Delivering connectivity securely – why a new approach is required to secure IoT
Industrial device makers have in recent years continually looked to connect to the cloud in order to perform tasks such as predictive maintenance, streamlining processes and improving performance of systems.
However, from a customer perspective, the cloud has continually been treated with concern and suspicion; seen as insecure and too great a risk for some sectors. According to research by Accenture, security challenges are the biggest obstacle to industrial digitalisation via Internet of Things (IoT) devices.
The openness of data, and a myriad of breaches and viruses such as Stuxnet have all done little to quell fears. Cyber security news continues to dominate much of the technology and national media. Analyst house Forrester predicted that 2017 will see a large scale IoT breach, says Neil Hamilton, VP of Business Development at Thingstream.
The report titled Predictions 2017: Security and Skills Will Temper Growth of IoT, highlighted smart meters as a potential issue area stating: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities such as Heartbleed, especially if multiple IoT solutions include the same open source component.”
Smart devices for the home have faced high levels of scrutiny, particularly in the UK following warnings that all homes with a smart meter are liable to denial of service attacks – potentially crippling the country’s energy networks. As a result, IoT is arguably still fighting the ‘unsecure’ label pinned on it.
A new framework to deliver secure IoT is therefore essential. We need to look at both how we discuss security and how we actually go about preventing breaches.
The high levels of coverage and potentially damaging results of such breaches has helped to make ‘cyber’ into a negatively perceived term. The moment someone questions the cyber security credentials of a product, panic ensues. Equally when someone else says they can ‘fix’ cyber security issues, claims are heavily scrutinised by penetration testers from around the globe.
If progress is going to be made, we need to shift this stigma whilst introducing a better more secure means for connectivity. Part of this challenge is in complexity; for example, a core application of Industrial IoT is predictive maintenance. In order to predict if a mobile diesel generator is going to break down it must communicate its’ status over the internet.
A company running the service will need to ask an IT department to build a solution, or hire a supplier. The device then needs to be connected, requiring the involvement of a network operator or provider. The multiple layers that are currently involved in connecting a device can make it more likely to be intercepted, whether that is by DDOS or BOTNET attacks.
Simpler connectivity could therefore reduce the threat and likelihood of breaches. The common view is that the cloud is the problem, however it is in fact the transmission to the cloud where the majority of breaches happen and information is stolen.
Solutions to date have seeked to prevent breaches by wrapping existing communication means with security technology. In the home for example, consumers can purchase network access solutions that restrict who and what can access devices.
The problem these pose in industrial environments is firstly that they can be hacked and secondly they add complexity. What is required is a means of connection that doesn’t require heavy security products. As a result, a connection that moves directly between device and server, that does not allow for interception is the ideal happy medium.
A potential solution could be USSD (Unstructured Supplementary Service Data). The technology present in all mobile GSM networks can be leveraged to provide unprecedented security as there is effectively no ‘internet’ involved or access points within data transmissions. It is therefore impervious to internet related security threats such as Botnet, DDOS and more recently WannaCry.
Delivering connectivity securely is of critical importance to IoT growth and future evolution. We need to work to make IoT safe and highlight this point. IoT has the potential to transform how businesses, consumers and physical things interact, but this won’t happen unless we as an industry meet the security challenge head on. In short, we must adopt safe and secure technologies and make sure to talk about why these make IoT safe; without mentioning cyber.
The author of this blog is Neil Hamilton, VP of Business Development at Thingstream