There is No End to Cyber Security Challenges in IoT


Hemant Dusaane

With the proliferation of devices connected to the Internet via Internet of Things (IoT), the security risk and complexity are also going to increase manifold. Cybersecurity expert Hemant Dusaane, who is currently the Information Security & Risk Management Officer at Rage Frameworks, shares some insights into the key trends in IoT security, the emergence of IoT startups and its impact, and tips to safeguard deployments.

 

While IoT opens a whole new world of opportunities, it has also raised the business risks significantly. The devices significantly expand the attack surface. IoT devices are more accessible to malicious threat actors. What are some of the key trends you're witnessing?

Visionaries from the industry have been predicting about globally connected intelligent devices arriving in the near future. To be precise, today, numerous industries are already using IoT technology, but this is just the beginning.

·         IoT has introduced unprecedented growth in devices and data in all industry sectors.

·         Ultimately IoT has introduced an avalanche of new devices, network traffic, and protocols to the mix.

·         Health care sector is moving to 24/7 monitoring and treatment.

·         Smart cars are leading to improved automobile reliability and customized insurance plans.

As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow. The following are some key security trends in the IoT industry: insecure Web interface; insufficient authentication or authorization; insecure network services; lack of transport encryption; privacy concerns; insecure cloud interface; insecure mobile interface; insufficient security configuration; insecure software or firmware; and poor physical security.

 

The companies producing today’s top IoT devices are mostly startups, which can't bear the cost of an army of security experts and white hats to ensure secure deployments. What could be a way out of this problem?

In today’s world, there are no alternatives to achieve cyber security for any industry. Perhaps startups can take the help of easily available resources such as FCC Small Biz Cyber Planner 2.0, CloudFlare, NSFOCUS and StaySafeOnline.org, etc.

A small checklist for any startup is:

1.       Verify cloud services for the cyber security aspect; a quick audit on cloud services will help.

2.       The impact of ransomware is growing for all industries. Look out for solutions which can help you to prevent it.

3.       Spear phishing is trending and targeting new companies, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems. Verify authenticity of each email communication you receive.

4.       Always identify and fix known vulnerabilities within your product, application and website, etc.

Commodity pricing places an enormous strain on security engineering and maintenance of IoT devices. Many of these IoT devices are by design inexpensive to manufacture, which means companies are less likely to spend more dollars on securing them. If this continues, what could be its likely impact on cybersecurity?

Everyone is aware about the fact that achieving cyber security is an additional cost for any company in any industry. To reduce cost, the cyber security process can be embedded into the manufacturing process, instead of separately following it. If any loop is addressed during the manufacturing phase, the cost of implementing additional steps for cyber security for an IoT product will be reduced by 50%. If cyber security is an additional solution along with the IoT product, then you can reduce deployment complexity, eliminate on-going management headaches and create more awareness so that the cost of implementation will be reduced.

I guess ISO has a working group assessing how the ISO 27000 family of security standards might be adapted to address IoT security needs. Also, the IEEE Standards Association is working on an architectural framework that is expected to address IoT security, privacy and safety issues. What importance do you assign to the standards in addressing the security challenges facing the IoT industry? Also, what other steps can be taken in this matter?

Initially, broad IT standards like COBIT and ITIL were followed to achieve cyber security in the field of IoT. There are some industry-specific standards, e.g. PCI, that have been developed and used. ISO 27001 attempted to provide universal global standards and certification for any industry. So if the IoT industry wants to achieve the baseline of cyber security, they can follow ISO 27001. There are certain government agencies like NIST, driven by the US government, who are also creating an IoT-specific cyber security framework. IEEE is one organization attempting to provide overall standards to IoT, including security. So once an IoT company achieves the baseline of cyber security (ISO 27001), they can progress toward implementing the bigger framework created by NIST or IEEE.

 

In future, how do you see the cybersecurity landscape evolving, especially in the context of IoT?

Currently, the IoT sector is majorly engaged with government agencies for managing national power grid, nuclear programs, mining and telecom, or government-owned sectors. Hence cybersecurity has become a ‘tier 1’ priority alongside international terrorism and major national incidents. To respond to the security requirements for the existing and emerging security threats in the Internet of Things, various IoT cyber security foundations have been established. As mentioned earlier, independent non-profit organizations like NIST, IEEE and many more are creating cyber security programs and frameworks to address the challenges in the context of IoT.

IoT is the technology transition where devices allow us to sense and control the physical world. But now, it is also part of something even bigger. The Internet of Everything (IoE) is the networked connection of people, process, data, and things. Its benefit is derived from the compound impact of these connections and the value it creates as "everything" comes online. IoT solutions on devices, gateways and infrastructure nodes include the following: connectivity layer (such as that provided by networks that use IEEE802.15.4, LTE/3G/2G, Wi-Fi, Ethernet, RS485, Power Line Communication and IP based protocols), service layer (middleware such as the one being specified by oneM2M) and application layer. IoE leads to big data and analytics and research challenges for numerous fields. So there is no end to cyber security challenges as well as evolution of technologies to mitigate those.

Categories: Internet of Things

About Author

Orange Themes

Rahul Neel Mani

Rahul Neel Mani is the Co-founder and Editor of Grey Head Media. Rahul has nearly 20 years of experience in ...

Read more

Write a Comment

Your e-mail address will not be published.
Required fields are marked*

*

Recent Comments