It Can’t Be Said Enough: Security Is Job One on the IoT

Carl Weinschenk
Slide Show

10 Best Practices for Sharing Sensitive Information with Vendors

The potential for big problems on the Internet of Things (IoT) makes for scary reading. Last week, The Internet Society released a document titled, “The Internet of Things: An Overview - Understanding the Issues and Challenges of a More Connected World.” It puts security at the top of the list of vital IoT topics, according to a blog at the society’s website by Karen Rose, the society’s senior director, Office of Strategy & Research:

As you will see in the document, we believe the security in the Internet of Things is perhaps the most significant challenge and we believe ensuring security in IoT must be a fundamental priority. Poorly secured IoT devices and services can serve as potential entry points for cyber attack and expose user data to theft by leaving data streams inadequately protected. A proliferation of poorly secured devices also has the potential to impact the security and resilience of the Internet globally.

The challenge must be faced at several levels. Lev Lesokhin, the executive vice president of Strategy at CAST, makes a very important point at Dark Reading. The IoT, he writes, is not introducing security vulnerabilities. Rather, it is increasing the possible damage that will occur when long-known vulnerabilities are multiplied by the huge increase in sensors and other elements that are deployed.


The situation is made worse for two reasons: Many of these devices perform very important – in many cases, life-controlling – tasks while they, at the same time, must be extremely inexpensive (after all, millions of sensors and related items must be produced). The need to cut costs to the bone can limit attention to security.

Lesokhin offers five rules for IoT software development: Proper code review and repeat testing is key; software assurance is vital; management should share some risk responsibility; organizations should “up the game” for structural quality analysis; and software quality and security should be prioritized.

With a bit of good news, Manufacturing.net reports on Verizon’s “State of the Market: The Internet of Things 2015” report. It suggests that the physical security of an industrial plant or any mission-critical facility can be improved by using the IoT.

Data Security

Of course, no story on IoT security can be entirely free of dire warnings. The piece points to Sansa Security’s take that the IoT will lead to the death of the password. Simply, cloud-based password-cracking techniques will be capable of making as many as 300 million attempts in 20 minutes. Even a strong password won’t withstand that pressure for long (and the death of the password is, frankly, not really bad news).

The broad IoT industry knows the importance of security and is moving forward, it seems. Today, the AllSeen Alliance used its meeting in Seattle to announce security updates to the AllJoyn open source framework. The consortium, which is working on the AllJoyn framework for the IoT, said that it has updated encryption, authentication and device authorization. The deals are available at the AllSeen site.

At the highest level, the key here seems to be building robust security into the IoT at all levels from the ground up. Security as an afterthought, as per usual, is not likely to accomplish much.

Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.



Add Comment      Leave a comment on this blog post
Oct 19, 2015 11:58 PM Tony Tony  says:
I believe the responsibility of IoT security lies with a specialized IoT networking hub such as a router.Most IoT devices don't have the computing or battery power to handle data security effectively. On top of that, most IoT companies don't understand security - it's not their core competency and they are likely to not implement it well or keep it up-to-date.If we rely on each IoT device to handle their own security, then the security of IoT becomes a weakest link problem, which is very dangerous. All it takes is one device with a security flaw to expose the whole network.NetNinja is a good example of a specialized IoT secure network hub. It is a portable or home router that IoT devices can connect to it over WiFi. All inbound and outbound data is encrypted over VPN, so that IoT devices operate safely inside an encrypted firewall. All external network traffic is secure and limited to a single device designed to handle security effectively. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.