Guardian Air: When Protecting Wireless Environments Is a Priority

Guardian Air: When Protecting Wireless Environments Is a Priority

It’s been a while since Wi-Fi was a novel technology in computer networking. You might remember a Linksys black and blue “router” with 54 Mbps speeds, which was lighting fast back in the day. Since then, 20 years have passed from the introduction of 802.11g (54 Mbps) to now, a world where Wi-Fi is available everywhere, including OT and especially IoT environments.

But wireless technologies extend far beyond Wi-Fi. The wireless spectrum is wide, and we need to think about everything we can’t see when it comes to protecting critical infrastructure.

The Electromagnetic Spectrum

Visible light is just a tiny portion of all the available frequencies in the electromagnetic spectrum. The fact that we cannot see the rest of the spectrum doesn’t mean it does not exist. We just need different instruments to help us detect those frequencies. Space telescopes are a great example – they can help us interpret the spectrum from X-ray to Gamma ray.

The electromagnetic spectrum is broad, illustrated by the range of wavelength sensitivities observed by various space telescopes. (Source: NASA)

But what does this have to do with OT and IoT environments? Beyond Wi-Fi, other types of standard wireless frequencies have emerged for specific use cases, and they’re present in our industrial and critical infrastructure environments. There are long range technologies where LoRaWAN and cellular are present, building and industrial automation use cases using Zigbee or 802.15.4 based technologies, Bluetooth, and so on. They’re also in industrial automation enabled devices and tools and IoT devices. We can’t see them, yet we use these technologies on a daily basis.

It is undeniable that wireless technologies are here to stay. And while they bring the conveniences of no wires and high-speed connections, there are also risks associated with broadcasting all your data over the air. Incident response firm Hedgehog Security reported an incident impacting the UK healthcare sector from May 2021. The IT department was certain that an intrusion had occurred but there were no signs of intrusion from any perimeter technology and their SIEM had little to no alerts. During the investigation, it was apparent that the client had been subjected to a successful “over the air” attack through smart TVs, and from there to the Wi-Fi hotspots.

Beyond IoT, one can’t avoid considering OT and the impact of wireless technologies in that area. What about industrial automation being done over the air? Or equipment that can be tracked, updated or controlled using wireless protocols? The risk is immense when it comes to unchecked wireless spectrum. Can we afford to not see?

Introducing Guardian Air, Cybersecurity for the Wireless Spectrum

As a leader in OT and IoT cybersecurity, Nozomi Networks recently turned its focus toward the implications of wireless technologies in critical infrastructure environments. Just like cloud technologies, wireless is becoming omnipresent and fewer OT environments are disconnected/isolated or fully wired.

So, Guardian Air was born.

The Guardian Air sensor gathers information about wireless networks available in the surroundings, as well as wireless assets “in the air.” It works with Vantage, our cloud solution for OT and IoT cybersecurity. The information gained from Guardian Air provides operators with the power to identify potential threats, suspicious behavior and even locate suspicious devices on a map using triangulation.

Wireless networks as shown in the wireless tab in Nozomi Vantage – enabled by Guardian Air.

In October 2022, security researcher Greg Linares published an incident report on a drone-fueled Wi-Fi cyberattack in the U.S. against a financial services company. The drone was flown outside the company’s facilities and was able to connect to the company’s Wi-Fi network and steal sensitive information. With Guardian Air on premises, the company’s building automation system could have detected the presence of the drone, identified its location, and triggered an alarm.

Guardian Air creates an extensive database of known attacks of both wireless and wired devices. This gives asset owners an unprecedented and holistic view of what’s on their networks.

Wireless assets as shown in the assets tab in Vantage – enabled by Guardian Air.

Now, it is not just about PLCs, sensors, intelligent valves and so on, it’s about controlling devices with wireless technologies and making sure no man in the middle attacks are being performed, or no information is being stolen. Bear in mind that that flaws in wireless industrial IoT solutions can give attackers deep access into OT networks. As industrial cellular gateways and routers become more widely used, they expose more IoT devices to attackers and increase the attack surface of OT networks.

With Nozomi Networks’ experience securing OT and IoT environments, operators can understand their environment like never before with the ability to monitor the previously unseen wireless spectrum, in combination with our suite of products purpose-built for OT and IoT environments.