Securing the Internet of Things (IoT) is now a conundrum for policy makers.
Fuel deliveries, health care provision and education systems – it’s become clear that ineffectual IoT defenses will expose sections of infrastructure backbone.
Malicious attackers have come to realize that going after critical infrastructure can be profitable and almost certainly can have major disruptive impact. Now that attackers have come to recognize this ROI from assaults on critical infrastructure, it becomes more imperative to shore up these resources from attack.
Tackling the problem necessitates rapid provision, implementation and verification of cybersecurity resources. The challenge is that many vital services depend on old technology designed for internal networks, before IoT brought new vulnerable endpoints to the attack surface.
IoT has changed infrastructure OT security; malware has become pervasive enough to break into systems and, in some cases, extort cash from victims. Hostile nations shelter attackers, which enables the virtual plunder of enemies and stymie any chance of prosecution. A response must be comprehensive in scope but are complicated by the need to avoid unnecessary shutdowns, which also cause operational damage.
“Implementing IoT in a world which hasn’t traditionally been connected can lead to improper security hygiene and, thus, higher risk of a breach or attack,” said Hollie Hennessy, cybersecurity expert at analyst firm Omdia.
“A breach could result in devastating impact on a national scale. These industries now need to balance this risk, alongside the risk of operational outage, while securing and ensuring visibility across a large, growing portfolio of connected devices,”
IoT for Critical Infrastructure
As IoT pervades more sectors core to society, the underlying networking structures must be improved. Iniquitous actors have gained the upper-hand, with public services and small businesses left counting the costs.
Security assessments of critical infrastructure attacks must also account for shadow IT – where an operational unit introduces an unsecured device to meet its needs. Locked down procedures will be trickier to implement in these circumstances.
Leaky IoT in defense will become even more fraught with problems as autonomous technology pervades more operations. This enlisting of 140 autonomous border patrol towers in the U.S. is a case in point.
Another example of autonomy that must be locked down in all circumstances is this drone system, billed as an automated wingman for U.S. fighter pilots.
IoT Data Privacy and Security
Data privacy and security have become inflamed issues as there are now billions of IoT devices, often creating impaired visibility over the way personal information is handled. With sophisticated cyber crimes that make use of video and audio from intelligent touchpoints, the risk of litigation increases, whether in jails, gyms or medical facilities.
Network automation could aid policy-driven solutions to device and data proliferation brought about by IoT ‘s continued onset. Anomalous behaviors can be identified and quarantined proactively, before any impact on the enterprise’s software.
Blockchains offer a potential solution to IoT data security challenges by creating immutable records, preventing interference and thwarting potential forgeries. But the decentralized aspect is expensive and businesses must weigh the risks of sensitive data being held by third parties.
Application programming interfaces support interoperability between software platforms. But they offer an additional route into IT networks with poor visibility, with many enterprises electing to bring in outsourced expertise in this area, according to DarkReading.
Perhaps nowhere is the privacy challenge more pronounced than in healthcare. The dark web is a storefront for personal records and the data storm forthcoming from connected technologies.
Preparation and Response for IoT Attacks
IoT security professionals must shepherd enterprises through a warren of preventative measures, remediation tactics and security landscapes. The complexity has led to a booming Security as a Service industry. Meanwhile, an increasing number of developers are looking to hardwire secure principles into the design of new IoT devices.
Pore over this ebook for suggestions on security implementation as applied to the cloud, edge computing architectures and IoT installations in the critical infrastructure sector. Presented by Palo Alto Networks.
Public key infrastructure refers to a trusted environment structure that encompasses hardware, software and security policies. It’s used to create, store and remove digital user certificates and can be employed to bake cryptographic identity management into larger IoT networks.
Ninety-five percent of security professionals are concerned about security risks associated with their connected devices, with almost half of those being “very concerned”, according to a TripWire survey.
Zero-trust IoT network policies throttle available airspace for cyber attackers by blocking external users by default. This can help address unobtrusive risks, such as cryptojacking, where malware mints new digital currency having been installed in the background of the device.
This research from Orange Cyberdefense highlights areas of highest risk to the enterprise.
Assessing the Impact of IoT Attacks
Which cyber barricades to select for your organization will depend on how the IoT network is arranged. Ransomware attackers will target proprietors of highly sensitive data, such as medical records, while energy sensors may draw crypto-jacking installations that lurk under the device’s hood.
In June 2020, the Ripple20 vulnerabilities were uncovered in enterprise, industrial and medical IoT devices. There’s 19 of them in total – all within low-level TCP/IP software. Here’s how to protect against them.
The fallout from supply chain breaches will escalate in severity as criminal gangs are emboldened to strike larger organizations. Rogue states the like of Russia and North Korea will continue to spur on hackers.
Cyber strikes needn't be intricate. A new group of vulnerabilities – DNS-as-a-service – is triggered simply by registering nameservers on Domain Name System (DNS) switchboards.
Edge IoT Security
A major consideration for IoT network designers is how to protect increased data traffic at the edge of the network, away from locked down protocols on cloud computer servers. On the other hand, providing local encryption closer to end devices can reduce exposure during data relays to remote servers. Ultimately, the networking landscape for IoT is currently in flux, and that presents more complexities.
A single unprotected IoT device at the edge can let in malicious attackers, but deeper problems manifest when thousands of edge machines are left unguarded. Doubling down on strategy and bringing in the right tools – including machine learning – can help.
The transition to edge cloud landscapes – bringing network traffic and processing away from centralized public clouds – will necessitate new security paradigms. More vendors now offer “secure by design” hardware for cloud-to-edge environments.
to allow for analysis of how people use our website in order to
improve your experience and our services.
By continuing to use our website, you agree to the use of such cookies. Click here for more information on our