Getty Images
Eyepeek 5e5e6e0593b4a

Are Your Airwaves Safe?

March 4, 2020
As manufacturers fill the radio waves with vital data, spies are taking notice.

Data security is an ongoing issue as more manufacturers embrace digital technologies. And, unfortunately, the threat landscape continues to intensify as wireless environments become the new norm. 

Simply put, the corporate airspace is under attack with foreign governments, competitors and cyber criminals conducting radio field (RF) attacks using cell phones, Bluetooth Low Energy accessories and radio-controlled lights to gain access to company secrets.

Should manufacturers be concerned about RF espionage?  

Absolutely! A quick look at the stats, shows that not only is the threat real, its significant. And, the number of radio-enabled devices operating within today’s manufacturing environments only continues to multiple. According to a recent report by Statista, there will be 75.44 billion worldwide Internet of Things (IoT) devices in operation by 2025.And unfortunately, according to a recent Forrester report, 84 percent of IoT devices are more vulnerable than corporate-managed computers.

Given the gravity of these stats, it’s a growing concern for enterprises, but the concern still lags behind the threat, explains Chris Risley, CEO at Bastille. “However, in government, they’ve already accepted the threat of RF espionage and they want to know every transmitting device in the facility and what that device is doing,” he says. “Government facilities with valuable secrets have policies to exclude RF devices to keep the threats at bay.”

According to Risley, adding to the problem, “IoT is spawning 100 new radio protocols, each optimized to maximize battery life for the device which uses the protocol,” he says. “With billions of devices using protocols which have not yet been battle-tested, security, vulnerabilities are going to become huge issues.”

What do manufacturers need to know?  

Manufacturers are already tremendously reliant on wireless protocols: BlueTooth, WiFi, Bluetooth Low Energy, Zigbee, Z-Wave, etc. The more modern the factory and its robots, the more radios the company will depend on.

“Unfortunately, most manufacturers have no idea what’s going on in their radio space. Most assume that all radio traffic is encrypted. We almost never see a factory where some of the radio protocols are not running in the clear (unencrypted),” he says. “That means that not only can an RF attacker listen to your traffic, they can also send their own instructions to cause you equipment to misbehave. The range of a radio attack is easily a mile, limited only by how much the attacker is prepared to spend on antennas and amps.”

The key to protecting access is to first find out what devices are operating in their radio space and whether that traffic is encrypted on not.  After all, manufacturers need to be able to detect and accurately locate all the individual cellular devices in addition to providing accurate locations for the more common Wi-Fi, Zigbee, Bluetooth, BLE based devices.

According to Risley, Bastille enables organizations to first establish a baseline of what the normal RF activities are and from there, the system can identify the new devices that enter the airspace. Bastille Enterprise provides an adjudication workflow with fits in with your existing security system. "If a device is judged by security to be an allowable device then Bastille won’t alert on it in future. If the device is found to be disallowed, then typically the person who mistakenly brought the device in is contacted. However, in government installations, we have customers who would send security to escort the person and/or his device from the facility," he says. "Bastille also offers integrations to MDM, which enable companies to see which devices are under MDM and which are not. Often customers want non-MDM devices to be removed from the facility. Also, since Bastille provides interior geofencing, customers can choose to have Bastille notify the MDM to turn off the device camera and microphone when a device crosses into a geofenced secure zone."
About the Author

Peter Fretty | Managing Editor

As a highly experienced journalist, Peter Fretty regularly covers advances in manufacturing, information technology, and software. He has written thousands of feature articles, cover stories, and white papers for an assortment of trade journals, business publications, and consumer magazines.

Sponsored Recommendations

Free Webinar: ISO 45001 – A Commitment to Occupational Health, Safety & Personal Wellness

May 30, 2024
Secure a safer and more productive workplace using proven Management Systems ISO 45001 and ISO 45003.

ISO 45003 – Psychological Health and Safety at Work

May 30, 2024
ISO 45003 offers a comprehensive framework to expand your existing occupational health and safety program, helping you mitigate psychosocial risks and promote overall employee...

DH Pace, national door and dock provider, reduces TRIR and claims with EHS solution

May 29, 2024
Find out how DH Pace moved from paper/email/excel to an EHS platform, changing their culture. They reduced TRIR from 4.8 to 1.46 and improved their ability to bid on and win contracts...

Case Study: Improve TRIR from 4+ to 1 with EHS Solution and Safety Training

May 29, 2024
Safety training and EHS solutions improve TRIR for Complete Mechanical Services, leading to increased business. Moving incidents, training, and other EHS procedures into the digital...

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!