Securing the Internet of Things

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

The Internet of Things is already with us and it requires a paradigm shift in the way that organisations think about security. While protecting sensitive data will continue to be of the utmost importance, the rise in connected devices raises a new security concern; how to trust the identity of these devices. Enterprises and other organisations must shake themselves out of the mind-set that online security is simply about protecting

data

. With the rise of the Internet of Things they must also ensure that they can protect and verify the identity of every device that connects to their environments.

This is the view of Allen Storey, Product Director at Intercede.Storey warns that the growth in connected devices gives criminals access to greater and more diverse opportunities for extortion, theft and fraud, which are likely to be even more damaging – and potentially life-endangering – than today’s malware that holds data to ransom, such as Cryptolocker. These attacks don’t just threaten to disrupt corporations. With critical national infrastructure being brought online, such as power generation and electricity grids, they become potentially vulnerable to attack from terrorists or hostile nations. A successful attack on infrastructure control systems has the potential to wreak massive disruption, and even death, in its wake.

To combat the threats inherent in the Internet of Things, organisations must have absolute confidence that the devices which connect to their networks are the devices they claim to be.

Establishing the true identity of any machine or device is a critical element in preventing criminals gaining control of, or access to, a company’s network. Anything that is Internet-connected but unprotected can be compromised, and can provide a wealth of valuable data to criminals. One example would be the ability to monitor staff movements to track or target a particular employee for some nefarious purpose, from theft to blackmail.

The most important first step is to ensure that any Internet-connected device is properly identified, so it can be trusted. One of the best methods of protecting a device is with a secure element embedded within it which can’t be copied or tampered with, and which can hold cryptographic keys that are unique to that one device. Combined with authentication that verifies each user or device that attempts to engage with it, embedded security provides an essential element of any defence against criminals seeking to exploit the Internet of Things.

As with so much related to security, one of the biggest vulnerabilities is not technology but humans. What is key to securing a world of connected devices is a big push to educate people, corporations and other organisations that while the Internet of Things will radically change our lives in many ways, the biggest change will come in the way that we need to think about security. This education should not be based on fear, uncertainty and doubt; instead we need a calm and collaborative approach to securing one of the biggest technological leaps forward in our lifetime.

What starts within the enterprise often expands to the consumer. “What I want five years from now is to be sitting in my self-driving car, checking my home surveillance system on my smart watch, when my fridge tells me I have run out of milk and automatically directs me to the supermarket,” says Storey. “But I want to be absolutely sure that it is my fridge, my car, my surveillance camera and my watch talking to me. Embedded secure elements combined with device and person identity management can make this a reality; without it our fridges may be full of spam in a way we had not predicted.”

Topics