IoT Connectivity is Going Prime Time But Security is Lagging: Department of Homeland Security
Manufacturers and consumers alike continue to embrace the efficiency and personalized service of the multitude of network connected devices known collectively as the Internet of Things or IoT. Connected devices are now performing processes which were immune from malicious cyber activity because they were accomplished manually. The Department of Homeland Security is working to raise IoT security awareness in the wake of increased distributed denial of service attacks perpetrated by malicious actors, to protect the nation’s critical infrastructure.
IoT Benefits vs. Risk
The immense opportunities and benefits of IoT must be balanced by appropriate security measures which are keeping pace with IoT technology, which according to DHS, is not the case at the present. DHS notes in their document Strategic Principles For Securing the Internet of Things that last year parts of the power grid in the Ukraine were temporarily disabled due to security failures caused by vulnerabilities in connected devices. The DHS document explains that national dependence on properly functioning networks, now driving life-sustaining activities, makes IoT security a priority homeland security issue.
DHS Security Recommendations
DHS has developed a security strategy for IoT service providers, manufacturers, developers, and industrial and business consumers including the US government:
- Incorporate Security at the Design Phase - Avoid rushing new devices to market quickly without considering security vulnerabilities.
- Advanced Security Updates and Vulnerability Management - Flaws discovered after product deployment need to be continuously corrected with patching updates.
- Build on Proven Security Practices - Apply proven and tested security practices used successfully in traditional IT and network applications.
- Prioritize Security Measures According to Potential Impact - Focus on potential disruption consequences for each individual IoT application to prioritize security measures.
- Promote Transparency across IoT - Know your supply chain, and be aware of vulnerabilities in IoT devices produced by third-party vendors outside of your organization.
- Connect Carefully and Deliberately - Carefully consider whether continuous connectivity is needed. Balance utility of the IoT device against the risks of consequences associated with its disruption. This is especially important for industrial consumers.
The IoT Security Foundation and IBM Respond
On November 6th the IoT Security Foundation will be holding its event “ IoT Security in the Enterprise – From Concrete Jungles to Smart Cities ”. Sponsored by IBM in NY, speakers will be raising IoT security awareness in response to what Foundation member John Moore has called “a wicked challenge which requires all stakeholders including specifiers, purchasers, integrators, users and many more, to play an active role in ensuring system-wide security.”
At Techmedics we make it our business to stay on the leading edge of cybersecurity technology in the Internet of Things as well as traditional IT fields. Check out our homepage for more information about how we can help your business meet "the wicked challenge" of IoT security.