Who Controls your IoT device?
Who controls your IoT device?
Most of us are familiar with smart meters, which is likely because governments around the world are launching massive roll outs to help optimise energy systems. Smart meters are interesting because everyone can relate to them and when I explain the internet of things (IoT) to people, I always use smart meters as an example. They are perhaps the most well-known example of massive IoT.
Smart meters provide real time energy consumption insights which eliminates the need of estimated bills whilst allowing more conscious use of resources. It´s a no brainer. Everyone generally understands how it works - meters magically send consumption data over the internet to energy companies, nobody comes to read meters anymore, and bills are a bit more comprehensible.
The real advantage of smart meters, however, is realised in the wider smart grid where they help balance supply and transmission with demand whilst managing areas of inefficiency and loss. Smart meters allow grid operators to digitise and modernise power systems and collect detailed data on the ‘quality’ of electricity at different points of use. Considering the growth of electric vehicles (EVs) and charging infrastructure, solar panels, wind turbines and other new distributed energy resources (DERs), it’s easy to see how power grids will further depend on a much smarter electricity infrastructure to fully integrate DERs and ensure our future energy security. Without the data generated from Smart meters, the stresses and strains on the smart grid would be unmanageable.
In briefly examining the role of smart meters, we see examples of many other IoT systems that have a critical part to play in modern infrastructures. This includes other elements in the smart grid, gas supply for power stations, solar panel control systems, wind turbine monitoring, energy storage and vehicle charging.
Without a reliable connectivity, all of these systems fail, with potentially catastrophic results.
But that’s OK – governments identify critical projects and introduce strict supply chain controls, regulation and legislation to ensure that IoT equipment in critical industries is secure and reliable, right?
Wrong! In fact, in May 2022 the Czech government issued a fresh warning on potential cybersecurity threats stemming from the use of energy-related technical or software smart metering tools (i.e. smart meters) that do not come from countries deemed to have “trustworthy” legal environments.
OK, but governments do mandate security standards for critical infrastructure IoT deployments, right?
Well, yes, sometimes they do, however, most of the focus is on IT cybersecurity rather than the OT (operational technology) cybersecurity of connected assets. And even in the case of smart meters, which are quite well regulated, there have been mass hacks.
What about the manufacturers of the equipment in IoT critical infrastructure? Surely, the equipment they produce must follow certain security approvals and functional certification?
Yes, but manufacturers have no idea what the embedded software (or firmware) running in their own equipment is actually doing. Nor do they know who wrote it and who signed it off!
A potential step in the right directions is a recent EU proposal for regulation on cybersecurity requirements. The proposal, known as the Cyber Resilience Act, applies to products with digital elements and aims to introduce cybersecurity rules to ensure more secure hardware and software products.
So, if we don’t act, are we in danger of turning smart energy into dumb energy?
As strange as it may seem, and regardless of the technology used, if the IoT equipment includes a communications module, it’s running firmware that even equipment manufacturers are not 100% certain of what it’s actually doing.
Let’s take a deeper look using cellular communication as an example. Most IoT systems use cellular technology, if not always at the ‘edge’, then at some point in the wider infrastructure, to gather metering data and send it to the head end system (HES) of the energy company.
Another compelling reason to consider cellular is that many governments have already identified and taken steps to alleviate potential security risks in cellular infrastructure by mandating the removal of Huawei equipment in the 5G core.
If we drill down a little deeper into the cellular communications module, we see that this tiny, innocuous device buried inside millions of smart meters and countless other pieces of equipment in critical infrastructure is actually quite a sophisticated cellphone.
In general, the core chipset (or baseband chipset) of the module is supplied by well-known semiconductor manufacturers. This chip is actually an advanced processor running the protocol stacks required to utilise cellular networks along with relevant certifications.
But that’s not all. Because the core functionality is difficult to integrate directly into a device such as a smart meter, equipment manufacturers normally choose to buy a module that takes care of the complexities of the core chipset. There are many other benefits modules bring too, both from a hardware and software or firmware perspective.
From a hardware perspective, modules contain all the other peripheral components required to make the core chipset usable, which includes power and radio components, filtering etc. It makes sense for a module manufacturer to do this expert task once, source the components on mass, and sell a packaged solution along with all the relevant approvals. As far as the device manufacturer is concerned, the module appears like just another chip to integrate during manufacture.
But when it come to the firmware, you really need to have complete trust in your module supplier because running inside a module, there is always a lot of code - written by the module manufacturer. You can’t see it, you can’t measure it, you fully can’t control it.
