The security challenge posed by the Internet of Things: Part 1

Many organisations are experimenting with IoT projects, but these bring in significantly different security challenges, which can have far-reaching consequences. An appreciation of these unique challenges is important for the effective rollout of IoT.

These challenges differ from those that arise in more conventional technology infrastructures. Strategies that involve ring fencing core systems and applications and tightly controlling access do not work with IoT. Here the scale is exponentially multiplied as you’re dealing with potentially tens or hundreds of thousands of small devices spread across large areas in real-time. Unlike traditional cybersecurity, which mostly results in data compromise, security challenges of real-time IoT networks can have far-reaching implications on human security and safety, says GH Rao, president – Engineering and R&D Services (ERS) at HCL Technologies.

Popular IoT deployments vary from those of building automation systems and sensor networks to critical connected healthcare solutions, connected vehicles, and industrial robotics. Such deployment scenarios can automate device management, improve efficiencies and reduce operational costs while improving the customer experience. There are opportunities in every business sector and early adopter organisations are racing to secure a first-mover advantage.

IoT systems’ security challenges

Security challenges of IoT systems can be broadly categorised into the three-tier IoT security architecture:

  1. Security of devices: It is important that each device only does what it is intended to do and offers no scope to anyone or anything to infiltrate and reprogram it. With the wide range of IoT devices, there are large sections of the code to be protected either through encryption or access control. While essential for speed and efficiency, OTA (Over-The-Air) update capabilities, for software and firmware updates, can compromise the security of the system. These IoT devices face numerous vulnerabilities because of the way they operate.
  2. Security of communications: IoT communications happen over both public and private networks, industrial networks and IT networks. Securing network protocols is an important challenge. As a lot of IoT devices have sensors with low computational power, providing data and network-based encryption will fall on gateways, which in turn will need to secure vast amounts of structured and unstructured data in addition to supporting different types of connections (Wi-Fi, Bluetooth, Cellular, Zigbee, NFC etc.) and device architectures.
  3. Security of cloud/data centre: Data from IoT devices goes into cloud and applications. Insecure cloud and mobile interfaces for these applications is a huge challenge, as they most often use open source libraries and technologies. Furthermore, all types of IoT devices and users connect to the cloud remotely. Securing these connections is very important. Rather than securing the entire data store, one would need to secure every data packet as there are innumerable sources with different levels of security.

The challenge of IoT devices

As more devices are added to IoT networks, the security challenge grows. According to Gartner, around 26 billion IoT devices will be connected by 2020. This gives hackers 26 billion potential targets. This poses three key challenges:

  1. Limitations of ring-fencing: A significant proportion of the security challenges surrounding IoT deployments come from the nature of the devices being connected. Since these devices are always connected and periodically transmitting data, the traditional ring fencing model with intermittently connecting roaming personal devices like smartphone, tablets, etc. is already proving to be a struggle. The small size, large-scale and distributed nature of IoT devices will overwhelm such cybersecurity models. This is further exacerbated by the expectation that the device will be owned by the customer; yet the onus of its security is on the manufacturer, which then renders moot the ring fence concept.
  2. Limited compute capability of IoT devices: Many such sensors and other monitoring devices, have very limited computational capabilities. As a result, the security tools that work on computers often simply can’t be installed due to a lack of CPU power and data storage capacity. Most of such tools are written for computer architectures which are significantly different from those in the devices, nor can one rely on digital certificates mandated by the cybersecurity model. Also, many have not been designed to readily accept updates and patches, which makes ongoing security maintenance problematic. Some also have configuration and security settings set in the firmware that simply can’t be updated. Further, as more insights are gained from the data collected from IoT monitoring devices, these devices are being enhanced to perform corrective actions which then add to the challenges.
  3. Irregular communication patterns: The sheer volume of IoT devices, together with their irregular communication patterns, can overwhelm many security tools. Data patterns that would indicate a compromise or attack in a conventional IT infrastructure are likely to be common in an IoT infrastructure. One of the major reasons for such irregular data patterns is that their communication patterns are logical in the context of the local conditions.
GH Rao

Another reason is IoT goes beyond just connecting devices to increasingly smarter devices, which trigger contextually adaptive communication patterns, the conventional static models deployed in the infrastructure are bereft of this context and hence unlikely to correctly handle such dynamic situations. In addition, the knee-jerk reaction of cybersecurity experts to deny access to ring-fenced assets further aggravates the situation.

In the second half of this blog, we’ll be moving on to explore three specific industry examples of security challenges IoT deployments can pose and underline the importance of thinking strategically to head off IoT security threats.

The author of this blog is GH Rao, president – Engineering and R&D Services (ERS) at HCL Technologies

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


Ospitek, BEST Health System partner to improve the outpatient surgical experience with IoT, AI

Posted on: December 6, 2022

OSPITEK INC., the developer of the proprietary Digital Health platform VIEW, has partnered with Ohio’s BEST Health System to implement the VIEW software platform in BEST’s outpatient surgical centres. The VIEW platform is a cloud-based software and IoT enhanced, Ambulatory Surgery Centre (ASC) management and communication platform, designed for rapid adoption to compliment legacy EHR

Read more

KORE collaborates with Google Cloud to deliver IoT solutions

Posted on: December 6, 2022

KORE, a global specialist in Internet of Things (IoT) Solutions and worldwide IoT Connectivity-as-a-Service (IoT CaaS) has announced that it has established a go to market alliance with Google Cloud to bring IoT capabilities to global businesses.

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more