Who Will Step Up To Secure The Internet Of Things?

The Internet of Things (IoT) presents a significant mix of opportunity and risk. Compared to the connected devices of the past, the gazillions of new IoT devices that are being predicted for our homes, transportation, cities, medical devices and elsewhere represent a unique set of security challenges for both companies and their users.

To start, IoT devices significantly expand the attack surface. Hackers can easily purchase any IoT device, which will often contain the same security features of other, identical devices already deployed in hundreds or even thousands of homes. Unlike servers or networking equipment, which are usually hacked through remote access points and reside in protected and monitored environments, IoT devices are more accessible to malicious threat actors.

The widespread availability and proliferation of these devices means that once a device is compromised, it’s very difficult for a company to flip a switch and update the millions of devices just like it sold around the world. It also means that hackers can use one insecure device to leapfrog their way into broader connected networks, allowing a single device to compromise sensitive data ranging from bank and health information to even access to broader corporate assets as the line between work and home continues to blur.

It’s also important to think about the companies producing today’s top IoT devices. Often, these companies are startups, which may not have the funds to bring to bear an army of security experts and white hats to ensure secure deployments. Instead, they must rely on the hardware and software provided to them through suppliers. And commodity pricing places an enormous strain on security engineering and maintenance. Many of the IoT devices on today’s shelves are by necessity inexpensive to manufacture, which means companies are less likely to spend high dollar on security throughout the development process.

Now is the time for the technology industry to proactively address these concerns, before the threat of widespread IoT security breaches becomes a reality. The standards groups, enterprise organizations and the legions of startups and maker communities working in this area must join together and get to work on addressing the critical issue of safeguarding the IoT before it’s too late.

The good news is the tech industry recognizes that something needs to be done about IoT security, both through industry groups and at the company level. For example, the International Standards Organization (ISO) has a working group assessing how the ISO 27000 family of security standards might be adapted to address IoT security needs, while the IEEE Standards Association is working on an architectural framework that is expected to address IoT security, privacy and safety issues.

What’s also encouraging is the formation of several IoT vendor alliances, including the Thread Group, the Open Interconnect Consortium, the AllSeen Alliance and the Industrial Internet Consortium. Although each is focused on a different IoT developer and user community, all of the groups appear to be supporting the wider use of data encryption and other security measures.

Despite progress, the task of securing the IoT still faces many daunting challenges. McKinsey & Co. and the Global Semiconductor Alliance (GSA) recently reported that while some parts of the IoT landscape have well-defined standards, other aspects either have none or multiple, competing standards.
Additionally, and although helpful for handling the expected flood of IoT data, software-defined networking (SDN) is creating added security concerns because of its use of multiple communications channels and remotely located computing resources.

Advances in autonomous driving — such as those that will require cars to connect to each other and to roadway infrastructure — will spur the need for more robust safety, security and risk mitigation.
Lastly, and most importantly, leading technology companies still haven’t fully committed themselves to finding solutions for securing IoT applications.

If today’s titans of technology won’t step up to secure the IoT, that vital endeavor may fall to the multitude of startup companies that are fueling much of the industry’s current growth. Gartner estimates that by 2017, more than half of all IoT products and services will be developed by companies less than three years old. And while some of these newcomers are likely to have formidable technical expertise, many will lack the knowhow or capability to implement the tight security that is needed.

As an industry, how can we support this new generation of technologists and equip them with the deep expertise and context necessary to create a truly secure IoT?

  • First, we should encourage them to collaborate more closely with silicon vendors’ software, hardware and manufacturing ecosystems. Chip vendors and their partners can be invaluable guides for inexperienced product developers learning to navigate the complex array of available security standards and components.
  • We also can do better at education. A primary example of how this is being addressed is the establishment of security labs, such as those launched by Microsoft, Breed Reply and Indiegogo, where developers and partners can get hands-on access to systems and test beds to help advance development. Participants learn that security must be considered from the beginning of every IoT project, and should remain a priority through design, development and manufacturing — and even after the product or service is in operation.

In a perfect world, security risks and breaches wouldn’t exist. But, as virtually everything in our Internet-enabled world becomes increasingly connected, everything is becoming accessible and, therefore, potentially vulnerable. We may never fully solve that fundamental contradiction, but by working together, we can begin to build the secure IoT that the world deserves.
Techcrunch:http://http://tcrn.ch/1FNwtBL

« Reinventing CIA for the Big Data Era
Apple Is Buying Into Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija is the national accreditation body for Slovenia. The directory of members provides details of organisations offering certification services for ISO 27001.

DFI

DFI

DFI is a global leading provider of high-performance computing technology across multiple embedded industries.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.