Cellular wireless technologies advancements (like LPWA and 5G), powerful IoT application platforms (like Microsoft IoT Central), secured IoT connectivity platforms (like AirVantage) and all-in-one IoT infrastructure solutions (like Octave™) are making it easier than ever for companies to deploy transformative new IoT applications. Yet, as the use of new industrial asset monitoring, predictive maintenance, smart energy, Internet of Medical Things (IoMT) and other IoT applications expands, so does the threat landscape for these applications.
Given this expanding threat landscape, and the growing number and sophistication of cyberattacks, how can organizations deploy IoT applications in a secure manner that protects them end-to-end — from edge-device to network to cloud?
IoT security is complicated, and no single article can provide you with all the information you need to implement a robust IoT security strategy that will address all your IoT applications’ vulnerabilities. However, by answering some basic questions on IoT security and pointing you to other resources on how to minimize your IoT cybersecurity risk, this will help you better understand what a robust IoT security strategy looks like, and provide you with some actionable steps you can take to implement such a strategy.
Criminals seeking to ransom your data, competitors trying to steal your trade secrets, a rogue state actor seeking to advance their nation’s interests, a bored hacker that wants a little excitement, and other malicious actors all pose threats to your IoT applications.
Sometimes these malicious actors want to access the data generated and transmitted by your IoT applications. Other times they want to use these IoT gateways as an entry way to data on your other enterprise systems – as illustrated by the famous examples of criminals using a smart fish tank to gain access to a casino’s internal IT systems, and using a HVAC system to steal Target’s customer data. Hackers might even just be seeking to use your IoT devices to launch attacks on other organizations’ IT systems, as when the Mirai botnet took over IoT devices to launch an attack on Dyn, a domain name system (DNS) services provider, that ended up bringing down Twitter, Netflix, CNN and other sites that used Dyn’s services.
As these examples demonstrate, criminals attack IoT applications for multiple reasons, using multiple techniques. If you have an IoT application, you need an IoT security strategy that helps minimize the chances of all these types of attacks succeeding.
An IoT security strategy uses security technologies and processes to prevent IoT attacks, detect them when they do occur, and mitigate the extent and damage of these attacks.
A strong IoT security strategy should protect IoT applications end-to-end – from the Smart IoT module, router or other edge device to the Ethernet, Wi-Fi, cellular or other networks – these devices use to transmit data, to the cloud that gathers and analyzes this data and manages the edge devices.
This protection also needs to go beyond protecting just the IoT application’s data – as illustrated by the smart fish tank, Target and Mirai botnet example above, criminals might want to use your IoT application’s devices, network, or cloud to penetrate or attack your own IT systems or other organizations’ IT systems.
While many of the challenges that organizations face in securing their IoT applications are like the challenges they face in securing their business productivity, Enterprise Resource Planning, mobile and other applications, IoT security also poses its own unique challenges.
One of the biggest challenges in IoT security is the quantity of interconnected “things.” Beyond traditional IT infrastructure, the exponentially larger number of connected things increases the potential attack surface, thus creating more potential security issues. In fact, Gartner predicts there will be more than 15 billion IoT devices connected to enterprise infrastructure by 2029.
Many IoT devices have much longer expected lifetimes – 10 to 15 years or more – than the laptops, smart phones and other devices used for these other applications. This means that these devices need to be designed so they can be upgraded with security patches years in the future. This can be difficult with IoT devices, as many of these devices depend on battery power, and security upgrades use up a IoT device’s power when they are transmitted to the device.
In addition, unlike the devices used for other types of applications, many IoT devices are in places (on a pipeline, a power line, a roof, inside a piece of industrial equipment) that are difficult for people to access. This makes it important that IoT security technologies can be configured and managed remotely – sending a technician to physically connect to each device to update its security is likely to be extremely time-consuming and expensive.
IoT devices also gather data from things – hot-water heaters, air compressors, liquid fertilizer tanks – that have not had data collected from them before. Unlike computers and smartphones, these things might not have security technologies built into them, and your IoT security strategy needs to account for this.
The new 5G cellular wireless standard offers faster data speeds, lower latency and other advantages over previous wireless standards. In doing so it does not change the way that enterprises should approach IoT security, so much as expand the IoT threat landscape with more data, more devices, and more use cases.
In some small ways, 5G does make it easier for enterprises to secure their IoT applications, since it enables mobile network operators to “slice” their spectrum to offer private cellular networks to these enterprises, separate from public cellular networks.
However, overall enterprises should see 5G as another driver to implementing a strong IoT security strategy. One that may be more complex to implement, since with 5G they are likely to have to protect more IoT devices, data, and applications than they did before.
Cybersecurity is a complex subject, and the strategy for IoT security should reflect the specific security requirements of the IoT application and use case for which they are designed. This makes it difficult to provide you with all the information you need to implement a strong IoT security strategy – especially one that features Defense-in-Depth, with multi-layered device, network, and cloud protection — in a single blog post.
However, by following these best practices, you can strengthen your IoT security strategy and lower the probability that an IoT cyberattack will succeed in penetrating your defenses and disrupting your operations.
The industry organizations, research firm reports, media articles and other content below can provide you with further guidance on IoT security:
In addition, these Sierra Wireless white papers, eBooks, podcasts, and webinars can help you better understand how to design and implement a strong IoT security strategy that features Defense-in-Depth:
Finally, Start with Sierra and contact us directly to talk about your IoT security needs, and how our IoT solutions, services, and expertise can help you protect your IoT applications from cyberattacks, freeing you to focus on maximizing your applications to unlock value in today’s connected economy.
Get innovation delivered to your inbox. Sign up for our blog and stay on top of the very latest from Sierra Wireless.