The rapid growth in Industrial IoT (IIoT), across all business sectors, continues to highlight the differences between safety and cybersecurity on safety-critical sites.
For a long time safety has been culturally embedded into every aspect of industrial site operations. However, cyber-security is often seen as an afterthought and is sometimes bolted on (or not at all in certain cases).
Digital transformation
Digital transformation and expansion into safety-critical sites of IIoT is driven by the same productivity and performance benefits that they bring to other industries. There are also real benefits that can be realized in the real world, such as improving the safety and health of employees and reducing environmental impact.
Let’s look at the use of IIoT to operate industrial electrical equipment. Here are a few examples.
Safety
In order to operate circuit breakers, electrical maintenance technicians used to push buttons and charge the handles manually. Now maintenance personnel can remotely monitor and operate the same equipment.
This is a smart safety move, since engineers are no longer required to operate equipment within the arc flash boundary. It dramatically reduces the risk of injury or death due to arc flashover.
Accessibility
Distribution transformers that are pole mounted are widely used in electricity distribution networks. They are responsible for the final voltage transformation between distribution voltage and 120/240 volt power we use in our homes. They are pole mounted, which means that they are not easily accessible. This reduces the chance of injury and vandalism to animals and people nearby.
To take readings or operate controls, maintenance engineers will need access to the control cabinets. This could involve accessing equipment remotely or working at height.
Now, we are seeing Bluetooth and cell implementations in industrial electrical devices that allow remote diagnosis.
We began looking at tenders from power transmission companies as well as datasheets, manuals, and datasheets for new Bluetooth control panels and switchgear. Cyber-security controls were what we were looking for. These results weren’t good.
First, vendors
Our first device was Bluetooth Classic / BT EDR and featured a static pairing pin. According to the manual, it was “0”.
We couldn’t find a way to change the PIN or to put it into a pairing mode. It was always possible to pair.
Next, we examined a Modbus Bluetooth adaptor. Although the documentation provided details about the default PIN 6699, there was no way to change it or take the device out from pairing mode.
Although this particular product model was discontinued recently by the manufacturer, it is still available for purchase at multiple industry suppliers.
One other device we examined had a way to change the PIN. It wouldn’t allow serial port access until it was changed from default to an 8-16-character PIN. To change the PIN, there was a physical switch that could be used to turn the device on or off.
You can also configure the device to enable or disable discoverable mode. The default setting allowed connections and made the device discoverable.
These issues are a cause for concern. These issues highlight the many security options available for IIoT devices on the market today. A poorly secured device can allow any nearby Bluetooth device, as well as other devices, to connect to it and to operate it just like if they were physically connected to a serial port. Here are some examples of possible operations.
- AUTO recloser CLOSE/OPEN – An attacker could manually cause a loss of power in the area.
- Live Line protection sequence adjustment – Manual override safety measures to protect maintenance engineers
A malicious local actor could cause power cut or re-enable power while the line was being repaired.
Manufacturers and vendors share a responsibility for the safety of their products at all stages of the product’s lifecycle. From conception and design through development and testing, and an ongoing commitment to deployment and onwards to product retirement.
It is not clear if vendors will take on this responsibility through market pressures or being forced to by IIoT governance.
Second, power transmission companies
We believe that “If you don’t ask, you don’t get” is the rule of the day. We looked at several tenders that were online for remote control systems for pole-mounted switchgear.
All of the requirements for remote access to switchgear were for safety reasons and could be done via Bluetooth or cellular data, but not one mentioned security.
While many power companies are concerned about their security, there are others who must catch up.
Recommendations
Bluetooth security is possible even in complex field-based operations that involve multiple engineers and multiple devices that interface with the switchgear.
Even a simple pre-shared key could make a big difference. While it is not ideal, it does make attacks more difficult. You would have to either steal the device or recover it.
Bluetooth Low Energy/BLE provides security options that range from a quick ‘just connect’ without security to a long-term ‘pairing or ‘bond’ with cryptographic keys exchange.
Conclusion
Remote control of switchgear can be a huge plus in safety, efficiency, and rapid restoration of power. Proactive fault prediction can also be a great help in ensuring uninterrupted power supply.
But, it could make certain situations less safe and may also affect the power supply.