IoT Security: Are We Ready for Billions of Connected Devices?
Robin Duke-Woolley, Beecham Research
There is a lot of focus on IoT security right now and many claims of complete end-to-end solutions. In general, though, these solutions are essentially unique to each individual supplier and often built with relatively small numbers of connected devices in mind – perhaps a few tens of thousands or hundreds of thousands at most for a single enterprise user. So how do you scale this level of security to the enormous volumes projected for the Internet of Things? Forecasts talk of multiple billions of connected devices by 2020 and with increasing levels of interoperability required between individual solutions on multiple networks and from multiple vendors. This is a hacker’s dream that looks like being an accident just waiting round the next corner, or the one after that if we’re lucky.
Part of the problem is that there is no non-partisan leader to champion this at present. Standards take way too long, so what to do?
Looking at the problem, what we have is an environment where potential threats are accumulating at a fast pace all around us. It is becoming an inherently “noisy” place for connected devices. Something must be done about these because such threats could destroy infrastructure and even businesses. They would certainly affect development of the connected devices market. One can see this as a threat, or as an opportunity. We see it as an opportunity for new added value. In principle, what we have is a required change in the specification for all IoT solutions. In essence, it is another set of essential technical requirements that must be catered for.
A recent report from Beecham Research talked about the risk of killing the M2M patient with an expensive cure. M2M solutions are typically built to a cost, so implementing high cost security into every solution irrespective of the markets they’re serving is not going to work economically. Instead the report talked about the need for right-sizing security for each M2M solution, but how to do that economically?
We believe the answer to these challenges lies in an approach that builds from the ground up and becomes inherent in the design of future solutions. As such, it must involve the semiconductor level – an essential aspect that surprisingly has so far been largely missing from IoT security solutions to date.
On September 10, Beecham Research is launching a study that aims to develop an approach towards solving these challenges. An initial report will be published that examines the current security issues that need to be addressed for an effective and developing IoT market. Exclusively, this will also cover Government requirements in Europe and North America for security of what is increasingly being referred to as Critical Infrastructure, of which the Internet of Things is a part.
The study will then include an intensive industry collaboration stage over the next few months – starting in the semiconductor industry and then further up the value chain – followed by publication of a recommended framework and roadmaps for different types of application. More information on this is available from iotsecurity@beechamresearch.com.