What does secure IoT mean to you? Cybersecurity and, more broadly, security as it is understood, has become a major component of the IoT industry. IoT enables connectivity among devices and systems and facilitates unprecedented levels of data collection – but as part of the same knife edge, it expands the surface area for attacks and brings significant security challenges. As IoT devices proliferate, keeping devices secure has never been more important.
Risks associated with IoT
IoT devices are designed to collect, transmit and sometimes process data autonomously. This introduces several security risks; data breaches, unauthorised access, vulnerabilities, lack of updates and privacy concerns. Data breaches are arguably one of the most significant risks for the way in which devices are targeted for the valuable information they hold.
Vulnerabilities are equally important, as they can occur when the varied ecosystem of IoT devices – including smart home devices and industrial sensors – have been rapidly developed and deployed and subsequently overlooked outdated or insecure software components. These vulnerabilities can be exploited by attackers to launch more extensive attacks like distributed denial-of-service (DDoS) attacks, which becomes a larger problem.
Implementing security measures from the outset
Implementing security measures from the outset is exemplified in the secure by design mindset; a concept that refers to integrating security in from every stage of the device’s development lifecycle, and maintaining security throughout by using over-the-air (OTA) updates. In short, once a device is launched on the market, keeping it secure doesn’t stop there.
This approach involves threat modelling, secure coding practices and rigorous testing. Considering security from the outset means product developers aren’t just better prepared for potential cyber attacks – but to be able to identify and mitigate vulnerabilities before they become a bigger problem.
Christopher Schouten, Senior Director, IoT Security at Kudelski IoT covered this secure by design approach in an episode of IoT Unplugged, sharing a shifting mindset. “We think [secure by design] is an important shift in mindset. It’s what the different regulations around the world are demanding, a stronger focus on secure by design,” he explained.
Experts banding together with joint aim of secure IoT
Fortunately, there’s a wealth of knowledge and expertise in the cybersecurity space that has reflected the seriousness with which security is regarded in IoT, as well as the power of a collective effort to continually address issues as the threat landscape continues to evolve.
In some cases, addressing cyber risks on a legislative level has brought about the PSTI Act and the NIS2 Directive, reflecting how governments are responding to the pressing need to implement security standards at this level.
On the PSTI Act, Petr Kosek, Cyber Security Manager, 2N Telecommunications said in a press release put out by the company: “Most of our customers want to improve their home’s security, but do not verify product solutions themselves and instead blindly trust the manufacturer and vendor promises. But in many cases, security threats are not just the manufacturer’s fault, but the users as well. PSTI sets out clear rules for basic product security settings.”
In a contributed article to IoT Insider, Lee Carter, Cyber Security Product Manager at SolutionsPT dissected the PSTI Act, sharing information of what was in scope, a common question regarding the legislation, as well as implications for smart devices used in applications including IIoT.
“Smart devices used in manufacturing and OT environments are often integrated into larger OT systems and networks,” he wrote. “By ensuring that these devices adhere to minimum security standards and use strong authentication measures, the legislation aims to reduce the risk of cyberattacks targeting OT systems.”
Jos Beernink, VP EMEA at Milestone Systems recently wrote about the NIS2 Directive in a contributed article for IoT Insider. “We live in an increasingly digital world, so it comes as little surprise that cybersecurity is at the top of business leaders’ and governments’ agendas,” he wrote. He shared insights on the requirements of the Directive, including protecting your network, and stressed the importance of finding the right partner.
“A well-informed and serious technology partner can help companies navigate the complex cybersecurity landscape, ensuring robust protection for their digital assets,” he wrote.
The future of secure IoT
Although the continually evolving threats, the persistence of cyber attackers to gain access, and the headline stories that happen when a company is breached can appear overwhelming, or daunting at times, the tools, support and expertise of those working in cybersecurity is a sure fire way to prepare yourself accordingly.
Post-quantum cryptography, which involves developing algorithms resistant to quantum attacks, Edge computing with enhanced security, using Blockchain technology and increased regulation and standardisation are areas that could possibly have a greater impact on secure IoT further down the line.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.