Balancing privacy, security, risk – and your brand – in an infinitely interconnected world

New challenges demand new end-to-end strategies – not just more technologies, says Oozi Cats, CEO of Telit Communications.

It’s one of those universal truisms that any increase in openness of any sort brings with it implicit risk. From stomach troubles on foreign holidays to teenage broken hearts, we spend our lives navigating often-narrow knife edges between opportunity and threat. It shouldn’t therefore be any surprise that the increasingly rapid adoption of IoT and M2M solutions by ever wider market sectors is presenting its own particular challenges to us, both as individual companies and as a wider collective community.

It’s already clear that two issues must be urgently addressed. First comes the all-important one of  keeping a continued confidence amongst both the general public and the worlds of business, government and the utilities in our ability to protect their data and systems.

However, before we can really do this, the second issue must be tackled: how do we create the right  kind of environment that ensures that security is built into our products, our solutions, our  companies, our markets and, especially importantly, our staff in truly holistic ways.

The high technology sector – from the early days of both the Internet and GSM – has often rolled out amazing technologies only to find that they were implicitly insecure. The end result was a sometimes embarrassing and expensive scramble to retro-fit security techniques like encryption. The Internet of Things (IoT) is too important to both our public and private lives for security to be seen as an afterthought.

Complementing this issue is another ‘softer’ issue and one to do with company cultures and  organisational structures. Although things have improved, enterprise IT security departments have been seen in the past as business limiters – not business enablers. They were the ones who always asked awkward questions when some new business initiative was suggested and, because their strategic advice was ignored in a race for shortterm profit, often had to clear up the mess later.

At Telit, both these facets of the central problem are very clear to us and we recently took a pledge to expand and enhance our efforts to educate and raise awareness of what security really means: not just amongst the technology community, but also across every market sector involved and the wider general public.

How the world perceives IoT risk

When it comes to actual awareness of security pitfalls and vulnerabilities, a major survey of  consumers, businesses and IT security specialists by international IT governance organisation ISACA (IT Risk-Reward Barometer, 2014) showed some interesting trends. Irrespective of region, most respondents knew about prominent data breaches of companies and most said their concerns had increased as a result. On further drilling down into the data, the research specifically addressed concerns about the IoT:  vulnerabilities to hacking; usage of customer data; resale of personal information; and tracking of individual behaviours and travel. While around half of those polled said that they proactively managed their privacy settings, the rest were essentially passive, only changing things such as passwords when a specific event occurred – or not even then. Overall, despite recognising the benefits of IoT, more than a third of the ISACA members and IT professionals surveyed felt that the risks currently outweighed the benefits to enterprises.

So, what can we do to change these perceptions?

Despite its virtual nature, cyberspace displays many of the characteristics of real world geographies. Just like any city, there are safe areas and unsafe areas. Organised crime and black hat hackers have their own equivalents of seedy bars and hangouts, where vulnerabilities, tools and data are shared and swopped. Some of the larger criminal and terrorist organisations even have their own R&D operations, funded by the profits from their illegal operations. Despite this – and just like real world villains – they’ll almost always target the easiest, most vulnerable, low-hanging fruit.

The response to this, we at Telit feel, is to create our own equivalents of ‘safe neighbourhoods’ for IoT, where information and best practice is readily shared across our industry’s equivalent of the shopkeepers, business owners and householders. This ‘zero tolerance’ strategy – just as it’s worked in some of the world’s major cities – can go a long way in deterring opportunistic crooks, driving them to move on in search of easier and weaker pickings.

That said, the incredibly complex value chains involved in much M2M/IoT activity will never be secured by simple point solutions and, again just as in the real world, a broad spectrum, multiagency approach is essential. Each technology sector will be familiar with its own vulnerabilities, while each market sector will also have its own native concerns. Around these are also the general public and ordinary everyday business users who’ll often inevitably try to avoid using appropriate security techniques if they impact on how easily they can use devices or services. Any cybercriminal will tell you that the easiest parts of the whole infrastructure to hack are actually human beings….

The whole is more than the sum of its parts

Telit’s recent work provides a good example of how this multi-level, multi-agency approach can work in practice. While there are numerous national and multinational organisations out there concerned with IT and network security, risk, fraud and revenue management, we identified a number of strategic points within the entire IoT/M2M universe where active input and participation would have the greatest strategic benefit for ourselves, our customers and the wider community.

GSMA Embedded SIM project: SIMs are one of the essential building blocks of cellular connectivity, so it was essential that security principles were deeply rooted right from the start and Telit played an important role in crafting these and is amongst the first in the industry to  commercialise a compliant solution – which you’ll be able to see at the Mobile World Congress in March.

ERTICO-ITS: This is a good example of sectorfocused activity, being a European organisation that promotes research and defines Intelligent Transportation System industry standards, connecting public authorities, businesses, infrastructure operators, users, national ITS associations and other organisations, both across Europe and internationally. Through ERTICO, Telit has been involved in defining secure specifications for the wider European eCall initative, which uses ‘black boxes’ deployed in vehicles to send alerts, sensor data and location information to emergency services in the event of accidents.

TIA’s TR-50 – The Telecommunications Industry Association’s (TIA) TR-50 initiative is developing an M2M Smart Device Communications framework able to work across different underlying wired and wireless links, using well- defined Application Programming Interfaces (APIs) that are agnostic to the specific vertical application domains such as Industrial Automation, ehealth and Smart Grids. Once again, Telit has been influential in developing specifications in both this and related protocols.

oneM2M – Telit has also been deeply involved in addressing key security issues within this organisation on a more generic basis, effectively creating a standard of standards that can be applied across multiple industry sectors, consolidating work carried out by more specialised groups.

