https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

6 IoT Security Predictions for 2020 

As we transition to a new decade, there is growing maturity in the field of IoT security, but also a wave of new risks.
  • Written by Brian Buntz
  • 2nd December 2019

It wasn’t long ago that the phrase “IoT security” seemed like an oxymoron. But now, awareness of the importance of the topic has never been higher. Given the expanding footprint of connected devices within everything from buildings to factories, adversaries have never had more of a variety of endpoints at their disposal to target. Here, we project what will happen in the game of cat-and-mouse that is cybersecurity next year. 

1. Building Security Concerns Grow

In 2020, the prospect of smart building security is bound to become more of a top-of-mind concern for facility managers. With buildings accounting for eight out of 10 connected things in 2020, according to Gartner, smart buildings could provide new avenues for adversaries to attack. Experts are divided, however, whether there will be a significant uptick in such attacks next year. Mirel Sehic, global director of cybersecurity for Honeywell Building Solutions, expects such an increase. Attackers could use building management systems as a pivot point to get to IT data as well as to manipulate building controls. 

“I don’t know that we’ll see more threats there next year,” said Andrew Howard, chief executive officer of Kudelski Security. To back up that statement, Howard said the networks inside many buildings are highly segmented. “And so while there might be one system that’s internet-connected, the reality is that most of them are not,” he explained. “And if they are, they tend to be VLAN-ed off on isolated networks. It’s not like a lot of the IoT networks you see out there where all these devices are  just on some like flat network architecture.”

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and Edge into action across industry verticals. Book your ticket now.]

“My experience with most buildings, whether they’re new or old, is that the old guard put in segmentation very heavily,” Howard said. For instance, the elevators might be segmented from the building management system, which is, in turn, isolated from escalators and so forth. “Security cameras in a building might be internet-connected, but it’s generally pretty hard to pivot from the cameras to the building management system,” Howard said. 

The prospect of networked building systems became a prominent cybersecurity worry after the 2013 Target credit card breach. In that incident, one of Target’s HVAC vendors was breached, allowing the attacker access to its internal network, including its payment system. In that episode, hackers made off with 40 million credit card numbers. 

One challenge in terms of securing buildings is that the landscape is often fragmented. “You haven’t yet seen a big player pop up and be the security provider in that space,” Howard said. 

2. 5G Security Begins to Rear Its Head in 2020

In 2019, 5G seemed like a theoretical possibility. In the first half of the year, there were demos in trade shows and individual locations, but now telcos are beginning to build out their 5G networks. 

As 5G deployments continue to roll out in 2020, it is likely attacks will follow, as Howard explained. Cesar Cerrudo, chief technology officer at IOActive, agreed. “Anytime we have more interconnected things, we have more security problems.” 

The prospect of 5G eventually becoming a foundational protocol could mean that everything from surveillance and traffic cameras to vehicles is connected via the protocol. That could give attackers the means to paralyze neighborhoods, cities or even whole countries, Cerrudo said. 5G could also provide link devices that primarily use a different wireless protocol. For instance, 5G could serve as a sort of backhaul for LPWAN devices to the cloud.

For one thing, 5G, like other wireless, is prone to denial-of-service attacks and jamming, although the protocol does have anti-jamming properties. 

Telecommunications and infrastructure firms are touting 5G for an array of use cases, including in the industrial realm. The potential of 5G to be used for critical industrial processes with a tangible business impact is a potentially risky proposition. Complicating matters is the fact many industrial environments deploy “outdated, legacy devices,” said Jason Haward-Grau, chief information security officer at PAS Global. “Adversaries will begin to target these environments, bringing dire consequences such as unauthorized changes to configurations that make industrial processes do something they are not supposed to do, thereby resulting in an industrial accident, outage or even environmental excursion,” he said in prepared remarks. 

3. Managed Security Services Market Surges 

In recent years, a growing number of companies have given up on the prospect of managing security alone. One growing segment is managed security services, which is expanding at an annual rate at roughly 15%, according to a research synopsis from Kenneth Research. 

“I think it will accelerate at a faster rate in 2020 [than it has in recent years],” said Howard, whose firm offers such services. In general, many organizations with digital transformation efforts struggle to find sufficient talent to address the growing complexity of cybersecurity. “And that leads them to go look at managed services,” he said. 

Cerrudo also expects increased demand for security consultancy business. “Demand should increase as our technology dependence and use increase, too,” he said. Organizations that can help unify cybersecurity for consumers and businesses. “Companies look for services to help with their problems and services adapt to companies needs,” he said. “In this process, different approaches are taken, which can include partnerships, outsourcing, SaaS solutions, regular services and more.”

Yet the complexity of the cybersecurity market leaves some firms reticent to move to embrace outsourcing completely. “One change that I’ve seen in the market is more of a willingness by bigger companies to bring in a managed security provider for pieces of the security puzzle, but not all of it. So in the past, they would have insourced everything or outsourced everything. I think we’re seeing a lot more hybrid models,” Howard said. 

4. OT Cybersecurity Gains in Clout

To some extent, cybersecurity for operational technology is already gaining in importance, thanks in part to the revelations that safety instrumented systems are a current target. Mirel Sehic of Honeywell expects this trend to accelerate in 2020 as more OT environments embrace digitization. 

Howard agrees. “Customers I talked to with OT environments are very nervous about security,” he said. “And I think [this trend is] likely to accelerate.”

One contributing factor is the immaturity of the market. “I think in the OT space is where the IT space was from a security perspective 10 years ago,” A decade ago, finding cybersecurity standards for IT environments was tough. Cyber professionals could find NIST guidelines, but there wasn’t much in the way of nuanced guidance for specific industrial environments. 

