IoT is not being secured for the long term, says Beecham Research report

There is growing concern within the IoT sector that security demands our urgent attention if the industry is to avert a crisis in confidence. Unless the Internet of Things (IoT ) is made secure from end-to-end for all users, both at consumer and enterprise levels, we risk seeing IoT appearing in disaster headlines that will undermine its success before it is even widely adopted.

Security is not a ‘nice-to-have’ feature, nor is it something that service providers can charge for as an upgrade. All the industry observers that M2M Now has contacted say that end users will expect it as a ‘given’ from their IoT service providers, as much as they expect it from their banks. Unfortunately, those who fail to deliver secure services will not only damage their own brand they may seriously compromise customer confidence in IoT services as a whole.

Recently ARM Holdings has launched its new mbed IoT Device Platform with claims that it provides “all the key ingredients” to build secure IoT applications. That platform is aimed at addressing communications related security issues in IoT, which is an important step, but according to Beecham Research there is a need right now to move beyond that limited focus.

An interim report launched in London recently by Beecham Research heralds the start of a study that will culminate in a full report (out in Q4) that underlines how security needs the urgent attention of everyone involved in the Internet of Things if the IoT is to achieve its full potential. The scope for damage or harm to people, possessions, businesses and national critical infrastructure from a successful attack on cyber-physical systems through the rapidly emerging Internet of Things (IoT), should not be underestimated, according to the report. Beecham Research Ltd., which has specialised in M2M and related markets since 2001, is a technology market research, analysis and consulting firm based in Cambridge, UK with offices in London and North America.

Announcing the start of the study that will be engaging with key stakeholders, the initial report from Beecham Research entitled “Evolving Secure Requirements for the Internet of Things” warns that there are currently insufficient security capabilities within the emerging IoT standards to manage the long life-cycles expected of many IoT devices. “While we may have some visibility of potential attacks over a few months, we need to protect IoT devices in the field for 10 years or longer,” said Professor Jon Howes, one of the authors of the report and Technology Director at Beecham Research. “Devices must be securely managed over their entire lifecycle, to be reset if needed and to enable remote remediation to rebuild and extend security capabilities over time.”

Beecham Research believes the answer to these challenges lies at the architectural level for both devices and systems and stretches from semiconductors through to network operators and system integrators. This approach underlines the need for common security objectives across the industry and interoperability within broad systems. This first report is a significant component of the longer study that includes substantial industry collaboration, covering silicon device vendors and extending across all major industry stakeholders. This will be followed by publication of a second report focused on frameworks for an array of use cases.

The initial report also highlights potential future attacks on IoT systems and how these may ultimately impact users, from home owners losing control of white goods, door locks being disengaged or security alarms being monitored.

“The attack surface of an Internet of Things system may be substantially larger than traditional PCs, as the complexity of ensuring multiple vendors’ systems working together will lead to a greater probability of exploits being available,” said Professor Howes. “We have all become familiar with computer malware but the impact of equivalent IoT attacks could be to turn off a heating system in the middle of winter or take control of other critical IoT systems, which could be potentially life threatening.”

Security in the Internet of Things is significantly more complex than many system designers have previously experienced, says the report. Some areas highlighted include where data must remain trusted and private, whether within the system, in flight or at rest, and the reliance on robust cryptography schemes. Additionally, significant evolution is required in the identification, authentication and authorisation of devices and people into IoT systems. Systems designers must also presume that all devices will become compromised at some point and ensure that it is possible to regain control. These devices will require quarantining inside the system while updates are being created and need to remain operational throughout the process.

The authors of the Beecham Research report also welcomed the work of industry organisations such as the AllSeen Alliance and the Open Interconnect Consortium looking at aspects of security within the IoT. However, various government organisations including the UK’s Centre for the Protection of National Infrastructure (CPNI) and the US Department for Homeland Security (DHS) have made it clear that IoT security must evolve more rapidly to meet the threats from hacktivism, terrorism and cyber warfare.

Haydn Povey, Technical Associate at Beecham Research and former Director of Secure Products at ARM Holdings, said, “While many technologies such as advanced cryptography are being introduced in current IoT devices, governments around the world are concerned about the acceleration of IoT and agree that there is significantly more work needed to meet the demands of future threats as outlined in the 20 Critical Security Controls originally developed by the Council on Cybersecurity for mainstream IT security.” Povey adds: “There is an urgent need to deliver cost effective solutions that enable robust security but also to retain the flexibility to deliver real benefits in the face of expected threats. This requires well-architected and interoperable frameworks across vendors and technologies, integrated at an IP and silicon level to enable the evolution of security services the whole industry can leverage.”

The Beecham Research study “Evolving Secure Requirements for the Internet of Things” is targeted at organisations across industry and government focused on the rapidly evolving IoT and Machine-to-Machine markets. While the industry has learnt many lessons from the traditional IT domain, “the initial steps in security for IoT are sufficient only for the near term and pressure must be applied to drive greater system robustness, ensure that interoperability is applied across the industry, and deliver standards that can be measured and certified,” concluded Robin Duke-Woolley, Founder of Beecham Research.

For more information go to: www.beechamresearch.com

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Bluetooth Range and Reliability: Myth vs Fact

Posted on: September 21, 2021

As Bluetooth is becoming more and more ubiquitous in smart homes, buildings, and factories, there are many myths about what the wireless technology can and cannot do. In fact, its capabilities go far beyond its use in consumer electronics and enables a wide range of professional solutions in commercial and industrial environments. Here are some of the common myths around Bluetooth – and the lesser-known facts

Read more

OQ Technology reveals patent portfolio in the US and Europe to improve satellite communications

Posted on: September 21, 2021

5G satellite operator OQ Technology has revealed six pending patent applications in the USA and in Europe that will improve satellite-based IoT and M2M communications in remote locations. OQ Technology’s patent applications include a “wake-up” technology for satellite IoT (Internet of things) devices, IoT device localisation, frequency and timing synchronisation, inter-satellite link technology and satellite

Read more