How to limit the Surface of IoT Attack?

By Neil McLellan

The advantages of using IoT like applications go back to the initial days of manned space flights where the objective was to monitor the vitals of the astronauts and shuttle telemetry. We have slowly but surely entered an era where internet has evolved from being a medium to connect PCs of hobbyist to a critical infrastructural element that is essential for almost every aspect of our daily life.

As such, the convergence of embedded IoT devices and PC/server infrastructure on a common network backbone are surfacing a new set of challenges around two very common issues:

  • Intrusion prevention
  • Virus protection

Network policies adopted by IT departments to secure the business data and PCs do not account for the different protocols and functionality available within the range of intelligent embedded devices. The intelligent embedded device must have the ability to monitor and protect itself against the threats that exist within the network while at the same time, sharing information with trusted devices in real time.

As IoT attacks surface spans across the traditional IT ecosystem, the knowledge required to mitigate any security vulnerabilities would require excess of security posturing of traditional IT generalist. The costly omission of designed-in security is often a lack of expertise, or limited budget, pale in comparison to the cost of downtime, data breaches, or compromised autonomous systems.

Device-side

There is a huge upsurge of IoT devices available in every possible form factor and the servicing of these unlimited numbers of applications via data handling has opened the gates for a broad range of threats. As the physical security metrics put into place would not have any influence on the environment of the mobile devices, it would be the self-contained security measures that would impact the success of the IoT strategy. This has generated a need for operating systems that have the capability to secure devices from known and emerging threats, encrypt data both at rest and in use, and provide the facility of remote monitoring of security systems in real time.

Beyond these technical hurdles, a device manufacturer will need to plan for supporting a connected and secured device strategy consistent with the extended life of such devices. With PC/solution’s reaching an expected useful life of 3-5 years, embedded devices can expect a useful life nearly six-times as long. Combatting the resource limitations of the device at the time of design and commissioning – CPU, memory, etc. are compounded in the field during maintenance operations that sustain the device. Manufacturers require solutions that are built based on device-side intelligence and eliminate the possibility of device bricking, and enable efficient use of on-board resources.

Cloud-side

Complementing device-side operations, there is also a need for cloud-based solutions that would add more comprehensive device management skills to the existing or growing IoT strategy, thus completing the “end to edge framework”.

Role-based access to remote devices enables device manufacturers to query and retrieve vital operating system, file system, and application information, identify gaps and vulnerabilities, and facilitate the deployment critical counter measures to those devices. Immediate manual actions, as well as automatic rule-based actions need to be defined and executed safely and securely.

Neil McLellan is Business Development Manager at Wind River

(The author, Neil McLellan is Business Development Manager at Wind River)

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *