COMMUNICATION IS THE KEY TO SECURE IoT

Daily headlines reporting on IoT security concerns, and recent cyber attacks involving connected devices may appear to paint an uncertain picture of the Internet of Things landscape. Security is indeed paramount to the success of IoT technology, and we take it extremely seriously. However, in response to suggestions in some of the press that the recent security breaches were inevitable and unavoidable, we felt that a response would be helpful.

Although security breaches make dramatic headlines in the mainstream press, within the IoT industry, we need to keep the focus on solutions. In order to achieve the maximum levels of end-to-end security for our connected devices, networks and cloud-based data, each link in the chain needs to be secured efficiently, and communication between those responsible for the different components needs to be open and effective. Read on to find out how we can work together to maximise security and keep our devices, connectivity and data safe.

Secure devices

The responsibility for protecting connected devices from cyber security and malware threats can sit with several parties, and clear communication lines alongside robust security policies are essential to ensure no part of the device is left vulnerable.

Amongst the security responsibilities of manufacturers lies personalisation – meaning individualising the devices themselves. This could be achieved via the unique identification code inside a SIM which is used to authenticate the device with the network; it could also involve authenticating the software running on the device (via some secret keys embedded in the device memory) or even real-time monitoring of memory access on the device which can help detect rogue behaviour or malware infection. In the field, installers need to make sure that they maintain the individualisation and security of the devices when installing them as part of a larger infrastructure. In particular, installers should avoid using default settings and passwords for connected systems, which can leave them open to potential attack. In a recent hack, the devices that were targeted included IP cameras with default credentials that the end user had no power to change.

Many out-of-the-box connected device systems place the responsibility of security with the end user meaning that logistics managers, IT departments and homeowners end up ultimately responsible for the security of their devices throughout the life of the system. To keep their end devices safe, it is essential they follow the recommendations of the manufacturers and installers, including systematically updating malware-prevention software, and close management of those security keys and access. Changing passwords from factory settings is only the beginning.

The security of a network is only as safe as the device it is connecting, so it is essential to get each component right in order to create the strongest links. Sensors and other connected devices need to be monitored and not forgotten, in order to prevent security breaches that could put the rest of the chain at risk.

Secure and reliable connectivity

The services and infrastructure of the connectivity partner responsible for providing the network connectivity can also provide some significant help in preventing, detecting and managing security breaches, and it is essential to choose a partner with robust security credentials.

 

• Monitoring device usage via a centralised management platform allows suspicious behaviour to be detected.  By monitoring the patterns and volume of data usage through automated capping/alerting features, it is possible to detect and suspend or block infected devices before any damage occurs to the rest of the system.

 

• A secure and private communication channel between devices and the cloud infrastructure can be created using private IP addressing, VPN and private APNs. This isolates the network from the public internet, prevents access to the management interfaces of the devices and protects against malware infection and unauthorised use. Devices which are permanently connected to the internet need robust and reliable protection to minimise the risk of security breaches.

 

• Authenticating the identity of devices in a network can help prevent devices from being spoofed or supplanted by rogue or grey-market devices. SIM-based network authentication, which is well-proven and globally deployable, can underpin device management and application level authentication.

Safe data

Once data has been collected and is stored on the cloud – it is essential that the partners responsible for that data take steps to protect it and have processes in place to manage any breaches. As John Hicklin wrote last month, ‘don’t blame the things’. Many of the breakdowns in IoT security recently reported in the press could have been prevented at some point in the chain in the ways described above. It is essential for all parties to work together to keep devices, networks and clouds safe, although we must remember that these individual parts need customised security measures in place in order for the whole chain to work securely and efficiently. By securing IoT systems properly, we can provide reassurance to our end users that their IoT is safe, leaving them free to enjoy the benefits IoT brings.