Security in IoT devices, like any new technology, is a big challenge. Security in IoT devices potentially can include anything from the IP-connected television to intelligent sensors used on the production floor to industrial control systems at a utility or biomedical device used by a healthcare provider. The television could be an entry point to your internal network; the shop floor’s sensors and other equipment could contain information of value to a competitor; the industrial control system could have a cyber-warfare implication (such as an attack on critical infrastructure), and the clinical devices could have patient health and safety impact. Ensuring that those devices are fielded according to a secure configuration is important — and it’s equally important that they stay that way over time.
Obviously, device manufacturers can and should ultimately play a critical role in this but many don’t do enough because it is not easy. There are a few things that organizations can do to help develop and enforce a hardened configuration for the IoT devices they field. Let us hear what Mr. Ganesh Karri, CISSP, CISA, Chief Solutions Architect of Futurex has to say about this security issues.
Q. Why is IoT security so critical?
A. Due to the immense amount of data IoT devices collect, aggregate user information has become much more valuable for attackers. The introduction of malware into IoT devices can result in the large-scale capture of data, mining of sensitive information, and even the incorporation of the devices into botnets to help conduct sophisticated, distributed attacks.
Q. What are the consequence of IoT based ransom-ware attacks?
A. The consequences of IoT-based ransomware attacks are like the consequences traditionally associated with ransomware, but on a significantly greater scale. Consumers must now be concerned with the protection of their personal information on numerous devices, and awareness must increase accordingly. We need to be exceedingly careful with how we process and handle sensitive information in our IoT devices to prevent such occurrences.
Q. What can IoT administrators do to reduce the harm caused due to IOT based attacks?
A. The best way to reduce the impact of IoT-based attacks is to prevent them from the start by implementing hardened security from the point of manufacture. The use of strong cryptography to establish the foundation of trust between all deployed devices ensures all communication to and from the devices is encrypted, mutually authenticated, and has not been tampered with.
Q. What are the encryption and security techniques that provide cost-effective solutions to IoT makers?
A. Establishing a strong, PKI-based security core is the most important foundation of security for IoT devices.
Q. In the industrial internet of things (IIoT) security, what are the types of breaches that Indian SMEs should be aware of?
A. Industrial IoT attacks are like consumer-grade attacks in that the attack vectors are similar. The scope and impact of successful attacks, however, can be much greater.
Manufacturers of IIoT devices must consider security first when developing their devices, and they must also stay up to date with the latest attack vectors, industry trends, and best practices to ensure their devices remain secure.
Q. How would you describe the level of concern among enterprises about IOT security?
A. In conversations with IT executives from large, enterprise-class organizations around the world, security is universally regarded to be a major priority. For IoT manufacturers, ensuring their devices remain secure once deployed is of critical importance.
Q. What do you think the future holds for IoT security?
A. We have seen attack vectors become more prominent, more common, and more sophisticated over the past several years. These attacks will only become stronger, so organizations must maintain a forward-looking perspective when it comes to data security.
Q. How would you say the way industries and regulatory authorities interactions have changed?
A. Over the past few years, we’ve seen the partnership between industry and regulatory authorities growing stronger. We sit on several industry standard bodies to help evolve our field and act as advocates for our customers and partners.
Q. When It comes to government and defense, where huge chunk of classified data is all around, what is the hack free techniques that protect the data in storage and in transit?
A. The key to protecting in-transit data is going back to the basics: strong cryptography and a robust key management infrastructure.
Q. How would you recommend that a design or development team should look at the security scenario when there are significant cost constraints before their first prototype?
A. These teams should strongly consider the possibilities and advantages of cloud environments. A strong cloud platform will allow for rapid prototyping and proof of concepts without requiring a large of up-front capital, as opposed to more traditional approaches to early development.