Six Challenges of Securing IoT

05 - May 2019

We’re either on our mobile devices or on our laptops or watching our smart TVs, waiting for our smart microwave to finish popping our smartly packaged popcorn kernels. In our cities, intelligent streetlights, traffic lights, and smart cars guide our travels.

While these systems are making our better lives possible, their inherent vulnerabilities are opening us up to cyberattacks. While an attack against an IT system can bring data loss and privacy concerns, an IoT attack can endanger life and safety.

Security is paramount, but first, you have to overcome these challenges.

  1. You Cannot Protect What You Cannot Find

Connectivity is ubiquitous. A smart home system could include everything from locks and thermostats to coffee makers and ovens. Offices are similarly plugged in with myriad devices included in their comprehensive building management systems.

The problem is that so many devices are connected that we’re at the point where the volume is overwhelming, that we may not even know what is connected where. We are simply unable to effectively manage the inventory of all of these devices. Even devices that don’t appear connected, like a washing machine, could be sending data to its manufacturer, piggybacking on your home network.

Being able to discover connected devices is critical for protection.

  1. Strong Focus on Device Specialization, Not Protection

Although systems on chips are increasingly more powerful, they are highly specialized to fulfill specific tasks. For example, a window open-close sensor has been designed to have a very small footprint and is excellent at its job of informing us if our home or office has been breached. Unfortunately, the device itself is generally not designed to ensure its own security. They generally don’t have the computing, memory, or power capabilities necessary.

Strengthening security requires easy-to-install, resource-efficient software within the device’s operating system itself.

  1. Lack of Standardization

Less than a decade ago, the tendency was that most of the devices within a home management or security system were single-vendor, proprietary systems that connected only to each other and the monitoring network. Now, one environment can include devices from tens of manufacturers – who each have proprietary operating systems and no easy way to protect the entire infrastructure. Think of a home network that simultaneously connects an alarm system, a Nest thermostat, Google or Amazon voice assistants, IP cameras from one or more vendors plus an ever-increasing variety of white goods and home entertainment systems.

Protocols can include IP and Wi-Fi, Bluetooth, Z-Wave and Zigbee as well as several proprietary wireless security and home automation protocols.

Cyber security solutions need to be universal and agnostic to these many protocols as it will take time for manufacturers to get on board with a single security standard.

  1. Communications Vulnerabilities

Every device has been designed by its manufacturer to be remotely updated and upgraded. If they haven’t been diligent, those doorways can be accessed by threat actors using a variety of wireless connectivity options mentioned above: simple Wi-Fi, cellular, RF, broadband, and low-power, wide-range (LORA) communication.

Securing the device communications gateways is critical to any system.

  1. Securing Privacy

Devices are collecting ever-increasing amounts of information – as basic as the IP addresses with whom our IoT devices are communicating to the state of our health. With the advent of 5G, even more data will be able to be collected and stored. Without proper security measures in place, every piece of data we generate, whether intentionally or passively, will be open to be used for identity theft, financial gain, and even potentially hacking our health.

Implementing security like a firewall can be critical to controlling what goes in and out.

  1. The Invisible Line Between IoT and IT

The next time you want to play a challenging game, walk around your home or office counting chips. Laptop, smartphone, toothbrush, health wristband, toaster, washing machine, microwave, hot water heater, etc. Your smart thermostat can be the gateway connecting your IoT and IT systems, which means that ransomware on your laptop can suddenly affect your HVAC system, and a hack in your HVAC can shut down your complete office information infrastructure. Those devices can also be the gateway to accessing your proprietary data.

Ensure you have a business continuity infrastructure and backup system in place for those cross-over attacks. Creating a universal, unified, and distributed barrier to cyberthreats across every type of device, operating system, and chip is critical to true protection.

Overcome the Challenges, Strengthen Protection

Increasing connectivity increases cybersecurity risks; take the same approach to security – use an interconnected network that spreads security across all the devices. Reduce security risks, lower the number of possible attack vectors, and minimize the implications of potential attacks.Use of new methodologies such as blockchain and distributed computing that reduce inherent risks by distributing the central databases and servers can create a comprehensive security, mesh-based network infrastructure that will go a long way to mitigating these risks.