IoT security issues: Airline’s security analyst on setting priorities

IoT Security Issues: Airline’s Cybersecurity Leader Weighs In

At the IoT Security Summit in Dallas, Southwest Airlines’ Adi Pradeep suggested that businesses will need to suffer a ‘wake-up call’ similar to the Target data breach before they’ll get serious about IoT security issues.

Written by Courtney Bjorlin
16th October 2018

“When will organizations start to get serious about IoT security projects?”

It was a question posed during a “fireside chat” today, on the opening day of the IoT Security Summit, to Adi Pradeep, who is cybersecurity analyst for Southwest Airlines, by Moderator Jo Peterson, vice president of cloud services at technology sourcing and benchmarking firm Clarify360.

When the increasing number of attacks leverage the scale that IoT enables to compromise high-value targets, “that’s when we’ll see a wake-up call in the industry,” Pradeep said. He likened that wake-up call to what the retail industry experienced when hackers gained access to Target’s database and stole customer data via credentials lifted from a third-party vendor.

As evidence that businesses still haven’t “woken up” to the risks of IoT security, when asked how many in the room allocate money for IoT security in their budgets, only four of the more than 40 people in the audience raised their hands.

Pradeep shared his views on IoT security issues during a wide-ranging discussion at the Dallas event. In addition to Southwest’s Pradeep, leaders from American Airlines, Grubhub, Microsoft, Juniper Network and EY will share their advice on securing the IoT during the two-day conference. The event will cover cloud security, blockchain and distributed ledger technology.

Pradeep advised balancing security needs with costs, and for IoT security checklists to be topped with looking at security and privacy concerns to ensure compliance. Those checklists must also include hardware and connectivity. It’s crucial to make sure that the devices brought into the company network are actually needed by the business and not just borne of a need to get “a newfangled device to play around with.”

[IoT Security Summit is the conference where you learn about key IoT security issues, including how to secure the full IoT stack, from cloud to the edge. Get your ticket now.]

When asked about the industry’s hesitancy on pushing IoT environments into the cloud, Pradeep offered: “Whether it’s in the cloud or not, it still needs to follow certain security principles. Take those same principles you designed your on-premises system with, and take it with you to the cloud.”

What’s more, developing standards in much the same way as network protocols and TCP/IP shaped up will be important to ensure IoT device interoperability, according to Pradeep.

“I think there will be more of a consortium formed to develop that sort of framework,” he said.