Post Published On: September 25, 2018
The Internet of Things (IoT) is billions of devices with sensing or actuation capabilities, and are connected to each other via the Internet. Security has not been a high priority for IoT devices until now. With an ever-growing IoT network, it is now time to think how to secure the Internet of Things.
Security Challenges for the Internet of Things
1. Critical functionality
IoT devices such systems and appliances in a home, embedded devices etc. are also controlling the world’s transportation infrastructure, utility grids, communication systems and many other capabilities relied upon by modern society. Hence, the interruption of these capabilities by a cyber-attack could have disastrous consequences.
Once designed and built, embedded devices are mass produced. There are hundreds of thousands, even millions of identical devices. If a hacker is able to build a successful attack against one of these devices, the attack can be replicated across all of the devices.
3. Security assumptions
The engineers often wrongly assume that embedded devices are not targets for hackers. Today’s embedded design projects are often including security for the first time, and as a result, do not have experience or previous security projects to build upon.
4. Not easily patched
Most embedded devices are not easily upgraded. Once installed, they are left to execute their duties for the duration of their long life cycle.
5. Long life cycle
The life cycle for embedded devices is typically much longer than PCs or consumer devices. Devices may be in the field for 15 or even 20 years. Building a device today that will stand up to the ever evolving security requirements of the next two decades is a tremendous challenge.
6. Proprietary/industry specific protocols
Embedded devices often use specialized protocols that are not recognized and protected by enterprise security tools. Enterprise firewalls and intrusion detection systems are designed to protect against enterprise specific threats, not attacks against industrial protocols.
7. Deployed outside of enterprise security perimeter
Many embedded devices are mobile or are deployed in the field. As a result, these devices may be directly connected to the Internet with none of the protections found in a corporate environment.
Security requirements for the Internet of Secure Thing
A security solution for embedded devices must ensure the device firmware has not been tampered with, it must secure the data stored by the device, secure communication and it must protect the device from cyber-attacks. This can only be achieved by including security in the early stages of design.
There is no one-size fits all security solution for embedded devices. Security requirements must take into consideration the cost of a security failure (economic, environmental, social, etc.) the risk of attack, available attack vectors, and the cost of implementing a security solution. Features that need to be considered are: secure boot, secure code update, data security, authentication, secure communication, protection against cyber attacks, intrusion detection and security monitoring, embedded security management and device tampering detection.
To have the required security for IT systems within IoT ecosystems it is important to secure the embedded systems and its protocols by considering security in the design process. The aim is to ensure the device is protected from the advanced cyber-threats they will face now, as well as attacks that will be created in the future.
Ingram Micro Cyber Security provides a comprehensive portfolio of assessment, consultancy and training services. In addition, Ingram Micro have recently launched an IoT division. With the combined expertise of Cyber Security and IoT, Ingram Micro can help build secure IoT architecture. The aim is to address specific IoT application security challenges such as device authorization, authentication, secure communication, ensure data privacy and integrity and manage vulnerabilities. The IoT architecture solution will also be designed to prevent threats (external and internal threats) such as botnets and DDoS attacks, advanced persistent threats (APTs), ransomware, and more.
To learn more about our available services and solutions please fill in the below form: