How to control security breaches in Internet of Things

by CXOtoday News Desk    Jul 01, 2013

Information security

In recent years, cyber-attacks are not just aimed at networks and obtaining confidential information. Attacks are now also being directed at the physical world. A blog by Chris Clearfield is a principal at System Logic, an independent consulting firm that helps organizations manage issues of risk and complexity, wrote in the Harvard Business Review that IoT, which will primarily connect physical devices with the internet and integrate it with our daily lives, brings the promise of  energy efficiency, convenience, and flexibility. A report by Cisco claims, almost 50 billion will be connected devices by 2020. But these advantages might also give leeway to cyber criminals to find security holes in the system and wreak havoc. Clearfield has given suggestions as to how such security leaks can be controlled.

Engineers should be trained to apply existing systems-engineering tools to security threats

Most engineers who write software for embedded hardware systems don’t always pay attention to security issues. Educating engineers on basic design paradigms and common cyber threats and allowing them to integrate existing robust security protections into the systems-engineering practices that are already in can help build reliable, stable systems.

Train engineers to incorporate security into products by using modular hardware and software designs

Technologies like microkernels and hypervisors, (which allow individual components to fail and be restarted without affecting other parts of the system), are already commonly used to increase the reliability of embedded systems.  These technologies allow individual components to fail and be restarted without affecting other parts of the system. In this way even if a hacker has access to a certain area, it will not be possible to have access to the whole system thereby, preventing a huge security breach. For example, if attackers remotely take control of a car’s infotainment system through an un-secure music-streaming station or e-mail app, they won’t have access to the authentication or navigation application to change the car’s destination or order a remote pickup.

Use existing, open security standards wherever possible

The internet is built on open standards. Technologies like TLS, (which provides secure identification, encryption, and prevents eavesdropping) and OAuth, (an open standard for authentication) provide secure, tested protocols. It is important to choose an established platform which removes direct control over some security design decisions. A customized solution is the best as it will be subject to less scrutiny and the input of fewer experts.

Ensure a skeptical culture

Appointing an internal or external specialist to critique design processes for security holes will result in reliable, secured systems. Skepticism should not be encouraged but formally ensured when incorporating security considerations.

Clearfield has further opined that, as cars, locks, cameras, and other traditionally unconnected products join the Internet of Things, cyber threats directed toward hardware will affect an increasing range of companies. It is better for these companies to invest in a robust, open security solution, which will be less expensive than deploying a proprietary system, preventing customers security leaks, triggering costly product recalls, and damaging their brand name.