Is the Internet of Things broken beyond repair?

Simon Moffatt, EMEA director, advanced customer
engineering at ForgeRock

The Internet of Things has come a long way in the five years since the first IoT Day in 2011. But, there is a darker side to its success, with thousands of high-profile hacks having been carried out on connected devices.

So, is the IoT from a security perspective, broken beyond repair? Or, is security simply being overlooked in the race to be first to market? How can we ensure connected devices are not leaving us vulnerable to cyber attack?

We have gathered insight from industry experts, who share their views on what they believe is the solution – if, indeed, there is one – to the ongoing struggle to secure the IoT.

Identity in the IoT – Simon Moffatt, EMEA director, advanced customer engineering at ForgeRock

“The Internet of Things has come a long way in the five years since the first IoT Day in 2011. There is much to celebrate, of course – the creation of connected devices has enhanced our lives at home, at work and even on city-wide scale. However, as exciting as this concept is, the sheer volume of IoT devices has created a vast attack vector, and one that is growing at an unprecedented rate. According to industry analyst firm Gartner, 25 billion connected things will be in use by 2020. That’s more than five times the number of IoT devices in use in 2015.

“Of course, a network this big is bound to attract attention from malicious parties. Sure enough, if you type the words ‘IoT’ and ‘hack’ into Google, you’ll find thousands of examples of attacks on connected devices.

“So how can we combat the threat? Identity management solutions are key to securing the IoT, because they provide a means to understand where these threats are coming from. If a connected device can be identified, it becomes that much easier to confirm that the data it is generating is genuine and can be trusted. And importantly, giving every connected object a validated identity makes it possible to automatically prevent malicious actors from accessing and controlling the devices.”

Avoid IoT security shortcuts – Thomas Fischer, principal threat researcher at Digital Guardian

gadfaghd
Thomas Fischer, principal threat researcher at Digital Guardian

“In the race to be first to market with a new IoT device, organisations are overlooking basic security principles and are putting users at risk. You don’t have to look far for examples of how this could potentially occur. Take a well-established IoT technology such as smart home meters. If criminals were able to access the network these devices communicate through, they could quickly establish usage patterns to monitor when the house is or isn’t occupied and plan a break-in accordingly.

“The time and cost pressures on competing firms to get their latest product to market first is one of the major contributors towards security flaws. These devices are often produced with simplified hardware in order to keep costs down, but this means that they lack basic principals of integrity and failover. Often the more simple and user-friendly these devices become, the less secure they are.

“Companies that attempt to add protection retrospectively will face a task of enormous magnitude, and there’s a much higher chance mistakes will be made and vulnerabilities missed. It is critical that organisations developing IoT technologies – and even those selling them – ensure these products have been developed, built and sold with security in mind.”

A problem of scale – Klaus Gheri, VP & GM network security at Barracuda Networks

Klaus-Gheri-05 (2)
Klaus Gheri, VP & GM network security at Barracuda Networks

“One of the biggest challenges for organisations is making sure that all the data gathered by IoT sensors is fed back to a central location without being eavesdropped, intercepted or modified at all. One of the barriers to securing the IoT is simply that there’s not a ‘one size fits all’ solution. Many of the current IoT security solutions available today are so unwieldy or expensive that it is simply not feasible for businesses to implement them on a large scale.

“When the size of the IoT network goes into the thousands, deploying both the device and a security solution for it becomes a logistical challenge – how do you deploy the equipment? How do you manage its lifecycle? How do you implement security policies? Once you remove these barriers, businesses are far more willing to embrace IoT and do more about security.

“Any tool designed to provide secure, scalable connectivity for the IoT has to be relatively small, inexpensive, lightweight and mountable. It also needs to be easy to ship in large numbers and easy enough to implement and manage so that organisations don’t need to hire a whole new team of security or IT specialists.”

Operating in the cyber security stone age – Richard Beck, head of cyber security at QA

“When it comes to securing the IoT, we’re operating in the equivalent of the cyber security stone age. The security and privacy implications around the growing connectivity of devices is well-documented – an ever increasing attack surface, ever more sophisticated cyber criminals and users’ acceptance that technology will permeate every aspect of their lives.

“As it stands today, from a security and privacy perspective, the IoT is broken. There is no quick fix and we’re operating with an element of risk. What’s the answer? Technology has a role to play for sure. At the very least those organisations and software development teams should consider the privacy challenges of their connected products, devices and platforms. Offering encrypted services, authenticated access should be built in.

“The battle ground for 21st century IoT will be won and lost on the grounds of privacy and security controls. Regulators should at least recommend and in time mandate minimum controls to avoid the continued exposure of our sensitive and private data as we adopted more and more connected technology services at a consumer and business level. This won’t offer 100% protection today, but it might move us on from the cyber security stone age – before the perfect ‘privacy storm’ strikes.”

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

What Matter? – The newly smart home standard

Posted on: December 2, 2022

Matter is an industry-unifying IoT wireless network standard that still needs to be released. It strives to become a reliant, frictionless, safe communication basis for connected objects. The project was announced and started in 2019. By utilising a specific collection of IP-based networking technologies, initiating with Thread, wi-fi, and Ethernet, Matter is a platform built

Read more

Ericsson, Thales launches IoT accelerator device connect with eSIMs for enterprises

Posted on: December 2, 2022

Ericsson’s Internet of Things (IoT) business, in partnership with Thales, launches IoT Accelerator Device Connect, a service offering generic eSIMs unbundled from pre-selected Service Providers. For the first time, enterprises have the flexibility to select one or more Service Providers easily and instantly at the time of device activation. This new business model dramatically accelerates

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more