https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


SonerCdem / iStock / Thinkstock

Questions

IoT Security Starts with Asking Tough Questions

Journalists strive to write stories that answer questions starting interrogative pronouns. But such questions are also indispensable for IoT companies launching IoT projects as well.
  • Written by Kshitish Soman
  • 10th January 2017

By now, everyone and their dog should know about the sorry state of Internet of Things security. There have been tales of hacked Jeeps, botnets that can bring down the internet, and, more recently, allegations of hacked elections. And yet there has been more of a focus on IoT security misfires than on actually making the IoT more secure. But with technologies like self-driving vehicles, the connected factories, smart cities, and self-checkout grocery stores poised to go mainstream, security of the IoT should be one of our top priorities.

Many security vendors are looking to cash in on the situation, proffering solutions that promise to solve our IoT security woes. Some of these are solutions looking for a problem while others are simply hype riding on hope.

If you talk with security professionals, you’ll quickly realize that securing the IoT is a never-ending game of cat and mouse. IoT security is not a battle you can simply hope to win once and for all.

Related: IoT Security: The Darkest Cloud Yet is Coming

This intro article aspires to provide the foundation for a comprehensive approach to IoT security. A sequel on mapping out security countermeasures will follow. While this article won’t provide you with a one-size-fits-all solution, it will give you the tools to ensure that you have mapped your risks. 

Asking the Right Questions

In technology, analyzing a problem requires taking the time to ask and answer hard questions. Securing the IoT is not different. Like any large systems implementation, the IoT space has its own software and hardware security concerns. But, unlike a typical technological system, with the IoT, the physical world includes more than securing computers, networks, and other assets whose primary purpose is to support software functions. So, as your organization works through these questions, think about everything that can materially impact the IoT in the physical and virtual world.

An effective IoT strategy must answer these six questions:

1. Why Do We Need to Secure Our IoT Application?

As a software implementer, I often see this question is not answered, or the answers to it are simple and naive. Here’s an example: “Why should we secure the IoT? Well, duh! Everybody is doing it! Security should always be a priority.” Bad answer! (Everybody’s not securing their IoT applications, but that is the subject of a separate article.)

Coming up with a good answer to this question requires carefully considering how your organization functions. Answering the ‘why’ portion of the question could include legal, regulatory, compliance, and liability factors that may be outside of your immediate environment. Also, it’s worth noting that as time goes on, the ‘why’ will likely change, which could require you to update your security strategy.

2. What Is It That We Are Trying to Secure?

Again, the answer to this question may seem simpler than it is. It’s not enough to say: ‘Well, we are securing our software and data.’ Often, the answer is quite complex for software implementation projects. And it’s going to get even more so in the world of the IoT where physical and virtual are intertwined. When dealing with the IoT, you are looking to secure various asset types. These could include edge assets (such as sensors and processors), networks, cloud computing systems, data, servers, people, controlled assets, and many others. For example, if you have humidity sensors in your IoT implementation, and a hacker manages to either tamper with them or subject them artificially to out-of-boundary humid or dry conditions, what would that do to your overall system?

3. Who Can Interact with Our IoT Solution?

Fortunately, this question tends to be relatively simple to answer. But the ‘who’ doesn’t just include the various people who interact, both directly and indirectly, with your technology. With the IoT, the ‘who’ can also be non-human. It can be a computer system, machine, tool, or something else. The type of interaction between humans and machines has expanded from just touch (think levers, buttons, touch-screens, keyboards, mouse, and so on) to other methods of input, including methods such as speech and sound. You also might have to worry about sensors or even whole networks of connected sensors. To summarize: The ‘who’ in the above question can refer to anything and anybody that has a relevant interaction that could be subject to misuse.

4. How Will My IoT Technology Be Used?

This question builds on the ‘who’ and ‘what’ questions above. For example, consider a healthcare professional visiting an older patient in a home-care setting. The healthcare provider interacts with the biological monitoring equipment differently than the patient. Here, we have two different parties representing the ‘who,’ one piece of equipment representing the ‘what’ (the biological monitoring equipment), and several interaction types for ‘how.’ The various ways in which these interactions happen may need to be secured.

5. When Will the IoT Technology Be Used?

This question adds the time dimension to the various interactions defined by the ‘how’ above. Context is important here. For example, in the above scenario with the home health worker, their visits to the patient may be periodic. Do we know this interval? What happens if an impersonator tries to gain access and do something with our IoT technology but doesn’t fall within our known time interval? Thus, defining when various interactions are permissible and when they are not, helps in defining the overall security goals.

6. Where Will the Technology Be Used?

This question adds a spatial dimension to the previous questions. If you are developing a baby monitor, would you grant access to users that are not physically present in the same geographical location? What happens when someone from, say, Asia tries to access a baby monitor in the United States. Or what about a neighbor who lives across the street? Should they have access to the device? And are you granting access to the baby monitor to just the baby room or the family’s whole house? This may sound like a lot of questions, but it is precisely scenarios like this that you must consider when attempting to secure an IoT device.

To conclude, building a tenacious IoT defense starts with relentless questioning concerning your technology. After considerable deliberation, you can come up with solid answers to these questions. But you should not be satisfied with your answers, thinking you have forever outsmarted hackers. Ultimately, the questions you ask should be something like Zen koans—they should open you up to potentially limitless investigation rather than fixed answers.  

Still, as powerful as questioning is, it is not sufficient. The sequel to this article will address the next step: developing countermeasures to address your vulnerabilities that you uncovered along the way.

Tags: Article Security Technologies

Related


  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Five Principles in a Zero-Trust Security Approach to IoT
    IoT devices have created vulnerability for IT networks, but a zero-trust security approach can lock down attack vectors. Here are five key principles.
  • Tactics for Successfully Selling IoT Technologies
    While this year has proven the value of digitization, many enterprises need persuasion. Experts discuss strategies for successfully selling IoT.
  • LynxSecure Datasheet
    LynxSecure is a tiny separation kernel that can be programmed to partition a modern processor into secure virtual environments. It is not RTOS. It is not a traditional hypervisor. It is smaller than a microkernel (as small as 15Kb). LynxSecure requires and leverages the hardware virtualization capabilities of certain modern CPUs to (1) establish secure […]

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Cybersecurity Crisis Management During the Coronavirus Pandemic
  • In Industrial Realm, Trustworthy Software Means Safety
  • Integrating Analog Controls into IIoT Systems
  • Dell Sells RSA Security for More Than $2 Billion

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart Manufacturing With IoT

4th December 2020

Ensuring Safety & Security of Pharmaceutical Supply Chain: A Case Study

4th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

At #CES2021, @verizon touts #5Gconnectivit as the key to digitization in pandemic times. But experts say there are… twitter.com/i/web/status/1…

12th January 2021
IoTWorldToday, IoTWorldSeries

The #privateLTE market is due to grown, given increased needs for #networkperformance and #networkbandwidth.… twitter.com/i/web/status/1…

12th January 2021
IoTWorldToday, IoTWorldSeries

As #IoTdevices and #IoTdata proliferate at the edge of the network, IT pros need to take these steps for… twitter.com/i/web/status/1…

11th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X