Cyber Resilience and IoT Device Security

Ritesh Sutaria
Cyber Resiliency
Illustration: © IoT For All

Internet of Things (IoT) is growing popular worldwide, and it is predicted that it will be part of 27.1 billion devices this year as per Cisco. The rapid growth in IoT demands cyber resilience as a prime concern to assure a protected future for all.

Today, with increased dependency on technology and the rollout of 5G networks and gigabit broadband, only critical devices will remain a shield against the damage that emerged worldwide.

The increase in demand for technology influences the rate of innovation positively as vendors endeavor to meet the requirements of both consumers and businesses. This synchronization between innovation and the rise in demand is creating more significant risk than ever before as it disturbs the nature of security. The existing cyber-security has to be cautious as it has to change to encounter the changing methods of cyber-attacks.

Improved Security Is Essential

Negligence to proper protection may lead to more loss than ever before as more vulnerable devices like microphones, sensors, and cameras are in use, producing personal or even commercially sensitive data that can be hijacked, leading to destructive consequences.

The recent SolarWinds attack of 2020 displays exactly how devastating cyber attacks can be. Hackers had access to the company’s infrastructure, which produces a well-renowned platform, i.e., Orion. It is used to create Trojan updates for software users. This enabled hackers to access computer systems of multiple US departments in a long campaign that crossed most of the year; other victims of this attack were cybersecurity organizations, telecom businesses, and colleges and universities worldwide.

This incident taught a lesson to the world that supply chain attacks might increase in the future. As a result, manufacturers should now design their products so that vulnerabilities detected in software components can be corrected immediately and at scale.

Attacks resulting in an average of US $200,000 (€166133.70) worth loss signifies the urgent need for a “security first” approach, where cyber resilience is vital for continued security and device recovery.

Creating a Cyber-Resilient Foundation

Resilience grants better protection and helps detect the security issues and recover the devices after it becomes compromised. With the increased importance of IoT in enterprises and consumers, there must be a way to securely manage devices and regain control without asking for manual steps from a person. IoT-enabled devices with built-in cyber resilience will become essential as more and more devices, networks, and systems become interconnected.

IoT-enabled devices built-in cyber resilience will become vitally important with time as more and more devices, networks, and systems are interconnected.

The Cyber Resilient module is the best way to respond and recover from cyber-attacks. A module is a logical unit consisting of two layers. The lower layer is Recovery Engine that can recover the upper layer, i.e., Resilience Target.

Building blocks inside the Cyber Resilient Module ensures a safe environment for the engine to run and update the target, even if it becomes compromised.

For complicated devices with multiple layers or individual sub-components, the Cyber Resilient Module concept can be repeatedly implemented for each layer and sub-component to make the entire device resilient and recoverable.

Cyber Resilience in Action

The primary objective of Cyber Resilient Modules is to help devices protect themselves, detect when they may have been compromised, and initiate recovery actions immediately without manual help. With the increase in connected devices, the resilience model’s features support managing devices at scale.

Suppose a widespread attack affects the recovery target layer of a sub-component or device. In that case, the owner needs to wait for the device’s counter to reset a Cyber Resilient Module in the device. Once the process is completed, the recovery engine owns a safe environment to run in and check if there is any security issue with the device.

One can go for remediation instructions available from the manufacturer to recover the device. If a fix is still at work, the device can adopt a more protective posture until the manufacturer understands the issue and provides guidance for the device to recover. Suppose there is no security issue, then the device can get back to its normal condition and start the operations.

Cyber resilient techniques enable vendors and end-users or manufacturers to update the system with safety and ensure necessary security measures to shield the device during its life process. Detection, Protection, and Recovery also mean that any misconfigured or changes can be quickly identified and fixed accordingly.

Better Tomorrow

Today, when IoT deployments are rising, it is now a crucial issue for manufacturers to safeguard devices throughout the entire life process to protect them from attacks and stop data leakage. Adopting the Cyber Resilient module is the best solution to protect devices and their data while restricting attacks.

Author
Ritesh Sutaria
Ritesh Sutaria - Director, Prompt Softech
Over 20 years of experience in Product Engineering and Leading an Organization. Demonstrable organizational skills in putting together customer-focused teams of high calibre achievers who have delivered remarkable performances.
Over 20 years of experience in Product Engineering and Leading an Organization. Demonstrable organizational skills in putting together customer-focused teams of high calibre achievers who have delivered remarkable performances.