https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


SonerCdem / iStock / Thinkstock

Questions

IoT Security Starts with Asking Tough Questions

Journalists strive to write stories that answer questions starting interrogative pronouns. But such questions are also indispensable for IoT companies launching IoT projects as well.
  • Written by Kshitish Soman
  • 10th January 2017

By now, everyone and their dog should know about the sorry state of Internet of Things security. There have been tales of hacked Jeeps, botnets that can bring down the internet, and, more recently, allegations of hacked elections. And yet there has been more of a focus on IoT security misfires than on actually making the IoT more secure. But with technologies like self-driving vehicles, the connected factories, smart cities, and self-checkout grocery stores poised to go mainstream, security of the IoT should be one of our top priorities.

Many security vendors are looking to cash in on the situation, proffering solutions that promise to solve our IoT security woes. Some of these are solutions looking for a problem while others are simply hype riding on hope.

If you talk with security professionals, you’ll quickly realize that securing the IoT is a never-ending game of cat and mouse. IoT security is not a battle you can simply hope to win once and for all.

Related: IoT Security: The Darkest Cloud Yet is Coming

This intro article aspires to provide the foundation for a comprehensive approach to IoT security. A sequel on mapping out security countermeasures will follow. While this article won’t provide you with a one-size-fits-all solution, it will give you the tools to ensure that you have mapped your risks. 

Asking the Right Questions

In technology, analyzing a problem requires taking the time to ask and answer hard questions. Securing the IoT is not different. Like any large systems implementation, the IoT space has its own software and hardware security concerns. But, unlike a typical technological system, with the IoT, the physical world includes more than securing computers, networks, and other assets whose primary purpose is to support software functions. So, as your organization works through these questions, think about everything that can materially impact the IoT in the physical and virtual world.

An effective IoT strategy must answer these six questions:

1. Why Do We Need to Secure Our IoT Application?

As a software implementer, I often see this question is not answered, or the answers to it are simple and naive. Here’s an example: “Why should we secure the IoT? Well, duh! Everybody is doing it! Security should always be a priority.” Bad answer! (Everybody’s not securing their IoT applications, but that is the subject of a separate article.)

Coming up with a good answer to this question requires carefully considering how your organization functions. Answering the ‘why’ portion of the question could include legal, regulatory, compliance, and liability factors that may be outside of your immediate environment. Also, it’s worth noting that as time goes on, the ‘why’ will likely change, which could require you to update your security strategy.

2. What Is It That We Are Trying to Secure?

Again, the answer to this question may seem simpler than it is. It’s not enough to say: ‘Well, we are securing our software and data.’ Often, the answer is quite complex for software implementation projects. And it’s going to get even more so in the world of the IoT where physical and virtual are intertwined. When dealing with the IoT, you are looking to secure various asset types. These could include edge assets (such as sensors and processors), networks, cloud computing systems, data, servers, people, controlled assets, and many others. For example, if you have humidity sensors in your IoT implementation, and a hacker manages to either tamper with them or subject them artificially to out-of-boundary humid or dry conditions, what would that do to your overall system?

3. Who Can Interact with Our IoT Solution?

Fortunately, this question tends to be relatively simple to answer. But the ‘who’ doesn’t just include the various people who interact, both directly and indirectly, with your technology. With the IoT, the ‘who’ can also be non-human. It can be a computer system, machine, tool, or something else. The type of interaction between humans and machines has expanded from just touch (think levers, buttons, touch-screens, keyboards, mouse, and so on) to other methods of input, including methods such as speech and sound. You also might have to worry about sensors or even whole networks of connected sensors. To summarize: The ‘who’ in the above question can refer to anything and anybody that has a relevant interaction that could be subject to misuse.

4. How Will My IoT Technology Be Used?

This question builds on the ‘who’ and ‘what’ questions above. For example, consider a healthcare professional visiting an older patient in a home-care setting. The healthcare provider interacts with the biological monitoring equipment differently than the patient. Here, we have two different parties representing the ‘who,’ one piece of equipment representing the ‘what’ (the biological monitoring equipment), and several interaction types for ‘how.’ The various ways in which these interactions happen may need to be secured.

5. When Will the IoT Technology Be Used?

This question adds the time dimension to the various interactions defined by the ‘how’ above. Context is important here. For example, in the above scenario with the home health worker, their visits to the patient may be periodic. Do we know this interval? What happens if an impersonator tries to gain access and do something with our IoT technology but doesn’t fall within our known time interval? Thus, defining when various interactions are permissible and when they are not, helps in defining the overall security goals.

6. Where Will the Technology Be Used?

This question adds a spatial dimension to the previous questions. If you are developing a baby monitor, would you grant access to users that are not physically present in the same geographical location? What happens when someone from, say, Asia tries to access a baby monitor in the United States. Or what about a neighbor who lives across the street? Should they have access to the device? And are you granting access to the baby monitor to just the baby room or the family’s whole house? This may sound like a lot of questions, but it is precisely scenarios like this that you must consider when attempting to secure an IoT device.

To conclude, building a tenacious IoT defense starts with relentless questioning concerning your technology. After considerable deliberation, you can come up with solid answers to these questions. But you should not be satisfied with your answers, thinking you have forever outsmarted hackers. Ultimately, the questions you ask should be something like Zen koans—they should open you up to potentially limitless investigation rather than fixed answers.  

Still, as powerful as questioning is, it is not sufficient. The sequel to this article will address the next step: developing countermeasures to address your vulnerabilities that you uncovered along the way.

Tags: Article Security Technologies

Related


  • IoT Security Firm to Acquire Medical Security Startup
    Claroty is set to acquire Medigate to grow its foothold in securing the Internet of Medical Things
  • Ransomware Attack Could Impact Paychecks
    The Kronos ransomware attack affected the company’s private cloud service over the weekend, knocking it offline just before the holidays
  • Image shows an abstract digital big data concept.
    BotenaGo Malware Targets Millions of IoT Devices
    AT&T Alien Labs identified the malware that has left millions of IoT devices exposed.
  • IoT Startup Raises $10M
    Platform aims to bolster network security with automated device configurations and visibility.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT Device Security at the Edge Poses Unique Challenges
  • Zero-Trust Security for IoT: Establishing Rigorous Device Defenses
  • AI Ups the Ante for IoT Cybersecurity
  • Protecting Your Network Against Ripple20 Vulnerabilities

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

The U.S. Army is getting a 5G boost for #AR #VR capabilities from #5G network provider @OceusNetworks.… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

@IoTWorldSeries and The #AISummit will be hosted this year in Silicon Hills, the tech hub of Austin, Texas. Acces… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Hannover Messe 2022: @BoschGlobal,@BostonDynamics robotics showcased. @hannover_messe dlvr.it/SQzhr1 https://t.co/vHWRmsIGcm

24th May 2022
IoTWorldToday, IoTWorldSeries

📣JUNE DIGITAL SYMPOSIUM Drive your strategy forward and stay on the #Healthcare and #IndustrialIoT pulse with key… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Hyundai Investing $5B on Autonomous Driving and Robotics dlvr.it/SQzfZh https://t.co/1Jyr4Xlord

24th May 2022
IoTWorldToday, IoTWorldSeries

Partner with @IoTWorldToday to reach your prospects and accomplish your goals in 2022. Download our 2022 IoT Mark… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Explore Emerging Tech For Enterprises at @TechXLR8 2022 this June ➡️ Join us from 1-3 June in harnessing the pow… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X