What is the future of connectivity? And how do we think like attackers?
IoT Now’s editorial director quizzes Manfred Kube, head of IoT Products at Thales Analytics & IoT Solutions, about how connectivity is evolving in the Internet of Things and how we can secure our IoT devices.
IoT Now: How has connectivity evolved in recent years?
Manfred Kube: Today, the number of connected devices that are in use worldwide exceeds 17 billion and this number is only going to increase. In our personal lives, we expect news to instantly land on our smartphones or our car to automatically redirect our route to avoid congestion. While professionally, the rising number of IoT (Internet of Things) devices means that we expect real-time data analytics, remote monitoring or machine software updates.
The result of our reliance on connectivity solutions is that our networks have had to evolve to become ever more resilient and sophisticated. Such a high demand would otherwise cause disruption, lag and downtime. Connectivity is now about maintaining reliable, future-proof and secure lines of communication with the billions of connected devices.
IoT Now: What effect has this ‘connectivity boom’ had on IoT-enabled businesses?
MK: Simply put, connectivity has given businesses a chance to re-think strategy, listen and adapt to customer needs, provide new services or run operations more efficiently.
It’s a technology that has touched all sectors, be it retail, manufacturing, healthcare or financial services. It is delivering new insights into how businesses operate, how customers consume, how to overcome service inefficiencies and identify areas of improvement.
The onset of IoT is one of the most important developments in service delivery since the rise of the internet itself.
IoT Now: Have connected organisations been slow to react to the risk of new attacks? If so, why?
MK: The pressures of today’s commercial landscape often drive businesses to innovate quickly and be the first to market amongst their peers; however, this can be at the expense of security considerations. Security cannot be fitted retroactively. Once a breach or a hack has taken place, the damage is already done.
Approaching security as an afterthought does not work. Thales´survey found that 90% of consumers are not confident in the security of their IoT devices, while almost half of companies cannot detect an IoT-device breach. To deliver the full promise of the IoT and ensure the trust of connected devices´ end-users, security must be one of the first considerations of an IoT deployment. Securing devices by design provides a solid foundation for trust and enables security lifecycle management. This is key for connected objects operating for many years and which will need to evolve as new cyber threats and cybersecurity regulations will emerge.
IoT Now: What does Gemalto mean by taking a ‘security-by-design’ approach to protect connected devices?
MK: In security-by-design, it’s assumed that at some stage a connected device or system could be successfully attacked. So, attention is given to analysing potential threats in order to ensure the right level of protection is granted, at the point where it makes the most sense.
Securing devices starts in factory, where connected-devices-to-be should receive a secure identity and credentials. These will protect them from cloning, enable them to prove who they are and to encrypt the data they generate and send.
A defining point of IoT devices is their ability to be remotely managed and controlled, receiving updates and sharing data in real-time. If credentials have been injected at factory, these can be leveraged to send secure firmware updates to devices and make sure security elements and data access can evolve as needed: in case of breach suspicion or when a device changes ownership for example.
Most of all, though, security-by-design means thinking like an attacker, and layering defences in a way designed to protect data and devices even in the event of a breach. The approach emphasises encryption of all data when it is stored – be it in the device, in a gateway or cloud platform – or when it is in motion on the network or on the way to the cloud. Encryption mechanism ensures data confidentiality and integrity, rendering stolen data useless and preventing data tampering.
IoT Now: What are the advantages over competitor strategies?
MK: Gemalto ensures end-to-end cybersecurity. Our one-of-its-kind cybersecurity platform not only generate and provision steadfast IDs and encryption keys, leveraging best-in-class encryption mechanisms. It also enables secure device onboarding and digital authentication to external back-ends and applications, and make security attributes evolve during the lifespan of devices. Our solution encompasses state-of-the-art encryption tools and credentials storage, with the world-leading Hardware Security Module (HSM), together with a Public Key Infrastructure and Key Management System — all available under a central solution.
IoT Now: How do you establish trust in an IoT network? Can trust secure the future of connectivity?
MK: Embracing the IoT and the future of connectivity requires a completely new way of thinking about security and the importance of trust. If the end-user does not trust the IoT network they are using or the devices which are sharing and managing their data, then the entire ecosystem can fall down.
Trust is established by recognising the importance of security through adhering to industry-wide standards and protocols and having all it takes in place to make security evolve. As part of this, there is a pressing need to work with fellow industry stakeholders – be it the government, third parties or even competitors in industry associations – to agree on the foundations for connectivity and the safe transmission of data moving forward. Collaboration breeds best practice and helps the entire industry to move forward as one.
In the future, connectivity will underpin our smart cities with on-demand drone deliveries, autonomous cars and efficient energy systems. The way society lives, operates and communicates will be almost unrecognisable from today. In all of this though is a common variant which is trust. Trust that these technologies are handling data with care and are equipped with the latest security protocols to protect against malicious actors. Without it, the future of connectivity is very much in flux.
Jeremy Cowan was talking to Manfred Kube, head of IoT Products at Thales Analytics & IoT Solutions.