IoT security breaches a ‘building’ concern for industries

Internet of Things network increasing vulnerability of industrial sites to cyberattacks

Optigo Networks CEO, Pook-Ping Yao (centre), at the Simon Fraser University downtown incubator with his executives Byron Thom (general counsel) and Dan Ronald (VP, product management) | Rob Kruyt

Coffee-loving technophiles may feel put-upon making a brew the old-fashioned way by pushing buttons on a machine.

Nowadays, the Internet of Things (IoT) allows a consumer to use a smartphone to send signals to a Wi-Fi-enabled coffee maker that automatically turns on as the owner approaches the kitchen.

But what if the IoT network used by the smartphone or coffee maker were hacked, causing the machine to brew coffee at 2 a.m. and spill over the counter?

And what if it weren’t a coffeemaker that had its IoT network breached, asks Pook-Ping Yao, but a highly sensitive commercial or industrial site?

When it comes to cybersecurity, the CEO of Vancouver’s Optigo Networks has found most corporations are focused on their computers, servers and Internet access.

“But next time you go into your [office] bathroom, look for the thermostat. If that thermostat was connected to the network of the building, is that a door into your business?” Yao asked.

His firm develops software that detects cybersecurity threats in the computer systems of buildings ranging from manufacturing facilities to office towers – sites vulnerable to IoT breaches as network integration increases.

IoT refers to the network of devices and computer systems transmitting data between each other without any human interaction.

A cyberbreach in a sensor at an oil refinery could in turn cause a pipeline transporting the oil to rupture.

Yao said the IoT security market is opening up at commercial sites as clients upgrade to “smart buildings” – facilities that have integrated systems controlling everything from security to the temperature.

“If someone was able to unlock your doors, turn off your lights or make the room very hot or very cold, would you move?” Yao asked.

U.S. tech giant Cisco (Nasdaq:CSCO) released a report last year estimating there would be 50 billion connected devices floating around the world by 2020, compared with the 15 billion in 2015. Unprotected devices can in turn be used to breach secure corporate systems.

“What most people don’t know is that a very large proportion of those devices will be in commercial buildings,” Yao said, adding that will make the systems within those buildings even more vulnerable to security breaches.

As the number of IoT-enabled devices grows exponentially, investment in industrial IoT networks is poised to skyrocket.

A 2015 General Electric (NYSE:GE) report estimated that worldwide spending on industrial IoT initiatives would reach US$500 billion by 2020 and growing as high as US$15 trillion by 2030.

GE acquired Vancouver-based Wurldtech Security in 2014 to boost industrial IoT security in such sectors as utilities, transportation, and oil and gas.

“We have to be sure that as we’re building out this industrial Internet, we’re being equally smart about ensuring that – not at the enterprise level but also at the operating level – we are protecting the assets,” GE Canada CEO Elyse Allan told Business in Vancouver.

Allan said the Wurldtech acquisition was imperative for her company as it builds out energy assets – power facilities, transmission lines – that could be exposed to IoT breaches.

“Machines right now have embedded software. But what’s happening more and more is that embedded software will be optimizing the performance of the machines,” she said. “The upgrades will not come in hardware; the upgrades for machines will be in software. Just like we’ve seen on the consumer side, that’s going to happen on the industrial side.”

But Franco Castaldini, vice-president of marketing at Bit Stew Systems, said the industrial side of IoT has already overtaken the consumer side.

His Vancouver-based firm collects raw data from industrial sites – sensors and equipment from a manufacturing plant, for example – and compiles it into a digestible platform clients can analyze for business intelligence.

“Our platform is analyzing more data than all of the social networks combined,” Castaldini said, “so the volume of data in the industrial market by order of magnitude is significantly more than the consumer space.”