The proliferation of different devices, networks, platforms and
applications to support the Internet of Things (IoT) multiplies the
vulnerabilities and potential for malicious attacks to utilities and
other entities across various sectors. The only reason there have not
yet been serious IoT breaches is because the IoT has not yet been
deployed in large-scale consumer or enterprise applications that make
them attractive to attackers, according to Beecham Research.
"Traditional M2M (machine-to-machine) applications are typically very
focused, using specific edge devices, a single network and custom
platform, making it relatively easy for security professionals to secure
to the acceptable level," said Professor Jon Howes, technology
director, Beecham Research. "But the IoT cuts across different sectors
and embraces multiple devices and networks -- from satellite to cellular
-- along with a growing number of IoT platforms and big data systems,
which present threats on many different levels and fronts. Wherever
there is a new interface between devices, networks, platforms and users,
there is the potential for a new weak link."
There are a number of specific internal and external threats inherent in the IoT ecosystem. When it comes to sensors and devices, the challenge is largely around identification, authentication, and authorization -- to ensure a level of trust and avoid risks such as application hijacking. There is also the threat of physical intrusion.
Sign up for our FREE newsletter for more news like this sent to your inbox!
"Using differential power analysis, it is well known that by
'listening to' very small changes in power consumption when different
calculations are performed in a chip, it is possible to work out an
encryption key," Howes explained.
The main threat at the network level comes at the interface between different types of networks.
"With a mix of fixed, satellite, cellular and low power wireless networks as well as personal and body area networks, the challenge is to secure the transfer of multiple streams of data between selected networks without exposure of key secrets or equipment control," said Howes. "The benefits of IoT, by definition, rely on lots of data with high levels of searchability and analysis, but this also means that the data must exist in plain text, which presents multiple threats -- not least from insider attacks from sysadmins and authorized users."
While there are efforts underway to secure different parts of the IoT, Beecham said there lacks a connected approach.
"We talk about the need for a deep root of trust in security and this is even more critical in a complex, connected IoT ecosystem," said Howes. "This starts at device level with sensors and microcontrollers and continues through the networks, platforms and into the cloud. It's a massive jigsaw and every piece has to deliver a level of trust to ensure end-to-end security and integrity."
IoT security is significantly more complex than existing M2M applications or traditional enterprise networks.
"Data must be protected within the system, in transit or at rest, and significant evolution is required in the identification, authentication and authorization of devices and people," said Robin Duke-Woolley, CEO, Beecham Research. "We must also recognize that some devices in the field will certainly be compromised or simply fail; so there needs to be an efficient method of secure remote remediation -- yet another challenge if the IoT is to live up to expectations."
For more:
- read this article
 |
|
IoT Security Threat Map. Click on image to enlarge. Credit: Beecham Research |
There are a number of specific internal and external threats inherent in the IoT ecosystem. When it comes to sensors and devices, the challenge is largely around identification, authentication, and authorization -- to ensure a level of trust and avoid risks such as application hijacking. There is also the threat of physical intrusion.
The main threat at the network level comes at the interface between different types of networks.
"With a mix of fixed, satellite, cellular and low power wireless networks as well as personal and body area networks, the challenge is to secure the transfer of multiple streams of data between selected networks without exposure of key secrets or equipment control," said Howes. "The benefits of IoT, by definition, rely on lots of data with high levels of searchability and analysis, but this also means that the data must exist in plain text, which presents multiple threats -- not least from insider attacks from sysadmins and authorized users."
While there are efforts underway to secure different parts of the IoT, Beecham said there lacks a connected approach.
"We talk about the need for a deep root of trust in security and this is even more critical in a complex, connected IoT ecosystem," said Howes. "This starts at device level with sensors and microcontrollers and continues through the networks, platforms and into the cloud. It's a massive jigsaw and every piece has to deliver a level of trust to ensure end-to-end security and integrity."
IoT security is significantly more complex than existing M2M applications or traditional enterprise networks.
"Data must be protected within the system, in transit or at rest, and significant evolution is required in the identification, authentication and authorization of devices and people," said Robin Duke-Woolley, CEO, Beecham Research. "We must also recognize that some devices in the field will certainly be compromised or simply fail; so there needs to be an efficient method of secure remote remediation -- yet another challenge if the IoT is to live up to expectations."
For more:
- read this article
Nenhum comentário:
Postar um comentário