The security challenge posed by the Internet of Things: Part 2

In part one of this series, we outlined the three tiers of the IoT security architecture and three key security challenges IoT devices pose. Now we will move on to explore three specific examples of the security challenges IoT deployments can pose and underline the importance of thinking strategically to head off IoT security threats, says GH Rao, president – Engineering and R&D Services (ERS) at HCL Technologies.

IoT security problems can impact on deployments in several ways. For example:

  1. The pitfalls of quarantining: Traditional ways of quarantining will lead to other issues and would be detrimental in critical situations. For example, medical IoT devices are interesting in that they almost directly impact lives. A critical condition may trigger the device to send an atypical pattern of data transmissions that can trigger a traditional security system to quarantine the device and prevent the data from reaching the doctor. In turn, this may deny the person from receiving the appropriate mitigation action. Enhancements beyond monitoring to time-sensitive corrective actions, like implanted drug delivery devices, can prevent the doctor or nurse from remotely administering the dose in time if the device was erroneously quarantined by a traditional cybersecurity system.
  2. A sheep in wolf’s clothing: A sensor network monitoring quality at a water supply source might only communicate when conditions change. If central controlling systems expect to receive data only in variable bursts, spotting malicious communications from spoofing or hacked devices could be very difficult. Malicious devices can replay legitimate communications to trick threat detection systems using pattern profiling into acceptance as legitimate devices, then probe the centralised systems and applications for vulnerabilities as a trusted device.
  3. Legacy integration challenges: Another security challenge stems from the many legacy systems that are still in use within organisations. How can a company securely and efficiently link its 50-year-old mainframe and associated applications, which send unencrypted credentials and/or data using legacy protocols, to a new IoT infrastructure that draws from the cloud? New security tools will need to be deployed that can bridge such gaps and ensure that any data exchanged by the IoT network and existing systems remain secure at all times.
  4. Physical threats: Since many sensor devices are in the field for extended periods of time, often in remote areas, they are susceptible to physical threats like tampering, which in turn enable additional threat vectors. For example, a hacker could use the physical device to confuse the central system using false positives and false negatives, or infiltrators may gather data from the sensor and sell it on. The whole system or other sensors/devices could be compromised through gaining access to a single sensor and Denial-of-Service (DoS) attacks could be used by hackers to blackmail money from the owners company. Detection of such threat vectors is particularly difficult as it exploits the core trust model of conventional cybersecurity.

A new strategy is required

It’s clear that IoT projects will require IT teams to take a very different approach to security. Conventional perimeter-based approaches will have serious limitations, and deployment of sophisticated monitoring tools on endpoints will not be able to address all the vulnerabilities.

For this reason, existing security tools are unlikely to be appropriate for rapidly growing IoT networks. New suites of trust models, detection heuristics, adaptive remediation techniques, and tools will have to be sourced, deployed and managed.

GH Rao

The sheer scale of IoT devices will also require near real-time remediation when a threat is detected. This will require significant changes to threat detection-response technologies and procedures so that security staff can remain informed at all times without being deluged by inconsequential alerts.

On the regulatory front, an IoT specific risk and governance framework would also be required with specific policies and guidelines for successful rollout of IoT deployments. Government agencies will have to work with the private sector to ensure that suitable guidelines and laws are in place to guide deployments. As IoT devices permeate ever more areas, particularly sensitive places such as schools, hospitals, and homes, making sure security guidelines are followed will be vital.

IoT has the potential to revolutionise the way many organisations function and transform the services and products they can deliver to their customers. By paying attention to factors such as security early or investing in Secure by Design refactoring, the infrastructures created will be able to deliver on the large promises the technology offers without compromising on safety and security.

The author of this blog is GH Rao, president – Engineering and R&D Services (ERS) at HCL Technologies

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more