https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


What’s in Store for IoT Security in 2017

Security professionals provide a forecast of what is in store for Internet of Things security next year.
  • Written by IOT Content Manager
  • 17th November 2016

In 2016, we saw some of the first big IoT-fueled cyberattacks, including one in October that knocked a big chunk of the internet offline. As we head into a new year, security will become a sharper focus for the young Internet of Things industry but a small talent pool of security professionals will make it challenging to keep up with hackers.

1. Embedded Security Will Finally Get Serious 

While the topic of embedded security pops up fairly often, it is easier to pay lip service to the concept than to actually build security into hardware. That is changing, says Robert Vamosi, security strategist with Synopsys. “Devices, once thought to be too small to include their own security, will undergo a more thorough analysis beginning with firmware testing,” he says. “The software inside the chip is just as important as the application controlling it. Both need to be tested for security and quality. Some of the early IoT botnets have leveraged vulnerabilities and features within the device itself.”

2. Inspecting the Cyber Supply Chain Becomes a Priority

Third-party software is rampant but is often not sufficiently tested. “Some of the early IoT botnets have leveraged vulnerabilities and features within third-party chipsets found inside the devices themselves,” says Robert Vamosi of Synopsys. “Understanding the bill of materials for the software components found in each chipset added will become important as IoT vendors rush to protect themselves from expensive recalls.”

3. IoT-Fueled DDoS Attacks Will Remain a Problem

There is little that can be done for now to avert DDoS attacks like the Mirai botnet that brought down much of the internet in October. One factor that could help is if industry and regulators require ISPs to start playing a more active role managing network traffic. There would, however, be “a different set of costs to Internet users in security and privacy concerns” if this were to happen, says Todd Inskeep, advisory board member for RSA Conference. “Longer term, we could think about security requirements for all Internet enabled-devices, but that comes with its own set of issues: which requirements, who verifies compliance. This could lead to conflicting security concerns in different regions and geographies,” Inskeep says. “The internet was designed to be open and resilient, assuming that all the actors were self-interested to be at least benign if not helpful. Instead, we continue to find individuals, organizations, and apparently nation-states with malicious intent.”

In the meantime, there are things that companies and individuals can do reduce the power of botnets. According to Trevor Hawthorn, CTO of Wombat Security, there are three most steps people can take to avert botnet problems. First, don’t allow IoT devices to be exposed to the open internet. “This is probably the most important consideration,” he says. Second, ensure IoT devices are kept up to date. Third, change all default passwords on all devices.

4. Companies with IoT Projects Will Try to Think Like Hackers

 In 1993, Saturday Night Live aired a skit that poked fun of the auto industry’s strategies of protecting vehicles using solely alarms and steering wheel locks like the Club.

 “In the nineties, you don’t need a car to tell the world you are wealthy. But you do need a car to tell the world you are smart.” The answer is a car, the Chameleon XLE, that looks like a piece of junk from the outside but offers luxury within and a strong engine under the hood. “A car thief takes one look at this, and keeps right on walking,” explained the mock ad.

Although a joke, the SNL skit highlights the need for thinking like a criminal. Both cybercriminals and car thieves are drawn to valuable targets that can be easily broken into. Organizations with IoT devices should focus not just making their products more secure, but also on understanding why attackers are drawn to their products in the first place and how they can make them less attractive targets.

Related: Security Experts Shed Light on the Mirai Botnet

In the technology field, many have struggled with security, even though the same basic threats have remained similar for decades. “IoT threats are fundamentally the same threats we’ve been trying to manage for the last 20 years: malicious actors (individuals, organizations, and nation-states) trying to gain advantage by disrupting the confidentiality, integrity, and availability of data and services,” says Todd Inskeep, Advisory Board Member for RSA Conference.

 IoT devices, however, open up new territory when it comes to information and services. “These new devices process different kinds of information, and are more likely than previous devices to have real-world impacts,” Inskeep says. “An IoT device in a manufacturing line could be disrupted to mix chemicals in the wrong proportions. An IoT device at home might be hackable to unlock a door, or share videos from inside a company with people outside the company. While these threats are the same, the risks may be very different.”

5. Finding IoT Security Talent Will Stay Tough

The need for security professionals throughout the entire tech industry outstrips supply. The IoT industry is no different, says Todd Inskeep, advisory board member for RSA Conference. “It’s a challenge for all industries to find security talent,” agrees Trevor Hawthorn, CTO of Wombat Security. “Well-funded and well-known vendors will have an easier time. The problem is that the flood of small, cheap products are made by offshore manufacturers that have a poor security track record. As we have seen, offshore IoT device manufacturers are not that interested in security to begin with, so they would likely have a hard time finding talent if they were looking.”

In the meantime, the product security industry will be well-served to draw on existing security models. “We’ve seen the rise of a new category of security professional – chief product security officer, and their support staff, the product security officer and product security engineer, but the people in these roles often say they thought they were the only one,” Inskeep says. There’s a variety of requirements documentation relevant to these professionals including NIST’s FIPS-140 for hardware and the globally recognized Common Criteria model for software and systems. Another example is the more software-focused Building Security In Maturity Model.

6. Situational Awareness Becomes a Bigger Security Objective

With the forecasts of billions of IoT devices blanketing the planet, it becomes critical to keep track of which devices are deployed where. But it is easy to lose track. “With IoT devices deployed within IPv4 networks, organizations should be able to scan or ‘see’ what IoT devices are deployed on their networks,” says Trevor Hawthorn of Wombat Security. “With IPv6, it is possible to have so many IPv6 addresses that it is near impossible to scan your perimeter. Organizations will need to focus on other methods to keep a handle on what they have and what is exposed.”

Tags: Article Security Technologies

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image shows Unilever's Alberto Prado at AI Summit 2022 in London

AI Summit 2022: Unilever’s Alberto Prado

Prado talks about how Unilever is using AI to accelerate the speed of new discoveries and gives them access to more breakthrough innovation

Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

🤔 Looking for 3 Strategies to Avoid IoT Key Theft? We’ve got you covered! As tech companies continue to develop an… twitter.com/i/web/status/1…

5th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: Unilever’s Alberto Prado dlvr.it/STMpRN https://t.co/1dyLREr8N6

5th July 2022
IoTWorldToday, IoTWorldSeries

Seoul Robotics Expands 3D Perception Platform across South America dlvr.it/STMhSV https://t.co/a10l3Eb2Kn

5th July 2022
IoTWorldToday, IoTWorldSeries

Microsoft Extends Secured-Core Program to IoT Devices dlvr.it/STMg4k https://t.co/laBPF5VjC4

5th July 2022
IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X