How to manage Internet of Things (IoT) security in 2019

September 26, 2019 | Mike Feeney

turned-on charcoal Google Home Mini and smartphone

 Photo by BENCE BOROS on Unsplash

The challenges of IoT security

Welcome to the world of Internet of Things (IoT) and a glimpse into the future. The IoT is where the physical world merges with the digital world. Soon, we expect the world IoT population to outnumber the human population tenfold—perhaps as many as 80 billion connected devices by 2025.

As you witness the accelerating global and economic growth of IoT you are probably wondering how you and your business will connect and take part in the multi-trillion dollar opportunities that will be created by it.

It means different things to everyone—from a connected car to a smart lamppost, a wearable health monitor, or a robot on the assembly line of a factory floor. It might even be ‘connected dirt’—with swarms of small, solar-powered sensors on the fields of a farm.

No matter which way you do it, there’s a daunting task ahead: the acceleration of IoT, combined with the diversity of these devices, their different capabilities, and the many places and ways they can be deployed—make security a unique challenge.

What you need is a consistent way to establish and maintain security for all aspects of the IoT deployments you envision for the future of your business.

This is within your reach, by adopting a holistic, multi-layered approach to protect your IoT ecosystem, your other valuable assets they connect to, as well as the physical world they reside in.  

Solutions for your Internet of Things security needs

Protect your IoT with a layered approach.

Every IoT ecosystem has its own distinct security needs. Even for a single client, seemingly similar IoT deployments may have different underlying designs. For example, a factory built today may have a radically different design from the one built just a few years ago. This means a combination of different solutions may be needed to help provide  security for each of them.

A thorough security assessment of IoT is a multi-layered process. Every layer needs care and attention. Some endpoint devices are complex, with multiple ways to access the internal functions of the device. Others are simple, years behind smart phones with regard to security. Do you know your devices’ security capabilities?

Endpoints may connect with each other, to and through gateways, to other networks, on the Internet, and to the cloud. They may use connections that include wired, wireless, short-range, cellular, and satellite. What could potentially disrupt them from communicating?

To make your IoT deployment successful, data from your devices must be acquired, transported, processed, and consumed. How are you providing for trust and appropriate access to your vital data and applications?

Realize that some IoT ecosystems can vary wildly from a traditional IT environment. Industrial IoT deployments use operational technology which flips the script on the classic model for information security. Availability and integrity are the priority, while confidentiality isn’t typically a consideration. This requires specialized passive scanning tools to perform assessments. Slight disruption to manufacturing or utility processes turn into massive financial loss. An example of this is a factory that produces a pickup truck every minute—it cannot afford downtime. Life-sensitive devices will affect remediation and response plans. So for example, a connected healthcare device like an insulin pump—even if you think someone is accessing the data, you wouldn’t want to disable the device.

What’s your formal plan for handling threats to your devices? Have you tested it yet?

Highly secure the connections to your other network assets.

By its very definition, the IoT implies your devices will connect to the outside world—and so the world potentially has access to your devices, and everything else they are connected to.

You need to assess how your IoT networks are connected to your traditional IT networks. Did you create your IoT networks with a plan in mind, or did they grow ad-hoc as you deployed new devices? Do you know the best way to segment them, and optimize how they interconnect?

A single opened phishing email can disrupt the entire profit-center of your business.  How well are you providing security for your traditional IT assets as well as preventing corruption to your IoT ecosystem?

Assess the physical risks methodically

Many organizations are not aware of the large number of IoT devices they are already using, and how those devices can affect cybersecurity, privacy, and human risks. IoT devices can sense or even alter their environment. So device-to-device, device-to-system, and device-to-human interactions should be analyzed and addressed for potential risk and severity.

Potential threats include humans, vehicles, biohazards, and natural disasters. IoT can be susceptible to sabotage, theft, or contamination. Do you have a plan for when devices are damaged, destroyed, or stolen?

Dependency and proximity hazards also become a consideration. For example, water treatment facilities are most dependent on their connection to the power grid. A hack to a tornado warning system can result in the overload of the 911 call system, causing widespread panic. Have you yet anticipated those possible outcomes, to plan against a domino effect?

Economic impacts may go beyond just your location to the surrounding region and population. Have you considered yet what those impacts could be?

This is a lot to think about. However these challenges aren’t going to change over time. So the question is: Do you really want to wait, or are you ready to start capitalizing on the promise of IoT now? How will you protect your future in the world of IoT? 

IoT security best practices to keep in mind

  1. Discover what IoT actually looks like for you now, and in the future. Generate an inventory of the IoT devices you have, and how those devices can affect cybersecurity, privacy, and human risks.
  2. Make IoT an integral part of your cybersecurity program.
What used to be a common practice of ‘connect it first, secure it later’ is not feasible. Conduct end-to-end cybersecurity risk assessments that consider IoT as part of your overall risk.
  3. Remember that IoT security requires a layered approach. You want to make sure your endpoint devices, their communications (wired and wireless networks and gateways), as well as their data and applications are highly  secured. 
  4. Be aware of your IoT ecosystems’ risks in the physical world.
Thorough IoT security assessments should ideally include the physical environment, and the risks posed to your connected devices by threats that may include humans, vehicles, biohazards, and natural disasters.

Conclusion: Where do we go from here?

As the IoT continues to accelerate, it will provide more new and exciting ways to transform and grow your business. The future of IoT will expose you to a new world of opportunities—as well as new security risks and considerations. You don’t have to wait to provide security to the IoT to benefit your business—you just need to take the right approach.

The best time to join the future world of IoT is right now.

Mike Feeney

About the Author: Mike Feeney

Mike has a degree in Physics and over 26 years of professional experience in cyberspace. He started with AT&T in 1996 and is the AT&T Cybersecurity Consulting Practice Lead for Internet of Things solutions.

Read more posts from Mike Feeney ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial