Common Challenges of Implementing a Single IoT Security Standard

Developing a cybersecurity standard that will make IoT devices and networks more secure is paramount, but several challenges must be taken into account when designing a new standard.

A lock and many keys
Illustration: © IoT For All

IoT, as we know it today, allows us to make our lives easier—but it’s not 100 percent secure. It can be hard to understand why it’s so difficult to come up with a comprehensive cybersecurity standard for IoT. After all, if we can create this technology, we should be able to keep it secure.

In theory, yes. However, in practice, there are many challenges that cybersecurity experts need to overcome first. Here are some common problems of implementing an IoT security standard that would make IoT devices more secure.

Image credit: Kyle Glenn on Unsplash

Challenges Encountered by Generic Security

Generic security encompasses all of the common cybersecurity mechanisms we use to keep our devices safe. However, these processes — authentication, access control and identification — face an increasing strain to accommodate all of the different use contexts and systems that IoT devices are developing. To make this process easier, we need more procedures and policies that would address the complexity of the current IoT situation.

Vulnerable Legacy Systems

IoT is expanding rapidly, even into legacy industrial systems, as it helps make them more efficient. However, this creates only a partially trusted environment, as system operators tend to neglect thorough risk assessments and addressing vulnerabilities. It comes from a lack of methodologies that would help them accomplish this fast enough to still keep pace with the overall demand. Even with the risk of cybersecurity breaches, for these professionals, it doesn’t pay off to worry about security unless something happens.

The Human Factor of IoT Security

The human factor is often neglected by IoT developers who don’t always account for all the possible ways in which their devices can be used. It’s not the only consequence of a lack of a human-centric approach to IoT development, but it’s one of the most common ones. However, to implement it, we need a better understanding of how people use the devices and make it more intuitive for them to follow best security practices.

Different Sectors Have Different Priorities

Finally, different sectors have different priorities, based on the IoT devices that fuel their growth.

  • For the automotive industry, that’s the production of connected and autonomous vehicles — so the priority is to come up with a way to protect those systems.
  • Medicine focuses on different types of IoT devices — from implantable devices and wearables to devices storing patient medical history.

And let’s not forget the growing trends of smart home systems or appliances. All of these devices and industries have their host of security issues, and a comprehensive cybersecurity standard might not even work as well as intended for some of them. However, taking steps towards it is still going in the right direction to ensure the security of all IoT devices.

Key Takeaways

The key to overcoming most of these challenges lies in increasing awareness of cyberattacks in IoT developers and manufacturers by providing them adaptable frameworksthat are simple to integrate into the life-cycle development process.

To reduce the risks of having cybersecurity attacks, basic or substantial levels of security evaluation must be conducted on all of our connected devices before issuance in addition to having an overarching system of regulations in place to tackle the best practices of resilience and safety.

Roland Atoui
Roland Atoui is an expert in cybersecurity and the Internet of Things (IoT) having recognized achievements working for companies such as Gemalto and Oracle with a background in both research and industry. From smart cards to smartphones to IoT technologies. Roland is a new technology enthusiast with a current mission to bring trust to the IoT. After following an Executive MBA education at EDHEC business school in France he founded Red Alert Labs – an IoT security firm addressing both technical and commercial cybersecurity challenges in IoT.