Let’s make 2018, the year of security for the Internet of Things

Last updated: 09 March 2018

It is time for the IoT to realise its potential. We have been speaking about it for years and there are already tens of thousands of ingenious applications and projects around the world. Now is the time for it to scale.

Multiple factors are converging that suggest we are about to see real gains with the IoT. Healthcare, smart buildings and cities, manufacturing, transport and automotive are all seeing initial IoT deployments move well beyond proof of concept. Future-oriented firms are already using the IoT to deepen their understanding of their own businesses, inform their strategies and create more value for their customers.

In my mind there are three main aspects of the IoT that still need to be resolved. These are connectivity, interoperable standards and security.

Connectivity and Standards

5G is edging closer and closer thanks to the various LTE categories deployed across businesses and industries. At Mobile World Congress we saw significant announcements from network infrastructure vendors and major telecoms operators about software defined radio. No doubt, 5G will kick in commercially in a more pervasive and incremental way compared with previous generations. Low-power technologies are developing at a high pace, making it possible for a multitude of devices and sensors to speak to each other over incredible distances. And these devices need very little human interaction once embedded thanks to extended lifecycles and remote maintenance. This all brings incredible potential for the IoT ecosystem.

Though it is probably correct to say that there are still too many IoT standards, manufacturers and providers are getting better at building interoperable systems.

The final crucial factor that is too often ignored—through complexity rather than ignorance—is security.

The IoT threat landscape

We have lived through two decades of Internet hacks and attacks. And things  continue to get worse. With the Internet of Things still a new concept to many, we now have a chance to protect ourselves from suffering the same large-scale data breaches that cripple companies.

What gives us cause for concern is the threat is at once frivolous and incredibly severe. A botnet could be hired to take down a website from a disgruntled customer. But it could also attack critical national infrastructure such as a national power grid or a hospital.

There are times when the security challenge appears daunting—even for those companies with dedicated security personnel. But if you break processes down, and implement security piece by piece, everything becomes more manageable. Implementing properly secure infrastructure has a cost, this is clear. But not securing or not doing it properly can prove to be much more costly. Companies need to seriously consider what they can be exposed to. This includes things like device cloning, device repurpose, data manipulation or unauthorised service access. Each of these can lead to pure revenue or customer loss, ransomware incidents and brand reputation damage.

Building a more secure IoT

The first step is for companies to get a sense of their own risk profile. This will underpin everything they then do to ensure their IoT deployments are secure, with the adequate level of security.

From here they can think about:

  • Introducing network segmentation – not all IoT solutions need to be connected to the Internet. In a hospital a doctor could get real-time information from connected machines, that aren’t vulnerable to hackers.
  • Security by design – product designers need to develop products that are secure from conception, and able to evolve to face emerging new threats in the years to come.
  • Replacing legacy products – some devices are simply too old to be able to be managed adequately. In this case, you should likely invest in new equipment, even if there are cost implications.
  • Understanding their inventory – If a new threat is detected, can you be sure which of your products are affected?

Making the case for regulation

IoT technology is diffused across its ecosystem. We have device manufacturers, network providers, software developers and many others. Is it feasible for them all to come together to agree on a single path forward? Probably not, and that’s where government regulation will likely become very useful.

Recent Gemalto research from October 2017 found that more than two-thirds of consumers and almost 80% of organizations support governments getting involved in setting IoT security.

To be truly effective, specific regulation is needed per vertical as challenges can really differ from one sector to another depending on the assets at risk. The BSI (the German Federal Office for Information Security) is a great example of a body which is working closely with the public and private sectors to develop a new generation of standards. While, in the U.S. NIST (National Institute of Standards and Technology)recommends the renewal of connected devices’ access keys on a regular basis.

The goal of these standards is to allow the ecosystem to grow in a healthy and secure manner.  The work they, and others alike, are doing will allow the IoT to thrive, whether that’s in the built environment, across infrastructure and transport and mobility, or in new fields like health and social care.

The path towards a secure IoT

Success in the Internet of Things relies on trust: the ability to trust in reliable and untampered connected devices, as well as data integrity throughout. This is key to allow companies and individuals to make more informed decisions, with clear conscience.

Security must always remain at the core of everything in both present and future applications. There will always be exploits and vulnerabilities, so companies need to view security as an on-going concern throughout a product or service’s lifecycle rather than a one-off step in its development.

I am convinced the IoT has the potential to change everyone’s lives for the better. There are dramatic gains to be made in terms of convenience and productivity, even more with the emergence of AI and machine learning. There is too much at stake for this grand project not to be realised, and it would be a crying shame if people turned their back on the IoT because the security risks were too great. We must come together to create a secure Internet of Things. My question to you is, are you ready to contribute to this common goal??

Leave a Reply

Your email address will not be published. Required fields are marked *