.

Lastly, the attack scenarios that the authors discuss range from common TCP/IP attacks, such as an MitM attack, the modification of packets on the fly, and some telecom-specific scenarios. Afterward, the team elaborates on the efficient mitigations and valuable defenses for these attack scenarios.

Sponsored by Trend Micro