A new partnership with satellite provider Inmarsat will help remote Australian farmers use Internet of Things (IoT) sensors to monitor water supplies around their properties – but in a climate where IoT devices are increasingly being targeted by cybercriminals, securing the systems will be as essential as deploying them.

The agreement – which partners satellite services provider Pivotel with network operator Inmarsat and agricultural IoT supplier Farmbot – will allow farmers to query the water levels in the more than 430,000 rural water tanks and 1 million dams and reservoirs spread across often distant parts of their properties.

It addresses a significant challenge that farmers face in ensuring adequate water supplies for crops and animals, which have been struggling in the face of droughts that academics believe may be the worst Australia has faced in 800 years.

More than 2,800 deployed Farmbot sensors allow farmers to remotely monitor water levels – providing live camera feeds, alerting them if water levels are low, and allowing them to operate pumps to redirect water wherever they happen to be.

Satellite connectivity, via Inmarsat’s IsatData Pro service, provides blanket coverage in areas where mobile networks don’t reach – providing a monitoring and control capability for farmers that have, according to Farmbot managing director Andrew Coppin, previously been “hamstrung by cellular network connectivity issues”.

“Affordable satellite-controlled pumps and machinery is a first for the Australian agriculture industry,” he noted in announcing a partnership that he said will offer “tangible productivity gains” for farmers that no longer have to travel massive distances to monitor and reallocate diminishing water stocks.

Crosshairs on IoT

The promise of IoT tools for remote sensing applications has long been recognised, with major investments in supporting networks such as an IoT network from Telstra and a recently-announced partnership that will see IoT network provider NNNCo build a LoRaWAN network across Tasmania.

Yet just as new networks help their users roll out next-generation monitors and other devices, they also create new avenues for malicious hackers – and new risks for societies where critical operational technology (OT) infrastructure can now be controlled with a mouse click.

A 2018 ACS report predicted that 25 per cent of attacks on businesses would involve IoT devices by this year – and the prediction was recently validated by a Nozomi Networks analysis that found cybersecurity threats against OT targets had surged in the first half of this year.

Attackers are compromising IoT devices, reusing old tricks and developing new exploitation methods – many of which use COVID-19 related lures to place malware inside businesses – and using botnets like Dark Nexus and attacks from OT-aware ransomware like Snake/EKANS to extract ransoms that had increased ten-fold over the last year, to an average of $435,000 (US$302,539).

A heightened climate of nation-state cybersecurity activity had exacerbated the problem, according to Nozomi Networks co-founder Andrea Carcano, who called the escalation a “serious concern” and said protecting companies was “daunting, but not impossible”.

Fully 57 per cent of IoT devices are vulnerable to medium or high-severity cyber attacks, the report warned.

Security researchers at Forescout Research Labs dug deeper into the trend, with the recent Enterprise of Things Security Report exploring the relative vulnerability of five industries based on the types of devices they use.

Uninterruptible power supplies were the riskiest devices in the financial services and manufacturing industries, while government and retail organisations faced the biggest threats from physical access control and HVAC environmental systems.

Networked devices, such as IP cameras, programmable logic controllers, networked ‘smart lighting’, and emergency communication systems were among the IoT devices judged to introduce the most risk into contemporary networks.

Given the increasing exposure of IoT networks, their extension into space – hastened by the deployment of microsatellite low earth orbit (LEO) networks from the likes of Lacuna Space and Australian startup Myriota – has prompted concerns about the new vulnerabilities they can create.

“While terrestrial networks handle peak load well, disaster handling and critical infrastructure scenarios are served well by satellites, which are unaffected by most ground-based events,” Trend Micro principal threat defence architect Craig Gibson wrote in a recent analysis that also noted the satellites’ vulnerabilities and conventional ‘dumb pipe’ design made them open to manipulation.

“Ensuring the security of satellites, therefore, acquires even greater importance and warrants more initiatives to that end.”