5G – While it currently seems to be true that if you ask a room full of radio  engineers for their definitions of 5G, you’ll get more definitions than engineers, work is already moving apace in this domain. Unlike previous network-focused standards, 5G will be the first to consider and incorporate the unique needs of  machine communications – including security. Telit here, again, has been involved right from the earliest days, ensuring that issues around machine connectivity – and especially security – are incorporated from the ground up.

Integrating security – from the quantum level upwards

The fractal nature of our industry – where there are the same levels of complexity at each stage up from microprocessor to the networked product – means that there’s a  critical need to address security at the most basic levels of manufacturing and circuit design. This also extends to ensuring that where new firmware is distributed to remote devices for dynamic updating the whole path is secure.

With our 2013 acquisition of ILS Technology, Telit added critical expertise in data security. Take, for example their secureGATE solution, specially created to help semiconductor fabrication plants protect their design and manufacturing processes from digital infiltration and attack; while their secureWISE offering monitors and secures traffic to and from each tool on the factory floor.

This kind of ground-up, silicon>component>system strategy is especially important when it comes to securing the Connected Car – or the ‘Smartphone on Wheels’, as some now define it, with its own IP address. As new functionalities are added to this platform, such as driver assistance systems, theft prevention, intelligent traffic  management and more, each must be protected, both singly and when they’re operating in unison.

While the CAN bus and other architectures continue to evolve, increasing in speed and functionality, some suppliers have brought in specific point countermeasures to address individual elements in the digital command, content and control chain, such as secure keys, encrypted data, message filtering and the like. By contrast, Telit’s strategy has been to create a much wider, all ncompassing environment –ATOP, m2mAIR Mobile and deviceWISE – implementing multiple measures using state-ofthe- art bank transaction-level security where keys and certificates are used in each communications element and module. In fact, the ATOP module even has a dedicated processor to store keys and process encryption algorithms to protect the entire vehicle from digital attack.

Telit m2mAIR in particular offers Shield, a new service specifically designed to detect and protect against attacks at the device itself – essentially shutting down the communications module and recording attack data to transmit once the attack is complete, while deviceWISE, on which our m2mAIR Cloud offering is based, has been named the most secure M2M application enablement platform on the market two years running by leading research firm ABI, thanks to its file-level access policies which  leverage and build upon the expertise behind secureWISE.

Adopting inclusive policies and strategies

A famous French statesman once observed that “war was too important to be left to the military”. The same applies to M2M/IoT security – it’s far too important to our entire world to be left solely to the security experts, excellent though they might be in their respective fields. Indeed, the sheer breadth of security issues that can impact  different aspects of the M2M/IoT universe – cryptography, identity theft, authentication, physical and plant security, access control, social hacking and so on – urgently require the imposition of truly holistic operational security frameworks by companies working in this space. In this context, a number of risk analysis and management methodologies already exist which can be adapted for M2M/IoT environments.

Much like our broader ONE STOP. ONE SHOP. offering, we believe the first step to solving an industry-wide problem is cknowledging it. Just like the boy who cried ‘wolf’ in the children’s tale, it may be unpopular with our industry peers to point out potential security risks associated with the M2M/IoT domain, but we’ve never shied away from such a challenge. We encourage you to talk to your suppliers and the many industry and technology organisations now sharing best practice advice about how they can help protect your mission-critical data at every possible entry point – from edge to HQ’s IT department. Then you’ll be able to determine for yourself whether your devices are secure at the edge, your data is secure in transit and arrives at your enterprise systems without tampering.

We see end-to-end cyber-protection for IoT data and privacy as a fundamental requirement for providers in our space. While there have been some recent high-profile security and privacy breaches in the news, that doesn’t mean that today’s connected consumer needs to be suspicious of the many services and benefits that the Internet of Things provides. Telit and its subsidiary companies are deeply committed to data security across the entire value chain and are actively engaged in defining and building the standards of security around device communications.

Oozi Cats has 25 years of experience in creating and leading business ventures. In 2000 Cats founded Telit, then an Israeli start-up for high level engineering and distribution in the field of wireless communications. In 2002 Cats led Telit to
acquire a bankrupt GSM/GPRS handset company in Italy and restructured its human resources & strategy to become an M2M platform. In 2005 Cats took Telit Communications PLC public on LSE (AIM) raising about GBP 20M. With the funds in place Cats globalised the company by adding to its cellular GSM/GPRS core competence also CDMA, EVDO, UMTS and later also HxPA & LTE. Since then, Mr. Cats has led Telit to become a leading enabler of the Internet of Things by bringing together, through a series of acquisitions, all the pieces of the IoT puzzle including hardware, software and services across the entire M2M value chain.


HUAWEI IdeaHub S2 launched for smart office and education

Posted on: August 16, 2022

Beijing, China. 16 August, 2022 – On August 8, 2022, CCTV news joined Huawei at the Intelligent Collaboration 2022 new product launch, which officially released the HUAWEI IdeaHub S2 – the HarmonyOS collaboration flat panel. The IdeaHub S2 is another success to add to Huawei’s portfolio of innovative, creating better value for customers.

Read more

Nordic-powered smart utility access cover offers anti-theft protection and detects open/close events

Posted on: August 16, 2022

Oslo, Norway – China-based Jian-IOT has launched a smart utility access cover that can detect when the cover has been opened or closed, records water level and temperature data, identifies any damage, and includes an anti-theft system that tracks the current location of the device. The ‘Integrated Intelligent Manhole Cover’ employs Nordic’s nRF52832 SoC to both act

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox