The Internet of Things (IoT) has rapidly evolved from being a technical novelty into a core component of critical infrastructure around the world. It presents some pressing security challenges.
IoT is everywhere. Critical infrastructure like water and sewerage treatment plants, power stations, financial systems, and hospitals are becoming increasingly reliant on an array of network-connected devices to undertake vital tasks. These range from monitoring the status of equipment and reporting the medical status of patients to controlling operation of water grids and power distribution networks.
IoT is also in emerging into the consumer space and will soon have a direct impact on all our lives. For example, routers, security cameras, smart appliances and locks. Or driverless cars and other autonomous vehicles - themselves IoT devices - will soon become regular road users. Heavily reliant on network connections for their function, they are enticing targets for cyber criminals.
With this scary scenario and the plethora of conflicting claims that IoT is inherently insecure or that it can be secured – depending on what you are selling – iTWire asked Simon Howe, Director of Sales for ANZ at LogRhythm, a leading SIEM (security information and event management) to give readers his honest take on the issues.
{loadposition ray}
“Companies are investing heavily in drones, planning to use them for anything from remote monitoring of assets to the delivery of products to end users. Like driverless cars, smart grids, and smart homes that can be remotely controlled – IoT is an increasingly attractive target for criminals who could use them to create damage and disruption.”
Sources of IoT threats
Attacks on IoT devices and infrastructures are likely to stem from three groups. Each has a track record of cyber crime and will be motivated by its own goals.
The first is organised crime groups which operate globally and have become highly skilled in cyber crime. Groups have attacked everything from Bank ATM networks and company IT systems to retail and government systems. The motivation is financial gain.
The second is state attacks - foreign governments - intent on gaining a political or economic advantage. There have been instances of government-sponsored attacks that have targeted vital infrastructure in other countries and this is likely to increase as IoT infrastructures grow. The motivation is knowledge and therefore power.
The third is terrorist groups. While still an emerging threat, these groups are looking for ways to exploit vulnerabilities and cause disruption, panic and loss of life.
IoT security challenges
IoT represents a huge potential attack surface for cyber criminals - purely because of the vast number of connected devices and that many were developed with scant regard to being secure in an internet environment.
Many connected devices are small and basic that means they don't have a lot of extra processing capacity or network bandwidth resources. They simply cannot support sophisticated security software on the device as is the case with computers or mobile handsets. Add the fact that they are spread across large areas with little hope of physical management and things become even trickier.
While these factors may seem to combine to make the IoT security challenge all but impossible, it is important to realise that the devices involved are still just computers. They may lack the capabilities of PCs but they still contain an operating system, a user interface and a network connection.
The devices also produce streams of data, which can be particularly useful when trying to improve their security. There is significant potential to extract this data, analyse it remotely, and use the results to detect anomalous activity.
The techniques used here can be like those used in other areas of IT security. These include
log management, networking monitoring, forensics and endpoint monitoring – all valid in an IoT world.
The role of Security Automation and Orchestration (SAO)
Achieving effective security in an IoT environment involves connecting a range of security tools together and streamlining and automating their function. The approach, dubbed Security Automation and Orchestration (SAO), ensures that security can be scaled to cover hundreds of millions (or even billions) of connected devices.
Rather than trying to install agents on every device, an SAO approach can allow traffic from each to be analysed automatically by tools. If there is any activity that deviates from an established baseline – let’s call it “known good” - an alarm can be triggered that leads to further investigation by a human.
A standardised approach like this allows more efficient collaboration between teams and even different organisations. Details of threats identified in one area can be quickly shared with others to assist them with enhanced security.
What is clear is that early detection and neutralisation of threats is critical to ensure security is maintained within IoT infrastructures. Organisations need to ensure they can quickly respond to threats before damage or losses can occur.
By taking a structured and thorough approach to security now, organisations can be confident their usage of IoT can deliver significant business benefits without causing any new potential areas for cyber criminals to target in the future.