Securing the Internet of Things

The current Internet of Things has been described by the critical infrastructure industry as a slow-motion train wreck. As an industry it is therefore critical that we re-evaluate the importance of security in out products, where security needs to be integrated, the value of the services security can deliver, and the consequences of being compromised to our customers and our shareholders.

Securing the Internet of Things

The Internet of Things is a huge market for the next generation of connected devices across many markets including Integrated Transport, Industrial Internet, Smart Cities, Smart Home, and Future Medical. In most cases these markets will require significant usage of Big Data, directly and via the Cloud to power real-time decision-making and drive efficiency. Unfortunately all of these applications are predicated on having trustworthy data and hence even the threat of data becoming polluted with incorrect or corrupted information has the potential to inflict significant harm on both real-world applications and future purchasing decisions.

Threats

There is much hype in the media about potential threats to the IoT, and it is important to separate fact from fiction. However we know that many weaknesses and attack surfaces do exist in existing systems, and we must work to resolve today’s issues whilst also evolving better protection for tomorrow.

Naturally threats must be measured and protection balanced against likelihood of attack, ease of attack, and the consequences of attack. Some attacks, such as Stuxnet are low-likelihood, difficult to achieve, but have massive consequences. We also know that attacks against critical infrastructure are high-likelihood, relatively easy to attack today, and potentially have catastrophic consequences, with the US power grid recently found to be riddle with compromises. Security must be right-sized to the application, risk of attack, and consequences of attack, but ultimately an argument can be made that security must be present in every IoT design.

Security comes in many flavours but in this paper we will focus on two critical areas of device security – namely securing devices and securing the applications running on these.

(ID:44323797)