IoT Security is everybody’s business!! – Part 2

  • By Sairam Bollapragada

We identified the risks and potential threats to our living in the part 1 of this blog. Let us discuss some of the preventive ways to secure our living in this part – some remedial steps which will help repose faith in the technology driven lives.

A study by Hewlett Packard shows that around 70% of the connected devices are prone to serious threats.  Many of the consumers of technology, roughly more than 76% do not understand or appreciate these risks. The attitude is – “.. it has not impacted me so far…”.

To deal with, let us identify the top 10 security issues with IoT to increase our awareness. These could be potential sources:

  1. Insufficient authentication or authorization
  2. Insecure Web interface
  3. Insecure network services
  4. Insufficient security configuration
  5. Privacy concerns
  6. Insecure mobile interface
  7. Lack of transport encryption
  8. Insecure software or firmware
  9. Insecure cloud interface
  10. Poor physical security

The above list, though not exhaustive, is definitely worth pondering.

All organizations rallying to be the top IoT product and solution providers must compel themselves to create the hard security platforms which will make the solutions bullet-proof for any vulnerability resulting thereof.

While everybody would love to believe prevention is better than cure, we cannot ignore detection and detention of rogue application creators/hackers/disruptors and the havoc-makers. The cyber laws of all lands embracing such technological progress (leaves none untouched though), need to be made more stringent, detectable, with outcomes for prevention. A new brand of Cyber-cops will need to be constituted – who have in-depth knowledge and technical capabilities (rather extensively trained) to

  • Comprehend the types of crimes that can be committed
  • Analytical skills to trace the equipment(s) used for the crime
  • Understand the device characteristics with potential vulnerable points
  • Analyze the data getting generated through millions of devices
  • Profile the device types used in the crime
  • Understand data privacy laws and detect the extent of damage
  • Complete understanding of compliance laws of several vertical industries (like BFSI)
  • Most of the categorized IoT devices used in solutions
  • And many more

What I am indicating is that Cyber police can no longer be a selective location based optimized teams in a police station, but proper networked teams who have extensive tech knowledge of the field. They must be equipped with applications and mechanisms to establish crime patterns and behavioral trends of typical class of the crime being committed (periodically?). These can also be virtual teams which can work on distributed patterns but build a virtual cyber security data center – with enough potentials and credibility to nip the crime in the bud bringing speed and effectiveness into the crime scene.

While preparing for this so-called 3rd Industrial Revolution, the policy makers must get into following actions as part of readiness:

  • Defining and designing cyber threat intelligence (CTI)
  • Defining Cyber security ecosystem including suppliers, partners, vendors, business networks
  • Cyber cells must be formed at each department of the citizen service to create preventive mechanisms for tracking cyber-crimes, and intervention at greater speeds
  • Creating a level of understanding among the organizations for strong governance, controls and accountability
  • Enlisting high valued assets(buildings, transports, Physical data centers among many) and provisioning for their safety against such attacks
  • Using forensic analytics continuously to understand the cyber threat sources and their patterns through threat intelligence data
  • Policies to monitor all financial transactions through the mobile devices for understanding modus operandi

Cyber Security can no longer be tagged only to IT engineers in this digital era, especially where engineering organizations are embracing it in a big way. With th amalgamation of engineers from various branches to form the IoT teams, it has to be a collaborative effort to create ward-offs by both the core engineers as well as the IT engineers. Every solution must be scrutinized for a security threat and provisioning of the same- as part of each IoT solution. Penetration testing techniques would need more sophistication to weed out holes and at a much better pace.

There must be security norms laid out and each customer at all times must think and demand security wrappers around the solutions being doled out. …hate to say this but CYBER SECURITY CAN BECOME A NIGHTMARE if not taken care of!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s