Shevtsov V.Yu., Kasimovsky N.P. Threat and vulnerability analysis of IoT and IIoT concepts

THREAT AND VULNERABILITY ANALYSIS
OF IoT AND IIoT CONCEPTS

Vadim Yu. Shevtsov
Assistant Lecturer, Department of Information Security,
Volgograd State University
This email address is being protected from spambots. You need JavaScript enabled to view it.
Prosp. Universitetsky, 100, 400062 Volgograd, Russian Federation

Nikita P. Kasimovsky
Student, Department of Information Security,
Volgograd State University
This email address is being protected from spambots. You need JavaScript enabled to view it.
Prosp. Universitetsky, 100, 400062 Volgograd, Russian Federation

Abstract. IoT and IIoT are new information technologies. They are very efficient
solutions for home, industry and infrastructure. A lot of complex processes can be implemented
using this systems. The popularity of the industrial Internet of things is steadily growing along
with the development of the Internet of things. Both of these approaches involve the exchange
of data over the Internet, use of common hardware platforms and are managed by using
specialized software, and this leads to an increase in the number of common vulnerabilities
and possible attacks on industrial facilities. The Frost & Sullivan report shows that industrial
and IT infrastructures are becoming more transparent. First of all, this is due to the development
of the Industrial 4.0 standard and the refusal to isolate industrial facilities, which entails common
vulnerabilities, the use of security services based on the SaaS model for industrial facilities, as
well as the use of hardware devices that a potential attacker can access quite easily. But very
actual problems of IoT and IIoT are information security. Many of this systems are critical
and little error can stop the entire system. This is not hard for hackers because that complex
system has sensitive components usually. For example simple router can have a lot of
vulnerabilities. There an attacker takes a root easily in every system. To solve the problem
successfully it is recommended to use complex security actions. These are secure configurations
of network devices, using safe devices and protocols, regular audit, using backups, using
actual politics of information security.