To say the Internet of Things (IoT) is growing would be an understatement. By the end of 2018, there were seven billion IoT devices worldwide, and a year later, that number boomed to nearly 27 billion. These devices are in our homes, on our streets, and increasingly, in power plants, factories, and other industrial settings.
Carnegie Mellon’s Secure and Private IoT initiative (IoT@CyLab) has recognized the so-called Industrial IoT (IIoT) as the next big challenge in IoT security.
Last month, Carnegie Mellon University announced its partnership with the Cybersecurity Manufacturing Innovation Institute (CyManII), a $111 million public-private partnership funded by the U.S. Department of Energy (DOE) and led by the University of Texas at San Antonio. While the DOE’s goal is to increase energy efficiency of the US manufacturing industry, it recognizes that doing so will require implementing IoT devices, which introduces new threats to the industry if security isn’t addressed.
With several ongoing projects focusing on industrial security, IoT@CyLab will help bolster CyManII’s goals of improving the security of the manufacturing industry’s own IIoT. For example, one direction the industry has been trending towards is converting its connected devices from wired to wireless, and one IoT@CyLab-funded project focuses on making that transition safe.
“Despite big advantages of moving factories towards wireless, there's a lot of hesitation from old school manufacturers to do anything wireless,” says CyLab’s Swarun Kumar, an assistant professor of Electrical and Computer Engineering who leads a project on IIoT security funded by IoT@CyLab. “Security is a big factor that explains this reluctance. They say, ‘We don't want wireless to break things.’”
One wireless threat to factory floors, Kumar says, is the potential for wireless IoT devices to be misconfigured, or for them to be placed in factories maliciously. These devices could either disrupt operations or steal secret information. But Kumar says that “IoT sniffers” may be used to find and locate these devices.
With IoT sniffers, we want to listen to the wireless spectrum and inspect any suspicious transmission that we see.Swarun Kumar, assistant professor, Electrical and Computer Engineering
“With IoT sniffers, we want to listen to the wireless spectrum and inspect any suspicious transmission that we see,” says Kumar. “We need to know when an unknown device is present and where exactly it is so that people can go inspect that location.”
These IoT sniffers work by detecting radio signals in an area that do not match the known, normal radio signals. Features in the signals themselves can reveal information about how far away the devices are, and with several sniffers in an area, Kumar’s team can triangulate devices’ locations.
While Kumar’s team is currently testing these IoT sniffers outdoors across CMU’s campus, they soon plan to test them at the state-of-the-art manufacturing research facility at Mill 19, an innovation space shared by Carnegie Mellon’s Manufacturing Futures Initiative and the nonprofit Advanced Robotics for Manufacturing Institute.
“We would like to integrate it with some of Mill 19’s robotic arms and treat all of the equipment there as essentially an actual factory floor,” Kumar says.
As far as the reluctance for some manufacturers to convert to wireless, Kumar remains optimistic.
“We are getting a better handle on misconfigurations and adversarial threats,” Kumar says. “I can’t imagine a factory floor in the 21st century looking like a datacenter with wires everywhere. That’s not the factory floor of the 21st century that we are imagining.”
IoT@CyLab plans to fund additional IIoT security projects as the initiative moves to its third year. Those funded projects will be announced in Spring 2021. IoT@CyLab is funded thanks to sponsorships from AT&T, AWS, Infineon Technologies, and Nokia Bell Labs.