How to secure the Internet of Things - IoT global network

Blogs

How to secure the Internet of Things

June 22, 2016

Posted by: George Malim

Sukamal Banerjee, HCL Technologies

The Internet of Things (IoT) revolution is gearing up to dramatically alter various industrial sectors of the economy including manufacturing, healthcare, energy and transportation amongst others, which together account for nearly two-thirds of the global GDP, writes Sukamal Banerjee, the executive vice president of engineering and R&D services at HCL Technologies.

While this latest technology wave promises to bring unprecedented opportunities to business and society, it also opens up the doors for various vulnerabilities and security threats, which if compromised can lead to damaging consequences. We have already heard news of baby monitors, medical gadgets, smart lights and even autonomous cars being either hacked or proven vulnerable.

According to Gartner, about 26 billion devices will be connected by 2020. This is a phenomenal jump from about 4.9 billion connected devices today in 2016. Along with the exciting possibilities this five-fold growth brings, this also gives hackers 26 billion targets to infiltrate the network. As more and more devices are connected, the network is becoming increasingly fragile. Unfortunately, the speed with which innovation is happening means that security is often being added as an afterthought rather than being built-in from the start, leaving vulnerabilities for hackers to exploit. This is no small problem. A key part of the IoT is not only inventing the sensors and connecting the systems but also securing the plethora of data that passes back and forth.

Better the devil you know

The first step in securing IoT is to understand where the threats are likely to come from and who the attackers will be. Perhaps of most immediate concern to enterprises will be passive attackers looking to take advantage of security weaknesses in IoT devices and networks in order to steal confidential data. These attacks might be very difficult to detect, as many are likely to come because of insider activity, from employees, partners and suppliers abusing access privileges. As a result, enterprises will have to be on their guard from within as well as keeping a close eye on their borders.

The other severe threats will likely come from active attackers targeting IoT devices with remote access attempts, or IoT networks with techniques such as Sybil or DDoS attacks to cause operational failures and disruption. These attacks could have the most severe consequences. For instance, Hackers could potentially shut down medical devices in a hospital operating theatre, putting lives at risk. We’ve already seen some pretty alarming attempts at small scale remote access in practice; with a number of well-publicised cases of hackers exploiting vulnerabilities in wireless webcams, CCTV cameras and even baby monitors to spy on people. More recently, Black Hat hackers in the U.S. demonstrated an exploit enabling them to take control of brakes and other critical systems in connected cars. When these exploits are leveraged against enterprise networks, as they almost certainly will be, the risk of disruption will be immense.

Take the fight to them

IoT is still in its early evolution, so we’ve thankfully yet to see any truly catastrophic breaches or security incidents. However, hackers won’t rest on their laurels for long, and enterprises looking to leverage the IoT can’t afford to be caught unawares when the attackers do start to come for them. As such, they need to begin developing new security frameworks that span the entire cyber and physical stacks, from device-level authentication to application security and robust data protection measures. Every enterprise is different, so there can be no one-size fits all approach to creating an IoT security policy, but there are a number of key aspects that must be considered by all.

There also needs to be new kind of innovative solutions to this. We cannot assume the standard practices of network security will suffice across all forms of devices in this emerging world of hyper-connectivity. Already significant work is on in this space. However, no single entity can solve the security issues on its own. Government agencies, academia and global enterprises will need to collaborate and respond rapidly with measured force to build robust security measures and infrastructure.

IoT with its immense potential is clearly here to stay. Security is one of the challenges that needs to be met in an accelerated and focussed way to ensure the potential of IoT is fully realized. The potential benefits far outweigh the security risks and hence while work on security needs to be enhanced the adoption curve for IoT should be sustained and accelerated.