i-PRO’s Internet of Things cybersecurity pillars to build a strong IoT security program

i-PRO joins with the U.S. department of homeland security cyber and infrastructure security agency (DHS CISA) to raise awareness around cybersecurity for NCSAM (national cyber security awareness month). The world has seen a significant increase in cyber-attacks aimed at critical infrastructure and security products in the last few years, with Industrial Internet of Things (IIoT) devices such as security cameras, becoming prime targets for hackers. According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost and extrapolated for all of 2021, there were over 3 billion IoT breaches, and that’s just the recorded number, the actual number is probably much higher, says Will Knehr, senior manager of information security and data privacy at i-PRO.

In an i-PRO poll of almost 100 LinkedIn users we asked, “Who is typically responsible for ensuring the cybersecurity of security systems in an organisation?” 55% of respondents said that the IT department was responsible, while 23% said that it was the device manufacturer. Only 13% said it was the system integrator, while 10% said it was the safety security department. While the answers vary based on the requirements of the installation, it’s clear that IoT and IIoT manufacturers must do more to help secure these devices and educate the market on security best practices. So, as part of cybersecurity awareness month, i-PRO is releasing our “Internet of Things cybersecurity pillars” to help educate the market on IoT security. The pillars focus on what we believe are the four core tenets that should be the foundation of any IoT security program. The four pillars are resiliency, cyber hygiene, product security, and proper configuration.

In this article, we will briefly explore each of these pillars, and over the next few weeks, we will release more detailed explanations of each pillar. We hope that you will join us on this journey and together we can work to make IIoT safer for everyone!

What is IoT and IIoT? Since we will be using these terms a lot throughout these articles, it’s probably best to go ahead and make sure that we are all on the same page. IoT is the Internet of Things, and it is typically defined as small computing devices, sensors, or software that communicate and exchange data over the internet. Still confused? No sweat, you interact with these devices every day and maybe don’t even realise it. These are devices like smart refrigerators, vacuums, dryers, thermostats, home security systems, wearable fitness and wellness tracking, light switches, and even healthcare devices like pacemakers. Unfortunately, most of these devices were not made with security in mind, they were just made to function and provide convenience to the consumer. IIoT is just like IoT but developed for an Industrial market. IIoT includes devices used in manufacturing, heating and cooling of commercial facilities, smart fire control systems, commercial security systems, and smart farm devices. These devices automate a lot of commercial processes which increase efficiency and often help to reduce costs, but they have also introduced a new set of vulnerabilities to organisations. To alleviate any confusion, for the rest of the article we will use the terms IoT and IIoT interchangeably.

Without any further ado, let us hop into these pillars and see what we can do as a team to make our IoT devices better.


The first pillar focuses on resiliency, which simply put, means that your IIoT device or security system will be there when you need it the most. Will your security system work during a power outage, severe weather, communication disruption (telephone or internet outage), or cyber-attack? These are the types of questions that will help your organisation determine if your devices are resilient. One of the toughest challenges in achieving true resiliency is marrying physical security and cybersecurity together.

Cyber hygiene

The best thing you can do to protect your IoT devices is put deodorant on them and wash them every day….just kidding, we aren’t talking about that kind of hygiene. What we are referring to is the care and maintenance of IoT devices. When was the last time you updated your IoT firmware or software? Do you have an inventory of all IoT devices on your network? Are you using strong passwords or authentication for your IoT devices? Did you ever change the default passwords on your IoT devices? These questions will give you a sense of your cyber hygiene. IoT devices need to be updated and inventoried just like any other device on the network, however, they are often overlooked or forgotten about once deployed.

Product security

Product security refers to the security features on the device itself. Many IoT devices, especially cheap ones or devices made by fly-by-night companies, don’t build security features into their devices. We recommended purchasing devices from reputable companies that will fix security flaws as they are reported. Some of the security features to look for in an IoT device are encryption (protecting usernames, passwords, and device traffic), authentication (does the device ensure that it only takes instructions from an authenticated source), and the support of secure network standards like 802.1x.

Proper configuration

Will Knehr

In the previous pillar, we focused on the security features that an IoT device has, but those security features are pointless if they aren’t configured or set up properly. Proper configuration focuses on ensuring the devices have the security features turned on and turning off any features that aren’t in use, but it also includes making sure that the network is set up properly. Often these IoT devices are hacked because attackers can get to the devices in the first place, one way to help with that is by ensuring that your IoT devices aren’t visible from the internet. This can be done by properly configuring the network and using network security best practices such as network segmentation.

The author is Will Knehr, senior manager of information security and data privacy at i-PRO.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


LEXI develops universal IoT platform for easing IoT experience

Posted on: December 5, 2022

Berkeley, United States – LEXI, the company behind the comprehensive IoT technologies that are transforming how both enterprises and consumers manage and automate their smart spaces, announced the LEXI IoT platform – a sizable step forward in easing the IoT experience for everyone connecting products, across apps, and across ecosystems.

Read more

CloudBees joins Amazon EC2 Spot Ready Partner program

Posted on: December 5, 2022

San Jose, United States – CloudBees, a software delivery platform for enterprises, announced that it achieved the Amazon Web Service (AWS) Service Ready program for Amazon Elastic Compute Cloud (Amazon EC2) Spot instances. This designation recognises that CloudBees and its CloudBees CI solution has demonstrated support for Amazon EC2 Spot instances.

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more