So, what is this code doing? Multiple things, but in the interest of time, I will mention just three:
AT Command interface provides the only view of communications behaviour
First, to make life easier for the equipment provider, the module and the behavior of the core chipset are controlled by simple commands in a 2-way exchange driven from a processor in the control of the equipment provider. The code that interprets these ‘AT Commands’ and returns a response is always written by the module manufacturer. This module AT interface provides the only view of what the module is doing, and this view is under the control of the module manufacturer.
Over the air updates – An exploitable backdoor
Second, the code should enable security and stability. It’s fair to "expect the unexpected” and that goes for networks too. It is the responsibility of the module manufacturer to ensure that the module can be adaptable in order to evolve with network upgrades and ‘tweeks’. This means having the ability to perform firmware updates over the air in order to address any ‘nuances’ that may occur. Unfortunately, if not treated carefully, this mechanism can become the module’s Achilles heel. It’s essential to ensure all the back doors are secured and tested by the finest cyber locksmiths.
Embedded Applications - A hidden threat in the heart of the connected thing
And finally, as previously mentioned, the smart module is actually quite like a sophisticated cellphone although clearly without a screen or a battery. Just like a smartphone, as long as they´re powered*, these modules can run background apps, report usage, and report their location. They´re unlikely to be able to decrypt the data going through them, but don´t really need to. With one click, from a faraway mouse, they can simply be switched off - permanently. Although it may seem far-fetched, unless you have the skills to unravel wireless protocols and decipher which bit is your data, which is network control data, and which is unexpected data; unless you can justify every byte, you have no way to tell who your module is talking to and what it’s saying. Remember, the module manufacturer chooses what you see though the AT interface.
OK, end of disaster movie. Hopefully this short piece has demonstrated that many of the smart contraptions that are used to build critical industry systems are running code in the very thing that makes them smart. The manufacturer of the wireless module bears a huge responsibility to keep critical industry running smoothly.
Next time a deal is stuck with a supplier to connect a thing, just ask a few questions:
1. Does the company have references for key government backed and critical infrastructure projects?
2. Is this company governed by regulations and can demonstrate the strictest quality procedures?
3. Are there any doubts about the origins from which my smart connectivity solution is based?
*Narrowband IoT and LTE CAT-M devices include power saving mode. This feature provides power consumption advantages by keeping the module in a low power state rather than removing the power supply completely.
Links and References
Cellular_IoT_Paper_JAN_Master_PDF.pdf (oodaloop.com)
2022-05-02_smartmetering-varovani (nukib.cz)
I've found running a vanilla Linux distro, with suitable update/signing processes fine for such devices. at small and large scale (ie before you've validated the biz case assumptions and for the first 100m locations). You get a more mainstream software stack, which has fewer bugs. There are still issues with pure cellular comms (notably CGNAT) before you get to security issues. Happy to advise anyone thinking of this type of environment.
MasterOfThings, Smart City IoT AEP.
1yNeil Bosworth , Imagine what would have been the situation if smart meters used in Ukraine were made by Russian government backed projects or vice versa, smart meters used in Russia were made by Ukrainian (or European or American) government backed projects. Note that in both cases, it would have been governed by best quality procedures as per your 1st and 2nd criteria. Does this make these meters trust worthy 🤔? It is much better to buy smart meters from a mix/variety of small device makers who deliver up to proper technical requirement and pass through a locally customer defined certification/test procedure and even have a mixed deployment in the field. Alternatively, customers need to secure the connectivity network and get a trusted horizontal IoT AEP (Application Enablement Platform) that makes customers agonistic from device makers.
Blockchain | Tokenization | Smart contracts | NFT | Identity of Things | IoT | Cloud | IT Strategy | Digital transformation | Pnrr
1yThis is a crucial aspect of the Internet of Things (IoT) and raises important questions about the reliability and trustworthiness of the data from IoT field devices. Can businesses make decisions and take actions based on this data with confidence? Currently, companies that want to use data from and to IoT devices must build and manage their own infrastructure from scratch, which can be a significant barrier to widespread adoption. The cost and investment required are too high for many businesses, and it can be difficult to secure the thousands of devices located outside company walls, such as smart meters. IoT is similar to the IT infrastructure of 20 years ago, which was proprietary, insecure, and expensive. There is a need for a shift towards the cloud model, where each actor operates its own layer and business. An IoT infrastructure provider, similar to an IaaS provider, would run and rent millions of devices around the world. An IoT service provider would run specialized software on these devices and sell API access. An IoT data provider would collect and sell data and actions from and to the API. This business model requires trust and security between all actors to be successful
Very interesting article pointing out the importance of reliable and secure connectivity you need to be able to trust. Great insights, Neil Bosworth !
Project Communications - VINCI Autoroutes
1yThank you for this article Neil. I found it very interesting and especially very relevant to current events...