Published   Riot

Enterprise IoT Security

A primer – The current reality, and the storm ahead

“Security in the IoT is a massive subject – there are many ways to organize security in a tiny IoT machine, and unfortunately, there are even more ways of hacking them. Failure to apply a structured security architecture to the IoT will mean many IoT projects will fail to happen.”

This white paper puts a timescale on how long it will take to put strong security in place and list some helpful steps to ensure IoT can continue apace.

Most security publicity is about disasters which happened in IoT security and this looks set to continue for a few years yet – cyberattacks by Russian hackers; the CIA stockpile of zero-day software defects; the BlackEnergy Trojan which savaged electrical output in the Ukraine; the Furtim’s Parent malware found infecting European utilities; and the infamous the Fiat-Chrysler Jeep Hack which took control of a car remotely and in real time.

These all either hijack IoT devices to stage an attack, or are attacks on industries poised for major IoT upgrades.

This paper walks you through the potential security futures for utilities and automakers, sectors which face huge problems in the short-term. As key industries enter transition periods, there will be terrible consequences if security does not improve.

Failure means electricity blackouts, runaway vehicles, and global botnet-inflicted service outages. The ability to update software in real time, among industries which are accustomed to once-in-a-decade updates, is essential.

A new generation of over-the-air updates are needed, centered on securing communication links, devices in the field, and cloud-based platforms – using strong authentication and established PKI cryptography and security certification – at the very least. To secure the cellular industry, it took a huge effort to create the Java-card-based SIM, and IoT needs something every bit as secure.

As the number of IoT interactions and touch-points increase, so does the risk of successful attacks. In time, machine-learning and other AI-based applications will help to monitor these growing platforms, but in the short-term, these deployments could end up riddled with potential vulnerabilities.

Fail to protect them and these industries, and indeed the IoT generally, will fail to take off…

For more information contact:

Chloe Spring (Marketing Manager): [email protected]

Office Phone: +44 (0)1179 257019

Annual subscription to Riot:

1-5 User License $1,850

Corporate License $3,700

Subscribing to Riot for the same price, includes 10 more forecasts a year on IoT technologies.

1) Setting the Scene

Introduction & Abstract p.3
The State of Security Today p.4
Incentives for Change p.6


2) Utilities, Smart Grid, & Industrial IoT p.8

Smart Grid Utilities: BlackEnergy and Furtim’s Parents p.9
Industrial; air-gaps and the IoT don’t mesh p.11
Primer: Stuxnet & nuclear centrifuge sabotage p.13


3) Automotive; air-gaps and new apps p.14

The Rise of OBD-II Dongles: aftermarket root-access nightmare p.15
Primer: The Fiat-Chrysler Jeep Hack p.16
The CAN Bus: unencrypted and DDoS-able p.17


4) Enterprise IT & Clouds – IoT botnets, malware, and DDoS

Primer: WannaCry and ransomware – and illustration of risk p.19
DDoS Botnets: Mirai & Hajime – emergent threats p.21
Legislation & Ecosystem Overhaul p.22
Is Containerization the Answer for IoT applications? p.23