The security challenge posed by the Internet of Things: Part 2

In part one of this series, we outlined the three tiers of the IoT security architecture and three key security challenges IoT devices pose. Now we will move on to explore three specific examples of the security challenges IoT deployments can pose and underline the importance of thinking strategically to head off IoT security threats, says GH Rao, president – Engineering and R&D Services (ERS) at HCL Technologies.

IoT security problems can impact on deployments in several ways. For example:

  1. The pitfalls of quarantining: Traditional ways of quarantining will lead to other issues and would be detrimental in critical situations. For example, medical IoT devices are interesting in that they almost directly impact lives. A critical condition may trigger the device to send an atypical pattern of data transmissions that can trigger a traditional security system to quarantine the device and prevent the data from reaching the doctor. In turn, this may deny the person from receiving the appropriate mitigation action. Enhancements beyond monitoring to time-sensitive corrective actions, like implanted drug delivery devices, can prevent the doctor or nurse from remotely administering the dose in time if the device was erroneously quarantined by a traditional cybersecurity system.
  2. A sheep in wolf’s clothing: A sensor network monitoring quality at a water supply source might only communicate when conditions change. If central controlling systems expect to receive data only in variable bursts, spotting malicious communications from spoofing or hacked devices could be very difficult. Malicious devices can replay legitimate communications to trick threat detection systems using pattern profiling into acceptance as legitimate devices, then probe the centralised systems and applications for vulnerabilities as a trusted device.
  3. Legacy integration challenges: Another security challenge stems from the many legacy systems that are still in use within organisations. How can a company securely and efficiently link its 50-year-old mainframe and associated applications, which send unencrypted credentials and/or data using legacy protocols, to a new IoT infrastructure that draws from the cloud? New security tools will need to be deployed that can bridge such gaps and ensure that any data exchanged by the IoT network and existing systems remain secure at all times.
  4. Physical threats: Since many sensor devices are in the field for extended periods of time, often in remote areas, they are susceptible to physical threats like tampering, which in turn enable additional threat vectors. For example, a hacker could use the physical device to confuse the central system using false positives and false negatives, or infiltrators may gather data from the sensor and sell it on. The whole system or other sensors/devices could be compromised through gaining access to a single sensor and Denial-of-Service (DoS) attacks could be used by hackers to blackmail money from the owners company. Detection of such threat vectors is particularly difficult as it exploits the core trust model of conventional cybersecurity.

A new strategy is required

It’s clear that IoT projects will require IT teams to take a very different approach to security. Conventional perimeter-based approaches will have serious limitations, and deployment of sophisticated monitoring tools on endpoints will not be able to address all the vulnerabilities.

For this reason, existing security tools are unlikely to be appropriate for rapidly growing IoT networks. New suites of trust models, detection heuristics, adaptive remediation techniques, and tools will have to be sourced, deployed and managed.

GH Rao

The sheer scale of IoT devices will also require near real-time remediation when a threat is detected. This will require significant changes to threat detection-response technologies and procedures so that security staff can remain informed at all times without being deluged by inconsequential alerts.

On the regulatory front, an IoT specific risk and governance framework would also be required with specific policies and guidelines for successful rollout of IoT deployments. Government agencies will have to work with the private sector to ensure that suitable guidelines and laws are in place to guide deployments. As IoT devices permeate ever more areas, particularly sensitive places such as schools, hospitals, and homes, making sure security guidelines are followed will be vital.

IoT has the potential to revolutionise the way many organisations function and transform the services and products they can deliver to their customers. By paying attention to factors such as security early or investing in Secure by Design refactoring, the infrastructures created will be able to deliver on the large promises the technology offers without compromising on safety and security.

The author of this blog is GH Rao, president – Engineering and R&D Services (ERS) at HCL Technologies

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Workz debuts unrestricted IoT device management

Posted on: May 3, 2024

Workz, a cloud-based eSIM vendor, has launched its new remote device management solution designed for the Internet of Things (IoT) industry. The platform eliminates the restrictions associated with traditional technologies

Read more

Itron improves Temetra platform for water utilities in Australia and New Zealand

Posted on: May 2, 2024

Itron expands the capabilities of its Temetra platform in Australia and New Zealand to include NB-IoT communications, enabling digital transformation for water utilities. Temetra’s comprehensive offering includes metre data processing,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more