The Internet of Things is changing the way we live and work. It’s not just industry that will benefit: the IoT is already transforming the way all of us interact with objects in our daily lives. But, the approach to IoT security is currently highly fragmented and in certain instances, non-existent.
There is a need for common standards to ensure the IoT is provided with baseline security.Consideration should be given to identity-based public key cryptography, which, due to its characteristics, can provide a sector-agnostic baseline security, from smart homes through to industrial IoT, says Roderick Hodgson, director, Secure Chorus.
This was the theme of a recent talk I delivered to the European Telecommunications Standards Institute (ETSI) Security Week held at ETSI’s headquarters in Sofia Antipolis, France. I was speaking as director with special responsibility for technical oversight of Secure Chorus, a not-for-profit organisation that provides thought leadership, common standards and tangible capabilities for the cyber security industry.
I also reported that industry as a whole is currently seeing a 600% annual increase in IoT cyber-attacks, with commercial and industrial electronics, utilities, medical, automotive and transportation, being most at risk by virtue of being at the forefront of IoT adoption.
The IoT is not a device or technology, but a framework for embedding connectivity and intelligence through a range of devices. Collecting and reacting to data in real-time is the key capability brought to life through the IoT. Data can be collected on a range of devices and can be accessed and interpreted through new computing technologies.
Cloud computing, analytics engines and big data solutions, bring about tremendous innovation when combined with the IoT. State-sponsored attacks, massive economic shutdown, and attempts to cause widespread chaos are all plausible risks in a world where IoT systems are bigger than the sum of their parts.
While the IoT is not a new phenomenon, increasing numbers of devices are being connected and becoming smarter. This trend is occurring across sectors including some considered to be critical national infrastructure (CNI), making cyber security a leading concern. Catastrophic failures in nuclear, aviation and essential services need to be considered by manufacturers, adopters of industrial IoT, nation states and regulators.
The IoT deployments face critical cyber security risks:
The number of devices that need to be secured is far greater than in the traditional business and industry IT environments;
Devices and systems found in the IoT are highly varied. While some solutions rely on low-power and low data bandwidth, others are dedicated to performing far more computation over high-speed networks;
IoT devices are being used across a wide range of environments, each presenting challenges caused by differences in processing capabilities, use cases, network capabilities and physical locations; and
IoT devices are becoming component parts of systems that directly affect health and safety.
The issue of simultaneously addressing authentication and security challenges in IoT systems can be met with the use of ‘identity-based public-key cryptography’, in which the cryptographic keys are directly tied to the identity of an IoT device or sensor.
The added use of Key Management Servers […]
The post Cyber security and the Internet of Things: Future-proofing IoT security appeared first on IoT Now – How to run an IoT enabled business.
Read more: iot-now.com