Defending the Internet of Things from hackers and viruses

Leon Gubbels is a Security Business Developer at ENGIE, an Elastic MSP. Remco Sprooten is the Product Owner for the security team. Together they describe how their team expanded their security-as-a-service offer to address operational technology (OT) as well as traditional IT systems. ENGIE is based in the Netherlands and active in 50+ countries across Europe, the Americas, and Asia-Pacific.

The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted directly by an outsider. Instead, the attackers infected five of the plant’s partner organizations, hoping that an engineer from one of them would unknowingly introduce the malware to the network via a thumb drive. 

That is exactly what happened. Exploiting zero-day flaws, the malware entered the plant’s systems and hijacked the software controlling the plant’s centrifuges, causing the spinning machines to rip apart and setting the research program back by years. 

At ENGIE, the Stuxnet episode is a constant reminder of the threat to facilities in the energy sector, especially now that many plants are expanding their networks to take advantage of cloud computing and the Internet of Things (IoT). This is something that my team has focused on relentlessly in the past decade, ensuring that ENGIE’s own facilities and wider information systems are secure from external attacks as their connectivity expands.

In 2020 we deployed the Elastic Stack to protect both our industrial facilities and our general IT networks. Since we handle massive amounts of data, we strived for a security and monitoring system that could search data from any source. This ranges from the laptops used by employees to the programmable logic controllers that direct industrial equipment in our plants.

Elastic can search data and detect anomalies. Elastic also enabled us to deploy a flexible alert system that adapts to our networking environment. Today we use our own alerts together with Elastic alerts and Elastic machine learning capabilities to refine detection and reduce false positives. Elastic can also search through years of legacy data, which means that we have both real-time and historical visibility of any vulnerabilities in our systems. 

Opening the door to new business opportunities

As customers became aware of our security infrastructure, they asked if we could help shield their systems from similar threats. Recognizing the need for our expertise, we saw the opportunity to offer security as a service to ENGIE customers. Becoming an Elastic managed service partner (MSP) was the obvious first step, which enabled us to go to market with a range of services including Vulnerability Management and Security Assessments.

A diverse group of ENGIE customers have benefitted from these services, in industries such as energy, healthcare and education. They were also attracted by the scalability of our service based on Elastic technology. These customers don’t have to go all in and buy an expensive suite of services that they may not need in the short term. Together with Elastic we have been able to support organizations with a customized plan of action.

But we also see enormous opportunities beyond traditional IT security monitoring, especially in the field of operational technology (OT). Today, the energy sector takes advantage of lightweight sensors and other devices to build IoT networks that report in real time on the status of plant equipment. 

Being able to proactively monitor and address the corrosion of boilers or pressure vessels, for instance, has the potential to generate huge savings. At the same time, these organizations also need to consider new sources of data.

Monitoring data in healthcare and agriculture

For example, healthcare and pharmaceuticals are sectors that have seen enormous disruption in recent years, especially during the COVID-19 pandemic. Many drug and device trials are starting to take advantage of remote monitoring to gather patient data. This was already underway before the pandemic as pharmaceutical companies sought to reduce the costs of trial site visits to gather data. The pandemic lockdown made these visits even harder, so the need for connected devices and medicines has grown enormously.    

We’re also seeing a lot of interest from the agricultural industry. Farmers already gather satellite data to determine whether their crops have been attacked by pests and can respond before the infestation gets out of control. Drones can send real-time video data for analysis to improve crop health and yields. Combined with sensors in the soil that measure nutrient levels, this promises to transform the agriculture industry in the coming decade. 

Going the extra mile in operational technology

It’s true that energy, healthcare, and agriculture have divergent needs when it comes to gathering sensors and other operational data. But they all potentially benefit from Elastic, which can search data and detect anomalies: corrosion to a boiler, the time at which a patient takes their medicine, or the amount of sunlight received by a crop of tomatoes during an unseasonably cloudy week. This makes ENGIE a competitive differentiator for companies.

Another strength of Elastic is that they stay ahead of the curve when it comes to software updates and responding to the specific needs of customers. We experience quick follow-up on our requests (Eg, they act fast!). When you request a feature that isn’t on their existing roadmap, they are prepared to go the extra mile. For example, we made a security feature request recently for the Elastic Stack and within a couple of weeks it was there as a new release. With their team behind us, we’re looking forward to working with Elastic to further build out a fully operational technology service. 

  • We're hiring

    Work for a global, distributed team where finding someone like you is just a Zoom meeting away. Flexible work with impact? Development opportunities from the start?