Insufficiently secured IoT devices can become a gateway for attackers. Manufacturers, designers, developers, operators, and users must work if the digital ecosystem is secure.
An entire network can be compromised via an insecure IoT system, which can have severe consequences for IT security, personal data protection, and people’s safety. Threats from IoT systems have been around for a long time, as shown by the example of an intelligent light bulb that hackers used to access the home network.
What distinguishes these systems from a classic IT system? An IoT system includes components that interact with the physical world and influence each other. In the case of the intelligent light bulb, this would automatically switch the light on and off, saving energy.
Security And Safety Meet
Corrupted IoT systems can have similarly devastating effects on classic IT systems as traditional hacker attacks. There are also adverse effects in the physical world. For example, in cold stores, hacked devices can result in significant financial losses if cooling is disrupted. Even emergency power generators are of little help if the cause is sensors that deliver incorrect measured values. In production, this can lead to downtime, defective products, or robotic arms that can go “crazy” and injure people if hacked. It is not for nothing that security and safety meet in the ” Internet of Things. “
Even these few examples show that there are many questions to be answered if an IoT ecosystem is to be secure:
- Are the IoT devices built securely, and is security guaranteed over the lifecycle of a machine?
- Is security built into the architecture of an Internet of Things ecosystem?
- Who is responsible for protecting an Internet of Things system during construction and operation?
- Can it be detected whether unknown devices are inserted into the IoT system?
- Can attacks on the Internet of Things system be identified as such?
- What actions can be taken to prevent seizures or mitigate their impact?
Risk-Based Security Analysis Is Also For IoT
Organizations such as ENISA NIST and the ISO have dealt with it’s security for several years. Initiatives such as the Charter of Trust, IoT Security Foundation, and Council to Secure the Digital Economy also work on recommendations. These documents were created explicitly for critical infrastructures, including the ENISA Baseline Recommendations and the NIST Cybersecurity Framework. In our experience, the procedures and security measures used there can also be applied to other ecosystems, such as in buildings.
Essential factors for a secure IoT system are the excellent cooperation between device manufacturers, designers, developers, operators, and users of an ecosystem and the joint development of a model for the responsibilities and accountabilities. What is essential is a security architecture for the IoT-System to be developed at an early stage. ENISA proposes a risk-based security analysis and assessment, as is customary for IT systems. As a basis for these investigations, it is necessary to map an overview of the IoT system’s existing or planned “things.” This goes far beyond a typical management system for IT systems such as laptops and servers. There are now products and services available on the market for this systems that can accomplish such a task by maintaining catalogs of millions of different devices and recognizing and “tracking” them from the information sent.
The necessary security requirements and measures are defined in the security architecture. In contrast to traditional IT systems, it is not possible to use standard efforts, such as authentication, with IoT devices such as sensors. In this systems, the data from the sensors is not only collected and functionally processed in the gateway. Appropriate measures must also be taken here to ensure the data’s confidentiality, integrity, and authenticity.
Finally, the processes and procedures for the secure operation of the system are developed in the security architecture. These must be implemented accordingly during the lifetime of the IoT system and checked regularly.
Advances In Health Care
The procedures and measures presented contribute significantly to security in IoT ecosystems. However, improving it’s security can currently be seen, especially in heavily regulated areas such as healthcare when handling personal data or in critical infrastructures.
There is often a lack of incentives to create secure it’s ecosystems in other areas, especially since responsibilities are often not clearly defined. Here, the initiatives mentioned, together with legislation, standardization, and market requirements, can improve interoperability between IoT systems and better integration of security measures “by design” in the medium and long term.
Also Read: The Challenges In Internet Of Things