https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Strategy


Thinkstock / iStock / aetb

Security continues to be one of the biggest IoT hurdles.

Why IoT Security Is Scary and What to Do About It

Because of its sheer complexity and variability, the Internet of Things poses unique security risks. There are, however, concrete steps you can take to address them.
  • Written by Brian Buntz
  • 13th May 2016

The FBI has issued several alarming cybersecurity warnings recently. In late April, it noted that there had been a significant spike in ransomware against hospitals, schools, police departments, as well as individuals. In March, it announced that the U.S. government had charged seven Iranian hackers with exploiting nearly 50 financial institutions and compromising the controls of a New York dam. Before that, it released separate warnings indicating that cars, farm equipment, and medical devices were all vulnerable to cyber attacks.

Such warnings underscore the unique security problems posed by the Internet of Things, which encompasses billions of objects encompassing everything from connected cars to energy grids.

Security has been one of the top concerns in the IoT space since the British entrepreneur Kevin Ashton coined the term “Internet of Things” in 1999. According to a multi-industrial survey organized by Penton, security and data privacy were the two biggest concerns in the IoT space.

There are wholly new business models involved in the IoT and they are quickly evolving. “As these business models change, they require more interoperability and sharing of data and exchanging of command of control across ecosystems and partners,” said John Sirianni is VP of IoT strategic partnerships at Webroot in an interview at IoT World on May 11 (pictured). “The number of interfaces—between devices, databases, and networks—is growing exponentially. Those interfaces are opportunities for loss of command and control.”

Webroot debuted an IoT Gateway application dubbed BrightCloud Threat Intelligence for IoT Gateways at IoT World.

The sheer variability of the IoT field is another enormous challenge. “Every company or enterprise has a different view of what they would like to accomplish,” Sirianni said.

Webroot officials have identified integrated transportation as being one of the IoT areas with the biggest potential risk. This includes entities ranging from airports to smart seaports. “Both of those tend to have very distributed networks of remote devices with many different protocols, vendors, and interfaces,” Sirianni says. “It is complex. And your security is only as good as your weakest link.”

Webroot officials see DDoS as one of the major security concerns for critical infrastructure projects. In 2015, the company also observed an uptick in ransomware attacks targeting medical and energy-production facilities.

Smart cities also pose unique risks. “As you get into smart cities and look at the operational technology such as traffic control, parking meters, and energy management, sewage, water, and all that kind of stuff, you have a lot of complex devices that are often deployed for for decades,” Sirianni explains. “Where cyber-criminals decide to exploit those systems could be any number of areas: it could be from a PC, tablets that workers use to maintain or upgrade these devices. The threats can really come in anywhere.”

Tackling the Problem

1. Have Real-Time Threat Protection and Intelligence. Because of the unique concerns posed by the Internet of Things, Webroot says that it is crucial to have real-time threat protection and intelligence, and to adapt quickly once threats are identified. “If you can provide an up-to-date understanding of where those threats are coming from, you can stop an exploit whether it be the deed of data exfiltration, network intrusion, or loss of command and control. If you can detect it early enough, you can stop the ransomware in its tracks,” Sirianni says. “But there is no way to design in security 100% because the cybercriminals are innovating very quickly.”

IoT developers should be diligent to ensure that security is factored into every link in the IoT chain. For instance, while software breaches get a lot of press, companies developing IoT platforms sometimes dismiss the threat posed by hardware vulnerabilities.

2. Don’t Neglect the Endpoints. “Endpoint software agents can leverage cloud-based real-time data like threat intelligence to prevent, detect, and block new cyber threats targeting IoT devices and systems, and can be designed into the devices and turned on anytime once deployed in operation,” Sirianni says

“It’s important to pay attention to gateways within the network, as they can be used just like next-generation security appliances to inspect and filter all incoming and outgoing traffic between devices and their control systems in the local IoT platform or over the internet. By doing this, organizations will be able to detect malware before it reaches the network or any endpoint devices.”

3. Engage with Machine Learning and Automation. Automation and machine learning will be a crucial component in IoT cybersecurity, Webroot officials predict.” Leveraging machine learning technology allows organizations to draw correlations among the massive volume of data they collect, all in a streamlined manner,” Sirianni says. “With the amount of emerging vulnerabilities, automation, and machine learning are vital to combatting cybercrime effectively. Autonomous remediation of compromised systems is critical for continuity of service and to keep operational costs to a minimum.”

4. Pay Attention to the Cloud. With the influx of connected devices emerging, more information is moving from traditional on-premises systems into the cloud, Sirianni says. “This is a top challenge for OEMs and IT providers as they try to navigate IoT security, as many conventional security technologies only support on-premises systems.”

“At the same time, hackers have their eye on the cloud. The cloud’s rise in popularity has quickly become a key target for cybercriminals, and weaknesses are found and exploited on a regular basis,” Sirianni adds. “The vulnerabilities of cloud-based infrastructure can wreak havoc on IT providers and system integrators. OEMs and system manufacturers should implement a cloud-based security solution that offers a secure online backup solution. This way, it ensures organizations don’t lose data when an endpoint is compromised. The solution should also provide online access to files from any IoT device.”

