M2M security gap is danger to unaware
1 min read
Proliferation of machine-to-machine (M2M) connections is posing security risks that, in most cases, are easily avoided but too often overlooked. Brian Tinham reports
Proliferation of machine-to-machine (M2M) connections is posing security risks that, in most cases, are easily avoided but too often overlooked.
So says Ian Kilpatrick, chairman of secure infrastructure specialist Wick Hill Group. He warns that ‘deperimeterisation’ of networks, through decentralisation, IP and the web, has significantly changed the security landscape.
“Organisations now need to move from a reliance on gateway security to a recognition that applications, departments and network segments need their own security,” he says.
That’s understood for much of network infrastructure management, where outward-facing systems are concerned. But in M2M – whether that’s communications on board a modern aeroplane, or increasingly CNC machines driven from CAD and production systems – it’s mostly not.
They typically rely on gateway systems for firewall and anti-virus protection. “This was more than adequate in the past but not any longer, as has become increasingly clear to the many organisations who have had to build patch scheduling into their timetables,” says Kilpatrick.
“Unsecured IP connected devices are potentially vulnerable to a range of problems such as network viruses, Trojans and hacking. If you have access to a network, it’s easy to find network connected IP addresses and, in the case of servers, to exploit current patch failures.”
He cites surveillance cameras, VoIP servers and VoIP devices, wireless devices, video conferencing systems, data centre monitoring equipment and ATM devices as potentially vulnerable. And he speaks of an unnamed company where production was lost for days when robots on an IP network were infected.
“Low-cost, easily-deployed miniature firewall [and] anti virus products, such as Innominate’s mGuard, are now available and can be installed on a server or in front of a device in minutes,” he advises.
“They can protect key IP devices for a few hundred pounds, as well as being capable of delivering the level of reporting needed for compliance with various regulations.
“These products can also provide the sort of central configuration and sophisticated management capabilities needed to make administering them relatively stress free.”