‘We’re 9 meals from anarchy’: Take the cybersecurity threat to IoT seriously, says Beecham report

IoT security now critical

London, UK. September 10, 2014 – IoT security “must evolve significantly for the long term” if we are to avert critical impacts from terrorism and cyber warfare. This demands an in-depth defence plan applying lessons learned from ‘traditional’ hacking attacks. So says an interim report from Beecham Research, whose authors warned M2M Now that “we’re just 9 meals away from anarchy.” 

The potential damage to people, possessions, businesses and national critical infrastructure from a successful attack on cyber-physical systems through the rapidly emerging Internet of Things (IoT), cannot be underestimated, according to a new study announced today by Cambridge, UK-Beecham Research. As Jeremy Cowan reports, a cyber attack on the food logistics chain, water or sewage utilities, or interruption to energy supplies (particularly to the very young, sick or elderly) could cause chaos.

Announcing the study, an initial Beecham report entitled ‘Evolving Secure Requirements for the Internet of Things’ warns that there are currently insufficient security capabilities within the emerging IoT standards to manage the long lifecycles expected of many IoT devices. “While we may have some visibility of potential attacks over a few months, we need to protect IoT devices in the field for 10 years or longer,” said Professor Jon Howes, one of the authors of the report and technology director at Beecham Research. “Devices must be securely managed over their entire lifecycle, to be reset if needed and to enable remote remediation to rebuild and extend security capabilities over time.”

Prof Jon Howes: Protect IoT devices for 10 years
Prof Jon Howes: Protect IoT devices for 10 years

Beecham believes the answer to these challenges lies at the architectural level for both devices and systems and stretches from semiconductors through to network operators and system integrators. This approach underlines the need for common security objectives across the industry and interoperability within broad systems. This first report is a significant component of a longer study that reportedly includes substantial industry collaboration – including all major industry stakeholders – and which will be followed by publication of frameworks for various use cases.

The interim report highlights potential future attacks on IoT systems and how these may ultimately impact upon users. Possible impacts include home owners losing control of white goods such as fridges and boilers (furnaces), domestic and commercial door locks being disengaged, and security systems being hacked and monitored.

“The attack surface of an Internet of Things system may be substantially larger than traditional PCs, as the complexity of ensuring multiple vendors’ systems working together will lead to a greater probability of exploits being available,” said Professor Howes. “We have all become familiar with computer malware but the impact of equivalent IoT attacks could be to turn off a heating system in the middle of winter or take control of other critical IoT systems, which could be life-threatening.”

Security in the Internet of Things is significantly more complex than many system designers have previously experienced, says the report. Several industry sectors are highlighted in the report where data must remain trusted and private, whether within the system, in flight or at rest, and the reliance on robust cryptography schemes. These include aviation and other transportation systems, smart utilities such as sewage and water treatment, energy generation and supply, and global food chain management.

Significant evolution is required in the identification, authentication and authorisation of devices and people into IoT systems. Systems designers must also presume that all devices will become compromised at some point and ensure that it is possible to regain control. These devices will require quarantining inside the system while updates are being created and need to remain operational throughout the process.

The authors of the Beecham report welcome the work of industry organisations such as the AllSeen Alliance and the Open Interconnect Consortium looking at aspects of security within the IoT, but various government organisations including the UK’s Centre for the Protection of National Infrastructure (CPNI) and the US Department for Homeland Security (DHS) have made it clear that IoT security must evolve more rapidly to meet the threats from hacktivism, terrorism and cyber warfare.

Co-author of the report, Haydn Povey is Beecham’s technical associate and former director of Secure Products at ARM Holdings. He said, “While many technologies such as advanced cryptography are being introduced in current IoT devices, governments around the world are concerned about the acceleration of IoT and agree that there is significantly more work needed to meet the demands of future threats as outlined in the ‘20 Critical Security Controls’, originally developed by the Council for Cybersecurity for mainstream IT security.” Povey added: “There is an urgent need to deliver cost effective solutions that enable robust security but also to retain the flexibility to deliver real benefits in the face of expected threats. This requires well-architected and interoperable frameworks across vendors and technologies, integrated at an IP and silicon level to enable the evolution of security services the whole industry can leverage.”

The Beecham study, Evolving Secure Requirements for the Internet of Things, is targeted at organisations across industry and government that are focused on the rapidly evolving IoT and machine-to-machine (M2M) markets.

“While the industry has learnt many lessons from the traditional IT domain, the initial steps in security for IoT are sufficient only for the near term, and pressure must be applied to drive greater system robustness, ensure that interoperability is applied across the industry, and deliver standards that can be measured and certified,” concluded Robin Duke-Woolley, founder of Beecham Research.

The full report will be published in Q4, 2014. For details of the interim report go to: www.beechamresearch.com

RECENT ARTICLES

Panasonic and Jasmy unveil Web3 Platform for IoT data control

Posted on: March 28, 2024

Panasonic has joined forces with Jasmy (JASMY) blockchain to introduce a Web3 platform that will facilitate the connection of personal data on the Internet of Things (IoT). The collaboration between the Japanese-based blockchain and Panasonic Advanced Technology was initiated in February, but the official announcement was made on March 26.

Read more

Driving connected personalised user experiences with Generative AI

Posted on: March 27, 2024

As the world continues to rapidly move towards digitalisation, customer expectations are also on the rise. Around the globe, telcos are grappling with meeting these expectations. As well as ensuring connectivity in a secure, seamless, and consistent manner 24/7, to compete and differentiate, operators now need to provide personalised experiences that are as unique as

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more