IoT security testing: IBM services aim to protect IoT, connected cars

IBM X-Force Red takes on IoT security testing

IBM’s X-Force Red team adds testing services for IoT-related components and systems, as well as connected cars.

Written by Courtney Bjorlin
25th July 2017

In a move that demonstrates the increasing importance of IoT security, the IBM X-Force Red team will now offer connected car and IoT security testing services, IBM announced yesterday.

IBM X-Force Red is a global network of hundreds of security professionals launched by IBM last year to help businesses proactively discover vulnerabilities in computer networks, hardware and software, as well as security risks introduced by individuals in business processes.

“This is a good announcement as it shows the market awareness and demand for IoT security and automotive security issues is increasing,” Forrester Research Senior Analyst Merritt Maxim said via email. “Given that many IoT vulnerabilities involve software exploits, any effort to harden and examine IoT software will help improve security.”

Security is consistently named as a key obstacle to IoT deployments, with recent studies pointing to from everything to an increase in Linux-based malware targeting IoT devices, to the likelihood of cybersecurity attacks targeting increasingly sophisticated connected vehicles. Gartner estimates that the production of new automobiles equipped with data connectivity, either through a built-in communications module or by a tether to a mobile device, will reach to 61 million in 2020.

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

To better secure IoT deployments, IBM X-Force Red is partnering with the IBM Watson organization to build IoT security testing into the platform level, according to a podcast with Charles Henderson, global head of the IBM X-Force Red initiative, which was posted on IBM’s Security Intelligence blog. Services will focus on incorporating both discrete testing of the different components, as well as solution testing that is often overlooked.

“The big problem was that security testing for a lot of IoT designers isn’t baked in until the 11th hour, and then they have major design issues that are fundamentally ingrained in their product,” Henderson said on the podcast. “If there’s any security flaws in those designs, it can take a total re-architecting of the IoT solution.”

In addition to the IoT security testing services being delivered to customers building IoT projects on the IBM Watson platform, IBM is making serious investments in its automotive security practice. It is working with more than a dozen automobile manufacturers and third-party suppliers to enable more secure connected cars through robust solution testing, with the aim of also shaping and sharing industry best practices and standardizing security protocols, according to the IBM press release.

As such, the Red Portal – launched at RSA Conference to help clients track IoT testing – will be increasingly applicable for the automotive industry, according to the podcast. The Red Portal is a cloud-based collaboration platform for clients and security professionals to track testing over time and view real-time project milestones and vulnerabilities across all assets.

“It makes us able to find vulnerabilities more quickly,” Henderson said on the podcast, pointing to prevalence of Excel spreadsheets to track vulnerabilities in the industry. “Over time the Red Portal really becomes the correlation device.”