Security in the IoT is a massive subject – there are many ways to organize security in a tiny IoT machine, and unfortunately, there are even more ways of hacking them.
Failure to apply a structured security architecture to the IoT will mean many IoT projects will fail to happen. This white paper from Rethink’s Riot puts a timescale on how long it will take to put strong security in place and list some helpful steps to ensure IoT can continue apace.
Most security publicity is about disasters which happened in IoT security and this looks set to continue for a few years yet – cyberattacks by Russian hackers; the CIA stockpile of zero-day software defects; the BlackEnergy Trojan which savaged electrical output in the Ukraine; the Furtim’s Parent malware found infecting European utilities; and the infamous the Fiat-Chrysler Jeep Hack which took control of a car remotely and in real time.
These all either hijack IoT devices to stage an attack, or are attacks on industries poised for major IoT upgrades.
This 25 page white paper walks you through the potential security futures for utilities and automakers, sectors which face huge problems in the short-term. As key industries enter transition periods, there will be terrible consequences if security does not improve.
Failure means electricity blackouts, runaway vehicles, and global botnet-inflicted service outages. The ability to update software in real time, among industries which are accustomed to once-in-a-decade updates, is essential.
A new generation of over-the-air updates are needed, centered on securing communication links, devices in the field, and cloud-based platforms – using strong authentication and established PKI cryptography and security certification – at the very least. To secure the cellular industry, it took a huge effort to create the Java-card-based SIM, and IoT needs something every bit as secure.
As the number of IoT interactions and touch-points increase, so does the risk of successful attacks. In time, machine-learning and other AI-based applications will help to monitor these growing platforms, but in the short-term, these deployments could end up riddled with potential vulnerabilities.
Fail to protect them and these industries, and indeed the IoT generally, will fail to take off…