Who Will Step Up To Secure The Internet Of Things?

The Internet of Things (IoT) presents a significant mix of opportunity and risk. Compared to the connected devices of the past, the gazillions of new IoT devices that are being predicted for our homes, transportation, cities, medical devices and elsewhere represent a unique set of security challenges for both companies and their users.

To start, IoT devices significantly expand the attack surface. Hackers can easily purchase any IoT device, which will often contain the same security features of other, identical devices already deployed in hundreds or even thousands of homes. Unlike servers or networking equipment, which are usually hacked through remote access points and reside in protected and monitored environments, IoT devices are more accessible to malicious threat actors.

The widespread availability and proliferation of these devices means that once a device is compromised, it’s very difficult for a company to flip a switch and update the millions of devices just like it sold around the world. It also means that hackers can use one insecure device to leapfrog their way into broader connected networks, allowing a single device to compromise sensitive data ranging from bank and health information to even access to broader corporate assets as the line between work and home continues to blur.

It’s also important to think about the companies producing today’s top IoT devices. Often, these companies are startups, which may not have the funds to bring to bear an army of security experts and white hats to ensure secure deployments. Instead, they must rely on the hardware and software provided to them through suppliers. And commodity pricing places an enormous strain on security engineering and maintenance. Many of the IoT devices on today’s shelves are by necessity inexpensive to manufacture, which means companies are less likely to spend high dollar on security throughout the development process.

Now is the time for the technology industry to proactively address these concerns, before the threat of widespread IoT security breaches becomes a reality. The standards groups, enterprise organizations and the legions of startups and maker communities working in this area must join together and get to work on addressing the critical issue of safeguarding the IoT before it’s too late.

The good news is the tech industry recognizes that something needs to be done about IoT security, both through industry groups and at the company level. For example, the International Standards Organization (ISO) has a working group assessing how the ISO 27000 family of security standards might be adapted to address IoT security needs, while the IEEE Standards Association is working on an architectural framework that is expected to address IoT security, privacy and safety issues.

What’s also encouraging is the formation of several IoT vendor alliances, including the Thread Group, the Open Interconnect Consortium, the AllSeen Alliance and the Industrial Internet Consortium. Although each is focused on a different IoT developer and user community, all of the groups appear to be supporting the wider use of data encryption and other security measures.

Despite progress, the task of securing the IoT still faces many daunting challenges. McKinsey & Co. and the Global Semiconductor Alliance (GSA) recently reported that while some parts of the IoT landscape have well-defined standards, other aspects either have none or multiple, competing standards.
Additionally, and although helpful for handling the expected flood of IoT data, software-defined networking (SDN) is creating added security concerns because of its use of multiple communications channels and remotely located computing resources.

Advances in autonomous driving — such as those that will require cars to connect to each other and to roadway infrastructure — will spur the need for more robust safety, security and risk mitigation.
Lastly, and most importantly, leading technology companies still haven’t fully committed themselves to finding solutions for securing IoT applications.

If today’s titans of technology won’t step up to secure the IoT, that vital endeavor may fall to the multitude of startup companies that are fueling much of the industry’s current growth. Gartner estimates that by 2017, more than half of all IoT products and services will be developed by companies less than three years old. And while some of these newcomers are likely to have formidable technical expertise, many will lack the knowhow or capability to implement the tight security that is needed.

As an industry, how can we support this new generation of technologists and equip them with the deep expertise and context necessary to create a truly secure IoT?

  • First, we should encourage them to collaborate more closely with silicon vendors’ software, hardware and manufacturing ecosystems. Chip vendors and their partners can be invaluable guides for inexperienced product developers learning to navigate the complex array of available security standards and components.
  • We also can do better at education. A primary example of how this is being addressed is the establishment of security labs, such as those launched by Microsoft, Breed Reply and Indiegogo, where developers and partners can get hands-on access to systems and test beds to help advance development. Participants learn that security must be considered from the beginning of every IoT project, and should remain a priority through design, development and manufacturing — and even after the product or service is in operation.

In a perfect world, security risks and breaches wouldn’t exist. But, as virtually everything in our Internet-enabled world becomes increasingly connected, everything is becoming accessible and, therefore, potentially vulnerable. We may never fully solve that fundamental contradiction, but by working together, we can begin to build the secure IoT that the world deserves.
Techcrunch:http://http://tcrn.ch/1FNwtBL

« Reinventing CIA for the Big Data Era
Apple Is Buying Into Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.