How we secure our IoT device deployments

When I talk to manufacturers about their networks, I often hear concerns about security. It's a well-founded worry: as devices multiply and networks grow in complexity, the threat landscape evolves right along with them. At LineInterpreter, we don't just acknowledge these risks; we've built our architecture to withstand them, ensuring your site and data remain protected.

While discussing these vulnerabilities can feel unsettling, I believe transparency is a prerequisite for trust. You are far safer with a partner who confronts these risks with technical depth and rigorous safeguards than with one who minimizes the danger through silence. My goal here isn't to alarm you, but to show you exactly how our expertise works in your favor.

Design Philosophy

When we architect LineInterpreter, we assume the "Assume Breach" mentality. We focus on:

• Threat Landscape: We don't just worry about someone targeting the device; we worry about it being used as a "stepping stone" to your PLCs. Our security is designed to ensure the device is a dead end for attackers.
• Attack Surface Reduction: We follow the principle of "Least Functionality", disabling every service, port, and access point that isn't strictly necessary for production monitoring.
• Blast Radius Limitation: If a device were compromised, what could an attacker actually do? Because of our strict application isolation, an intruder would find themselves in a "sandbox". They would be unable to pivot to your broader network, access other parts of the hardware, or modify the underlying system files.

Risks of Insecure IoT Deployments

Deploying devices into a manufacturing environment and connecting them to the network can introduce several risks.

• Operational Disruption: Compromised devices can disrupt manufacturing operations, causing downtime, and affecting productivity.
• Unauthorized Access: If devices are not properly secured, they can be accessed by unauthorized individuals, leading to potential data breaches or manipulation of the devices.
• Data Integrity: Insecure devices can compromise the integrity of the data they collect, leading to inaccurate insights and potentially costly decisions.

LineInterpreter's Approach to Security

Security is not just a feature for us; it's a fundamental aspect of our design and deployment process. We carefully consider the threat landscape and implement multiple layers of security to protect our customers' sites and data. In this article I'm going to focus primarily on the devices we deploy on-site, and what we do to ensure they are secure.

Device Selection and Hardening

We want our customers to use hardware that they are familiar with and meets their needs, which is why we don't supply our own hardware. Instead, we provide an image that can be installed on a variety of devices. Additionally, we can assist customers with device selection and ensure the hardware is suitable.

Our deployments run on Flatcar Container Linux, a minimal immutable operating system designed specifically for running containerised workloads. Unlike a general-purpose Linux distribution, Flatcar ships only what is required to boot and run containers — there is no package manager, no compiler, and no unnecessary services. The attack surface is minimal by design. We apply significant additional hardening on top:

• Immutable Read-Only OS: Flatcar's core operating system partition is mounted read-only at runtime. Even with local access, it is not possible to modify the running system. Updates are applied atomically via A/B partition swaps and take effect on the next reboot.
• Secure Boot: The OS supports Secure Boot, ensuring that any tampering with the bootloader or kernel is detected and the device simply refuses to start.
• Container Isolation: Every application runs as an isolated Docker container. Our data-collection service, our management interface, and our display layer are all separate — if one were targeted, it has no path to the OS, other containers, or your wider network.
• Verified Container Images: Application images are built in CI, signed, and served from our private container registry. The device cannot pull or run an image that hasn't been published by us. There is no mechanism to "side-load" arbitrary software.
• No Remote Shell Access by Default: Standard device images ship with SSH entirely disabled. There is no remote login surface. Operators who need emergency shell access can optionally provision a personal SSH key at flash time — but this is an opt-in step, not the default, and the key must be provided before the image is written.
• Kernel and Network Hardening: We apply a CIS Level 2 sysctl profile at every boot: IP forwarding is disabled, ICMP redirects are rejected, reverse-path filtering is enforced, TCP SYN cookies are enabled, IPv6 is entirely disabled, and ASLR is set to its maximum level — over twenty individual kernel parameters locked down before any application starts.
• Firewall Configuration: We configure the host firewall to restrict traffic to only what is necessary. The device talks to the specific IP and port of your PLC and our cloud platform — nothing else.
• Structured Logging: All container output is captured by the system journal via Docker's journald log driver — structured, timestamped, and attached to the right service. Logs can be inspected directly from the device management web interface (no terminal or log aggregation server required), or forwarded to your centralised log infrastructure.

That's a big list, but it's important to note that security is a multi-layered approach. No single measure can guarantee security, but by implementing multiple layers of protection, we can significantly reduce the risk of a successful attack. I can say with confidence, that in my 10+ years of experience deploying IoT devices, I've never received a device from a vendor as hardened as the ones we deploy at LineInterpreter. Though some have been close.

Common Threats and How We Mitigate Them

Let's walk through some common threats and how our security measures help to mitigate them.

Flexibility vs. Security

While our hardened Flatcar Container Linux image is the "Gold Standard" for security, we recognize that some facilities have standardized on specific Windows or Linux distributions. We can provide LineInterpreter as a standalone application for these environments.

Note: When deploying outside our image, the responsibility for OS-level hardening shifts to your IT/OT team. We provide a hardening checklist to help your team match our standard security posture in these cases.

Defense in Depth: The Network

Device security is only half the battle. We can work with your IT/OT teams to ensure the network architecture is just as robust. We provide specific documentation for:

• VLAN Segmentation: Isolating IoT traffic from the rest of the corporate network.
• Protocol-Specific Rules: Since every PLC vendor (Allen Bradley, Siemens, etc.) uses different protocols and ports, we can provide the exact firewall "Allow" rules required for your specific hardware, ensuring no unnecessary "holes" are left open.

The goal is to limit the attack surface, prevent unauthorised access to the devices, and contain any potential breaches to a small segment of the network.

Conclusion

Security is a critical aspect of deploying IoT solutions in manufacturing environments. At LineInterpreter, we take a comprehensive approach to security, implementing multiple layers of protection to safeguard our customers' sites and data. By carefully selecting and hardening our devices, implementing strict access controls, and following best practices for security, we can help our customers deploy secure IoT solutions that provide valuable insights while minimizing the risks associated with connected devices. If you have any questions about our security measures or would like to learn more about how we can help you deploy secure IoT solutions, please don't hesitate to reach out to us.