Who Will Step Up To Secure The Internet Of Things?

Uploaded on 2015-10-13 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Internet of Things

The Internet of Things (IoT) presents a significant mix of opportunity and risk. Compared to the connected devices of the past, the gazillions of new IoT devices that are being predicted for our homes, transportation, cities, medical devices and elsewhere represent a unique set of security challenges for both companies and their users.

To start, IoT devices significantly expand the attack surface. Hackers can easily purchase any IoT device, which will often contain the same security features of other, identical devices already deployed in hundreds or even thousands of homes. Unlike servers or networking equipment, which are usually hacked through remote access points and reside in protected and monitored environments, IoT devices are more accessible to malicious threat actors.

The widespread availability and proliferation of these devices means that once a device is compromised, it’s very difficult for a company to flip a switch and update the millions of devices just like it sold around the world. It also means that hackers can use one insecure device to leapfrog their way into broader connected networks, allowing a single device to compromise sensitive data ranging from bank and health information to even access to broader corporate assets as the line between work and home continues to blur.

It’s also important to think about the companies producing today’s top IoT devices. Often, these companies are startups, which may not have the funds to bring to bear an army of security experts and white hats to ensure secure deployments. Instead, they must rely on the hardware and software provided to them through suppliers. And commodity pricing places an enormous strain on security engineering and maintenance. Many of the IoT devices on today’s shelves are by necessity inexpensive to manufacture, which means companies are less likely to spend high dollar on security throughout the development process.

Now is the time for the technology industry to proactively address these concerns, before the threat of widespread IoT security breaches becomes a reality. The standards groups, enterprise organizations and the legions of startups and maker communities working in this area must join together and get to work on addressing the critical issue of safeguarding the IoT before it’s too late.

The good news is the tech industry recognizes that something needs to be done about IoT security, both through industry groups and at the company level. For example, the International Standards Organization (ISO) has a working group assessing how the ISO 27000 family of security standards might be adapted to address IoT security needs, while the IEEE Standards Association is working on an architectural framework that is expected to address IoT security, privacy and safety issues.

What’s also encouraging is the formation of several IoT vendor alliances, including the Thread Group, the Open Interconnect Consortium, the AllSeen Alliance and the Industrial Internet Consortium. Although each is focused on a different IoT developer and user community, all of the groups appear to be supporting the wider use of data encryption and other security measures.

Despite progress, the task of securing the IoT still faces many daunting challenges. McKinsey & Co. and the Global Semiconductor Alliance (GSA) recently reported that while some parts of the IoT landscape have well-defined standards, other aspects either have none or multiple, competing standards.
Additionally, and although helpful for handling the expected flood of IoT data, software-defined networking (SDN) is creating added security concerns because of its use of multiple communications channels and remotely located computing resources.

Advances in autonomous driving — such as those that will require cars to connect to each other and to roadway infrastructure — will spur the need for more robust safety, security and risk mitigation.
Lastly, and most importantly, leading technology companies still haven’t fully committed themselves to finding solutions for securing IoT applications.

If today’s titans of technology won’t step up to secure the IoT, that vital endeavor may fall to the multitude of startup companies that are fueling much of the industry’s current growth. Gartner estimates that by 2017, more than half of all IoT products and services will be developed by companies less than three years old. And while some of these newcomers are likely to have formidable technical expertise, many will lack the knowhow or capability to implement the tight security that is needed.

As an industry, how can we support this new generation of technologists and equip them with the deep expertise and context necessary to create a truly secure IoT?

  • First, we should encourage them to collaborate more closely with silicon vendors’ software, hardware and manufacturing ecosystems. Chip vendors and their partners can be invaluable guides for inexperienced product developers learning to navigate the complex array of available security standards and components.
  • We also can do better at education. A primary example of how this is being addressed is the establishment of security labs, such as those launched by Microsoft, Breed Reply and Indiegogo, where developers and partners can get hands-on access to systems and test beds to help advance development. Participants learn that security must be considered from the beginning of every IoT project, and should remain a priority through design, development and manufacturing — and even after the product or service is in operation.

In a perfect world, security risks and breaches wouldn’t exist. But, as virtually everything in our Internet-enabled world becomes increasingly connected, everything is becoming accessible and, therefore, potentially vulnerable. We may never fully solve that fundamental contradiction, but by working together, we can begin to build the secure IoT that the world deserves.
Techcrunch:http://http://tcrn.ch/1FNwtBL

« Reinventing CIA for the Big Data Era
Apple Is Buying Into Artificial Intelligence »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

Reveald

Reveald

Reveald is making Exposure Management a reality to solve the biggest challenges in cybersecurity with a trailblazing ‘offense to defense’ approach that gives the advantage back to the business.

UFS Technology

UFS Technology

UFS, the bank technology outfitter for community banks, provides purpose-built, bank-exclusive technology services and solutions including cybersecurity.