Who Will Step Up To Secure The Internet Of Things?

Uploaded on 2015-10-13 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Internet of Things

The Internet of Things (IoT) presents a significant mix of opportunity and risk. Compared to the connected devices of the past, the gazillions of new IoT devices that are being predicted for our homes, transportation, cities, medical devices and elsewhere represent a unique set of security challenges for both companies and their users.

To start, IoT devices significantly expand the attack surface. Hackers can easily purchase any IoT device, which will often contain the same security features of other, identical devices already deployed in hundreds or even thousands of homes. Unlike servers or networking equipment, which are usually hacked through remote access points and reside in protected and monitored environments, IoT devices are more accessible to malicious threat actors.

The widespread availability and proliferation of these devices means that once a device is compromised, it’s very difficult for a company to flip a switch and update the millions of devices just like it sold around the world. It also means that hackers can use one insecure device to leapfrog their way into broader connected networks, allowing a single device to compromise sensitive data ranging from bank and health information to even access to broader corporate assets as the line between work and home continues to blur.

It’s also important to think about the companies producing today’s top IoT devices. Often, these companies are startups, which may not have the funds to bring to bear an army of security experts and white hats to ensure secure deployments. Instead, they must rely on the hardware and software provided to them through suppliers. And commodity pricing places an enormous strain on security engineering and maintenance. Many of the IoT devices on today’s shelves are by necessity inexpensive to manufacture, which means companies are less likely to spend high dollar on security throughout the development process.

Now is the time for the technology industry to proactively address these concerns, before the threat of widespread IoT security breaches becomes a reality. The standards groups, enterprise organizations and the legions of startups and maker communities working in this area must join together and get to work on addressing the critical issue of safeguarding the IoT before it’s too late.

The good news is the tech industry recognizes that something needs to be done about IoT security, both through industry groups and at the company level. For example, the International Standards Organization (ISO) has a working group assessing how the ISO 27000 family of security standards might be adapted to address IoT security needs, while the IEEE Standards Association is working on an architectural framework that is expected to address IoT security, privacy and safety issues.

What’s also encouraging is the formation of several IoT vendor alliances, including the Thread Group, the Open Interconnect Consortium, the AllSeen Alliance and the Industrial Internet Consortium. Although each is focused on a different IoT developer and user community, all of the groups appear to be supporting the wider use of data encryption and other security measures.

Despite progress, the task of securing the IoT still faces many daunting challenges. McKinsey & Co. and the Global Semiconductor Alliance (GSA) recently reported that while some parts of the IoT landscape have well-defined standards, other aspects either have none or multiple, competing standards.
Additionally, and although helpful for handling the expected flood of IoT data, software-defined networking (SDN) is creating added security concerns because of its use of multiple communications channels and remotely located computing resources.

Advances in autonomous driving — such as those that will require cars to connect to each other and to roadway infrastructure — will spur the need for more robust safety, security and risk mitigation.
Lastly, and most importantly, leading technology companies still haven’t fully committed themselves to finding solutions for securing IoT applications.

If today’s titans of technology won’t step up to secure the IoT, that vital endeavor may fall to the multitude of startup companies that are fueling much of the industry’s current growth. Gartner estimates that by 2017, more than half of all IoT products and services will be developed by companies less than three years old. And while some of these newcomers are likely to have formidable technical expertise, many will lack the knowhow or capability to implement the tight security that is needed.

As an industry, how can we support this new generation of technologists and equip them with the deep expertise and context necessary to create a truly secure IoT?

  • First, we should encourage them to collaborate more closely with silicon vendors’ software, hardware and manufacturing ecosystems. Chip vendors and their partners can be invaluable guides for inexperienced product developers learning to navigate the complex array of available security standards and components.
  • We also can do better at education. A primary example of how this is being addressed is the establishment of security labs, such as those launched by Microsoft, Breed Reply and Indiegogo, where developers and partners can get hands-on access to systems and test beds to help advance development. Participants learn that security must be considered from the beginning of every IoT project, and should remain a priority through design, development and manufacturing — and even after the product or service is in operation.

In a perfect world, security risks and breaches wouldn’t exist. But, as virtually everything in our Internet-enabled world becomes increasingly connected, everything is becoming accessible and, therefore, potentially vulnerable. We may never fully solve that fundamental contradiction, but by working together, we can begin to build the secure IoT that the world deserves.
Techcrunch:http://http://tcrn.ch/1FNwtBL

« Reinventing CIA for the Big Data Era
Apple Is Buying Into Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CyberSecurityJobsite.com

CyberSecurityJobsite.com

CyberSecurityJobsite.com is a specialist job board designed to attract candidates working within Cyber Security, Information Security or Information Assurance.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

NTIC Cyber Center

NTIC Cyber Center

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

Cybervergent

Cybervergent

Cybervergent (formerly Infoprive) are a leading cybersecurity technology company in Africa. We provide cybersecurity guidance and solutions that help protect your business.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

Neptune Shield

Neptune Shield

Neptune Shield's mission is to deliver cutting edge Maritime focused Cyber Security & Threat Protection through our Hampton Roads based Tech & Cyber Security Hub.