The situation is leading to an uptick in OT-focused organizations, such as Siemens’ Charter of Trust and the not-for-profit MITRE Engenuity’s Center for Threat-Informed Defense. Howard expects more organizations to pop up in 2020 with a focus on OT cyber standards. “I think the OT space is tougher than the IT space around this topic. Because the reality is, in the IT space, the difference between laptop A and laptop B and server C is just not that different, especially as the operating systems have consolidated,” Howard said. “But the difference between a Rockwell PLC and a Honeywell manufacturing system is just enormous.” 

Mark Carrigan, chief operating officer at PAS Global, observes there has been a proliferation of OT-focused security standards like ISA/IEC 62443 and the European Cyber Directive, as well as frameworks from the likes of NIST, NERC, SANS and the Center for Internet Security. “In 2020, increasing adoption of these frameworks and standards will reduce cyber risk, however, they will increase industrial cybersecurity cost and complexity as organizations work to adopt and attest to their use of these frameworks and standards,” Carrigan said over email. “Given the relative immaturity of adoption, organizations are also likely to evaluate adopting multiple frameworks, thereby, increasing cost and complexity further.”

5. Secure by Design Approach Finally Gains Ground

No product designer thinks deviously that they should create a connected product with no security. But if the company the designer works for has difficulty aligning priorities around the time to market, cost and customer experience. But given the amount of attention surrounding IoT security, things are looking up, according to Charlene Marini, vice president of strategy, IoT services group at Arm. “IoT device makers and deployers of connected devices will put plans in place to upgrade the capabilities they offer to ensure secure IoT systems,” she said over email. The mindset shift will mean device makers begin prioritizing the creation of a trusted connectable and manageable products. This new mindset will include “[e]mbedding life cycle management capabilities at design time, writing software with security and privacy principles at the forefront and providing accessible updates to deployers of their devices,” Marini said. For organizations deploying IoT devices, the mindset shift will involve enlisting the help of experts with experience working on managing IoT networks at scale. 

Marini’s colleague, Hima Mukkamala, senior vice president and general manager, IoT cloud services at Arm sees that regulation like EU’s General Data Protection Regulation and California Consumer Privacy Act continuing to underscore the importance of privacy and security in IoT devices. “Given the increased volume of IoT devices and more government regulations coming in, data privacy and security become paramount in driving IoT solutions,” he said over email. “Security will be a key factor in the decision making process for organizations as they look at deploying IoT infrastructure in 2020.” 

Carl Wearn, head of E-Crime at Mimecast has a similar perspective. Projecting an uptick in IoT-related cyber risk next year with the risk of “embarrassing security and extortion opportunities,” Wearn predicts growing legislation relating to the use of such connected devices. “This area of connectivity and the general lack of security inbuilt to these devices has been significantly ignored for too long and public awareness as to their uses and potential exploitation is growing,” Wearn said. 

6. AI Hype Persists, But Vertical AI Approach Emerges

The amount of puffery surrounding artificial intelligence in cybersecurity has arguably begun to decrease. But don’t expect the situation to improve dramatically. The term “AI” is slapped onto all of things, many of which are simply decision trees, algorithms or software. That’s not to say that AI doesn’t have tremendous potential, of course. But the actual term “AI” has achieved a sort of umbrella status to mean nothing in particular. “I’ll give you an example’” Howard said. “I was in a meeting with a lot of other cyber security leaders and the topic was about how artificial intelligence is driving change in behavior.” The various people in the room began to provide examples regarding how they used AI to minimize their cyber-risk. “And they kept naming off examples,” Howard recalled. “By the time I got to the seventh one, I just raised my hand and I said: ‘No one has described an artificial intelligent use case. You guys are just describing process workflow and software. If there’s not something like a machine learning model or neural networking capability behind the scenes, it’s just software.’”

There is reason for optimism that AI in cyber will grow up, according to Artem Kroupenev, vice president of strategy at Augury, whose firm focuses on using IIoT sensors to monitor machine health. Given the current state of AI maturity, products that are carefully designed for a specific use case tend to be more effective than those with more of a generic approach. In 2020, “[we] will see the first signs of concrete adoption of AI within industrial enterprises around specific vertical use cases,” he said, referring in particular to the IIoT landscape. 

Referring to the use of artificial intelligence in cybersecurity, Cerrudo explained: “If you want to provide better solutions, you have to narrow your focus and heavily invest in R&D. AI use keeps growing and maturing and the more targeted the use, the more precise it becomes. Broadening the scope adds complexity and reduces efficiency.”

 

Tags: Security services Security Features

Related


  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.
  • Securing IoT at the Edge Is Key to Safe IoT Operations
    With unsecured IoT devices at the edge, IoT environments are vulnerable to malicious threats that disrupt operations.
  • Building a Foundation for AI in Cybersecurity
    Making effective use of AI in cybersecurity demands a careful approach.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 
  • Why IoT Certification Could Boost Your Career
  • Cybersecurity Crisis Management During the Coronavirus Pandemic

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart Manufacturing With IoT

4th December 2020

Ensuring Safety & Security of Pharmaceutical Supply Chain: A Case Study

4th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

#Supplychain analytics, #digitaltwins and other tools are key to predicting COVID-19-style disruption in the supply… twitter.com/i/web/status/1…

18th January 2021
IoTWorldToday, IoTWorldSeries

At #CES2021, @verizon touts #5Gconnectivit as the key to digitization in pandemic times. But experts say there are… twitter.com/i/web/status/1…

12th January 2021
IoTWorldToday, IoTWorldSeries

The #privateLTE market is due to grown, given increased needs for #networkperformance and #networkbandwidth.… twitter.com/i/web/status/1…

12th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X