By Abrar Ullah, Assistant Professor, School of Mathematical and Computer Sciences, Heriot-Watt University Dubai
The Internet of Things (IoT), also gained popularity as the Internet of Everything or the Industrial Internet, is a new technology paradigm envisioned as a global network of machines and devices capable of interacting with each other. With increased network agility, rapid growth of artificial intelligence applications, and the capacity to deploy, automate, orchestrate, and secure diverse use cases at hyperscale, an IoT explosion is waiting to happen. According to International Data Corporation (IDC), over 41 billion devices are expected to be connected to IoT by 2025.
Thanks to 5G, almost every sector has started to explore the potential of enhanced cellular connectivity needed for successful IoT implementation and digital transformation of their business operations. In many countries around the world, governments are incentivising the adoption of IoT to spur further innovation and economic growth.
As 5G adoption continues to grow, IoT devices will become more ubiquitous. However, companies should lose sight of security. IoT devices connected to fast speed internet have always been an open target for cyber-attacks. Reports suggest that the number of cyber-attacks has increased in recent times as a result of hyperconnectivity.
IBM’s 2019 X-Force Threat Intelligence Index found that the manufacturing industry, including automotive, electronics and pharmaceuticals is the one of the most-attacked industries. While manufacturing companies possess valuable and ground-breaking business intelligence and data, they have not focused enough on cybersecurity.
The IoT security aims to preserve confidentiality, privacy, ensure the security of infrastructures, data, users, and devices of the IoT, and guarantee the availability of the services.
Abrar Ullah, Assistant Professor at the School of Mathematical and Computer Sciences in Heriot-Watt University Dubai, share his top three IoT security recommendations for businesses operating in the era of rapid digital transformation.
Choosing compliance-based IoT devices
Many manufacturers of the IoT devices are finding it a challenge to comply with IoT security standards and regulations, either due to a lack of awareness or limited security expertise. Collectively, manufacturers are apprehensive about entering the security arena as it seems like a costly process as well as a cause for a potential delay in the product release.
The most efficient way to ensure greater security in IoT devices is to follow a global industry standard. One such example is “ioXt SmartCert” which ensures IoT-enabled devices meet the eight ioXt principles and it also offers clear guidelines for baselining the appropriate level of security needed in a specific product.
Essentially, ioXt SmartCert informs end-users, retailers, and ecosystem partners that a product is secure. This initiative is an outcome of the ioXt Alliance – the only industry-led, global IoT product security and certification programme in the world. Choosing devices with the ioXt SmartCert, ultimately, instil greater confidence amongst consumers and retailers in a fast evolving hyperconnected world.
Strengthening physical security
Hardware, such as the sensors and actuators, comprises the most important elements in the IoT. Physical attacks target the hardware of an IoT system and include breaches at the sensor layer. They usually need physical proximity to the system but can also include events that reduce the efficacy of IoT hardware.
Hence, IoT devices should be physically secured in private, remote, or unattended locations so physical access is almost unrestricted with no time constraints. It is also vital to consider the physical accessibility of all IoT devices. The integration of the physical and cyber domains actually increases the exposure to attacks.
If an IoT device itself does not have any physical safeguards against tampering, it should be placed in a restricted area or secured with suitable locks or other tools. IP cameras, for instance, can be meddled with directly if a cybercriminal gets access to them. Malicious hardware or software can be implanted resulting in system failures or malware infection.
Fulfilling proactive risk management
It is not enough to simply get an IoT deployment up and running and then forget about it; risk assessments need to be carried out continuously. IoT’s risk profile continuously evolves, impacted by activities such as the addition and removal of devices, amendments to access policies, the detection of new weaknesses, and firmware and software updates applied to devices. When IoT data is shared between the enterprise and external service providers, third party risks might emerge.
Moreover, enterprises will need to track and comply with a growing number of regulations and guidelines as digital transformation and IoT continue to proliferate. Lastly, it is crucial to evaluate how the findings of a risk assessment can affect other actions taken. For instance, if the assessment discovers a sensitive or high-risk asset, it is important to consider how this would impact the maintenance, update and authentication policies associated with it.
Ensuring continuous monitoring with an IoT analytics platform facilitates a better understanding of the climate of your IoT environment. Baselining IoT devices and detecting the behavioural deviations and anomalies can help in the timely averting of threats. However, the various protocols ranging from D2D, D2S, and S2S to MQTT, XMPP, and DDS make IoT analytic requirements extremely complex. This calls for more integrated solutions that connect people, process, data, and things (internet of everything).
As 5G networks roll out, IoT applications will play a huge role in making our communities move forward and in helping businesses reach new heights. Ranging from the many smart devices at our homes to smart manufacturing, the potential benefits of IoT trumps the potential security risks.
However, implementing device and data security (without stifling innovation and economic growth) is necessary to build a successful IoT-based digital economy. While tackling cybersecurity risks, it is imperative to factor in device and data security from the outset across all points of the IoT ecosystem to reduce vulnerabilities.