5. Be Careful with Vendor Selection. Sirianni recommends that companies developing IoT platforms be extremely careful when working with vendors involved with their infrastructure. “You should have a good conversation about cybersecurity risks and do your diligence during vendor selection,” he says. Vendor choice is especially important because of the quickly growing number of IoT-related startups with little experience dealing with information security.

6. Ensure Only Authorized Users Have Access. The U.S. government has a long history of developing computer software that precisely restricts data access according to the rank of the user. Digital access control systems should be carefully planned to ensure that authorized users have access to sensitive information and studying how that data access is being used. That doesn't mean that such systems are foolproof, however. Edward Snowden's downloading of numerous NSA documents has prompted that agency to rethink how it stores sensitive information. 

On a related point, passwords continue to be a standard method of authenticating users, yet weak passwords have long been one of the chief reasons behind data breaches. Authenticating users based on multiple factors is substantially more effective from a security standpoint.

7. Carefully Explore How Users Will Deploy Your IoT Application and Cybercriminals Might Exploit It. The Cloud Security Alliance recommends performing use case analysis for IoT platforms accompanied by an architectural diagram that covers how the system interfaces with other computers, the flow of data, and security resources. Following that, the association recommends a thorough exploration of how cybercriminals might target the IoT system.

8. Study the Latest Security Advice from Government and Other Relevant Associations. Companies developing IoT technologies would be well served by studying government recommendations on security. FTC and FDA, for instance, have each released specific security recommendations covering a range of consumer devices and medical technology.

Outside of the U.S. government, the GSMA has recommendations that are specific to the Internet of Things. “The GSMA has very good recommendations on security and security architecture,” Sirianni says. The association released its latest guidance in February 2016. “If most device system designers would adhere to those basic principles, they will create a system that is more robust than the guy next door. And the cybercriminals will go to the system next door,” Sirianni quips.

 

Tags: Article Strategy

Related Content


  • AI Summit 2022: Health Care AI Group Wins Into the Den Competition
    Panakeia wins the dragon-den style pitching competition from 30 of the best and brightest AI startups
  • Ukrainian president Volodymyr Zelensky
    AI Summit 2022: Ukraine President Zelensky, as Hologram, Asks Technologists for Help
    He will offer tech companies a digital lend-lease akin to World War II
  • Chinese Researchers Develop Mind-Controllable Metasurface
    Bluetooth-enabled sensor uses brainwaves to control scattering patterns on programmable metasurface
  • Image shows a fire truck in New York City
    Nvidia Files Patent to Help Self-Driving Cars Detect Emergency Vehicles
    The company’s solution could prevent AV’s from interfering with first responders on the road

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Image shows Volkswagen's V.MO flying taxi
    VW Reveals Autonomous Flying Taxi
  • 5G connectivity
    The Future of 5G Featured at IoT World 2022
  • Mars Drones Complete Testing on Active Volcano
  • Image shows U.S. Route 66
    GM to Double Hands-Free Road Network

Roundups

View all

IoT Deals & Partnerships Roundup: Nokia, Accenture and More

29th July 2022

IoT Deals & Partnerships Roundup: Nokia, SoftBank, Microsoft and More

15th July 2022

IoT Product Roundup: Nokia, Energous, Dashbot and More

6th July 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Events

View all

IoT World Expo Austin

2nd November 2022 - 3rd November 2022

Latest Videos

View all
Image shows a road within the Curiosity Lab at Peachtree Corners

Brandon Branham, Peachtree Corners, on Smart Cities

Peachtree Corners CTO and assistant city manager chats with IoT World Today’s Chuck Martin about what’s happening at Curiosity Labs

Image shows a Beep electric autonomous shuttle

Joe Moye, Beep, on Self-Driving Shuttles

Beep’s CEO chatted with IoT World Today’s Chuck Martin about the deployment of the company’s electric autonomous shuttles

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Building trust for a connected world

25th August 2022

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

The Future of 5G Featured at IoT World 2022 dlvr.it/SW6Szm https://t.co/eXWr6mfQya

5th August 2022
IoTWorldToday, IoTWorldSeries

Mars Drones Complete Testing on Active Volcano dlvr.it/SW6M4d https://t.co/mB8Suz1hzU

5th August 2022
IoTWorldToday, IoTWorldSeries

Honeywell Partnership Provides Flying Car Control Technologies dlvr.it/SW3t5n https://t.co/iFftFZaHxD

4th August 2022
IoTWorldToday, IoTWorldSeries

Driverless Autonomous Vehicles Arrive in China dlvr.it/SW3nzN https://t.co/nAVugrMzqG

4th August 2022
IoTWorldToday, IoTWorldSeries

Hyundai Reveals Futuristic Smart City With Automated Transport dlvr.it/SW3jgr https://t.co/fPaR8B0ikN

4th August 2022
IoTWorldToday, IoTWorldSeries

More Intelligently Converting DC Voltages dlvr.it/SW2tKz https://t.co/SMFWhTPpCW

4th August 2022
IoTWorldToday, IoTWorldSeries

Illinois Researchers Use AI to Teach Robots Teamwork dlvr.it/SW1DsC https://t.co/M3wqXN9JaR

3rd August 2022
IoTWorldToday, IoTWorldSeries

BMW Reveals $308M Test Track for Autonomous Cars dlvr.it/SW0D8q https://t.co/3zXFVnl4rd

3rd August 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X