https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

IOT-networking

Overlay Security on IoT Networks to Conquer Vulnerabilities

IoT networks are under attack, with potentially dire consequences for organizations that fail to protect them with adequate security and control measures.
  • Written by Ron Victor
  • 3rd October 2019

Last summer, the FBI issued an alert that warned of cyber criminals ramping up attacks on Internet of Things. Specifically, adversaries are taking advantage of weak authentication, unpatched firmware or other software vulnerabilities, and authentication credentials that can be attacked over the internet.

The proliferation of IoT devices combined with this reported increase in cyberattacks presents a nightmare of special security challenges faced by industrial enterprises that commercially deploy IoT devices. Unfortunately, it’s not feasible to replace or redesign IoT devices already deployed in the field. But by overlaying security and control measures on existing IoT networks, these organizations may just have found the key to mitigating vulnerabilities.

IoT vs. IT devices

Let’s take a deeper dive into IoT vulnerabilities and security risks, as described by the National Institute of Standards and Technology (NIST). NIST’s 2018 report “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks” identified three problems faced by organizations that deploy IoT devices. 

First, IoT devices interact with the physical world in ways conventional IT devices usually do not. NIST points out that cybersecurity and privacy policies must take into account the ramifications of IoT devices making changes to physical systems and affecting the physical world. For instance, the security ramifications of a compromised device controlling a town’s water supply are vastly different from a compromised device disclosing customer records. NIST also notes that “operational requirements for performance, reliability, resilience and safety may be at odds with common cybersecurity and privacy practices for conventional IT devices.”

Second, many IoT devices cannot be accessed, managed or monitored in the same way conventional IT devices can. Because many IoT devices are on private networks or in remote locations, organizations many need to perform manual tasks when updating or protecting large numbers of IoT devices. Employees may need special tools and training, and security models may need to account for manufacturers and other third parties having access or control over devices. Obviously, manual tasks are cost-prohibitive and time-consuming for those organizations that have geographically dispersed locations that must be protected and updated.

Finally, the availability, efficiency and effectiveness of cybersecurity and privacy capabilities for IoT devices are often different from those for conventional IT devices. Special vulnerabilities require special policies and tools. NIST says that organizations “may have to select, implement and manage additional controls, as well as determine how to respond to risk when sufficient controls for mitigating risk are not available.” Additional controls may be needed, in part, because many IoT devices were designed without security in mind or with a bare minimum of security features.

Industrial enterprises use IIoT to provide their customers value-added services such as better service-level agreements, reduced downtimes, predictive and preventive maintenance, and overall improved operational efficiencies. Without security as a foundational element of their infrastructure, their entire operation is compromised.

IT and OT Symbiosis: The Real-Life Example

Operational technology and information technology teams can work together to address both IT and IoT device vulnerabilities and ensure the security of their network infrastructures. But IT/OT symbiosis in any organization is not a natural fit.

Bayron Lopez, operational technology manager at Kilroy Realty, explains the classic disconnect between IT and OT. “In corporations, the security focus is on the main infrastructure — servers, internal email, etc.,” he said. “Physical security — access to buildings, for example — has historically been seen as secondary to all of this, and not a part of the corporate network.”

As smart buildings like Kilroy’s become more commonplace, however, IT and OT security vulnerabilities merge. “IoT sensors are great for transmitting data about building assets, such as who is accessing a building, energy usage, alarm controls or problems with climate control or lighting, but if there are network security vulnerabilities, we may not be the only ones accessing that data,” said Lopez.

Recognizing the potential security vulnerabilities for Kilroy, Lopez joined forces with the organization’s IT manager, Khanh Nguyen. Together, they found a way to overlay security and control measures on their existing IoT networks to build a more secure infrastructure — one that:

  • Is protected from malicious attacks that could disrupt operations as well as malware and take-over accounts that would enable attackers to use Kilroy’s networks for malicious activities. 
  • Has access controls from a single location, so access to all devices at all locations can be controlled quickly and easily. 
  • Has a single pane of glass for monitoring all IIoT networks. 
  • Has secure, centralized access controls for third-party technicians remotely accessing IoT devices, so that third-party access never becomes a security risk and IT administrators are never overwhelmed with managing decentralized VPN networks. 

Breached building data may have smaller-scale ramifications, but consider what would happen if IoT sensors transmitting data for smart cities or utilities were intercepted. Potential situations like this — as well as the aforementioned data from the FBI and NIST — push industrial enterprises, utilities, smart cities and the like toward an IT- and OT-friendly infrastructure that takes into account the special requirements for securing both traditional IT and IoT devices.

Ron Victor is the chief executive officer and founder of ioTium.

Tags: Network security Security Technologies Features

Related


  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • Five Principles in a Zero-Trust Security Approach to IoT
    IoT devices have created vulnerability for IT networks, but a zero-trust security approach can lock down attack vectors. Here are five key principles.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • LynxSecure Datasheet
  • LYNX MOSA.ic™ Avionic Platform (Advantage w/ Intel)
  • COVID-19 Driving Data Integration Projects in IoT
  • Common Internet of Things Security Pitfalls 

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Zero Trust Manufacturing: Navigating Complex Supply Chains to Build Trusted IoT Devices

27th January 2021

IoTConnect and How to Get Started

27th January 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

Zero Trust Manufacturing: Navigating Complex Supply Chains to Build Trusted IoT Devices dlvr.it/RrTDP4 https://t.co/fuH0GrHJrX

27th January 2021
IoTWorldToday, IoTWorldSeries

PKI: The Solution for Designing Secure IoT Devices dlvr.it/RrTDNF https://t.co/KBWcsksAQi

27th January 2021
IoTWorldToday, IoTWorldSeries

Five Guiding Tenets for IoT Security dlvr.it/RrTDGS https://t.co/Ss17Vn4sFw

27th January 2021
IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD Silver Sponsor @ONETech_AI! 💡 Learn more about sponsoring Embedded IoT World here:… twitter.com/i/web/status/1…

27th January 2021
IoTWorldToday, IoTWorldSeries

IoTConnect and How to Get Started dlvr.it/RrT1gl https://t.co/6Vci1hvOV2

27th January 2021
IoTWorldToday, IoTWorldSeries

RT @IoTWorldToday: #IoTsecuritytrends in 2021 will feature new threats given #remotework, #digitalhealth and #edgecomputing. https://t.co/S…

27th January 2021
IoTWorldToday, IoTWorldSeries

#IoTsecuritytrends in 2021 will feature new threats given #remotework, #digitalhealth and #edgecomputing.… twitter.com/i/web/status/1…

25th January 2021
IoTWorldToday, IoTWorldSeries

Protecting Your Network Against Ripple20 Vulnerabilities dlvr.it/RrJhpD https://t.co/Q2xe5hoy4U

25th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X