Defensive strategies for protecting IoT

When it comes to the Internet of Things (IoT), there are already billions of the tiny connected devices and they’re creating game-changing opportunities for a variety of companies. But IoT’s promise could be derailed by its risks. Building a secure IoT future will require the efforts of all industry participants, from those that make IoT devices to the companies that use them.

Low cost and connected by design

A big challenge facing IoT security is cost. The beauty of IoT is its efficiency — the devices are meant to be small, inexpensive tools with low processing power and low memory. Security was never part of the design of these devices. Embedding security mechanisms within the devices would increase costs and unravel IoT’s efficiency.

However, like PCs and smartphones, IoT devices are internet-connected and susceptible to daily threats, so foregoing security would be even costlier. Not only can the devices be used as backdoors into systems with troves of sensitive data, but they can also be turned into unsuspecting agents in far-reaching and extremely costly Distributed Denial of Service (DDoS) attacks. In October 2016, for example, a massive cybersecurity attack used IoT devices — specifically, internet-enabled cameras — as a platform for DDoS attacks that affected a number of major websites including Twitter, Netflix and Pinterest.

The lack of IoT standards is impeding IoT security, and IoT is unlikely to scale until the industry addresses the security issue. Industry-wide standards can give manufacturers security baselines for IoT solutions and users guidelines for IoT device purchases and implementations. Standards could also provide a framework for enforcing liability in the event of a security failure. Today, a number of standards have been put forth, but no dominant standard yet exists.

Educate, integrate, collaborate

Still, there are things businesses can do today to move IoT implementation forward while minimizing security risks.

  • Tap into experts. Use the expertise and advisory services of a solutions provider like DXC Technology, who knows the ins and outs of current ecosystem players and can help you mitigate security risks with a system-wide perspective.
  • Take an integration approach. Integrate management solutions and bring the IoT platform inside your business for primary connectivity and data movement; then pull that data into an analytics environment that’s more sophisticated. This is a case where more is better.
  • Pick the right IoT devices. Choose IoT devices that have a strong ecosystem and a set of partners who are open about how they’re sharing information.
  • Add layers of protection. Use IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the internet to help manage the overall lack of security present with IoT.
  • Get involved in creating standards. Over the long haul, the best thing you can do is get involved in standards development, both in the broader technology arena as well as your specific industry. Your end-user perspective is vital to creating implementable, industry-wide standards around IoT.

Analyst firm Gartner estimates there will be 8.4 billion IoT devices deployed this year, and by 2020 that number will jump to 20.4 billion. Clearly, it’s game on for IoT.

The technology is central to Industry 4.0, the latest industrial revolution powered by the digitization, data and interconnection of IoT sensors, devices and services — all integrated to enhance industrial value chains.

To learn more, read the article in Wired magazine featuring DXC’s Chris Moyer, “IoT Is Coming Even if Security Isn’t Ready.”


Rhodri Davies is security and service operations architect at DXC Technology.

 

 

 

RELATED LINKS

Industry 4.0 and IoT pose new security challenges

Connectivity is an overlooked barrier to IoT

Worse than ransomware? That’s just great.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: