The Internet of Things (IoT) is an idea that could radically alter our relationship with technology. The promise of a world in which all of the electronic devices around us are part of a single, interconnected network was once a thing of science fiction. But IoT has not only entered the world of nonfiction; it’s taking the world by storm.
While the possibilities of these new technologies are mind-boggling, they also reveal severe IoT cybersecurity challenges. During the last few years, we’ve seen a dramatic increase in the number and the sophistication of attacks targeting IoT devices. For example, consider the recent indictment of the operator of the infamous “Satori” botnet, which compromised hundreds of thousands of IoT devices.
A Growing Network
IoT devices are no longer a niche market. They have started to move from our workspaces into our (smart) homes, where IoT devices are expected to have the most significant impact on our daily lives. Most smart home devices will be benign, everyday appliances like kettles and toasters. Even if these devices are hacked and compromised, short of ruining your breakfast, there’s not a lot a hacker can do to cause you grief. However, IoT will encompass a significant portion of the electronics around us in a variety of settings. This includes situations involving intruders and could have lethal consequences.
IoT Cybersecurity Challenges
Numerous presentations at recent cybersecurity conferences have exposed severe security flaws in IoT architectures. Some have demonstrated how cars can be hijacked and controlled remotely. Perhaps more alarmingly, they’ve shown how medical devices, such as pacemakers, can be switched on and off at will. While this is undoubtedly alarming, what makes it even more shocking is just how little attention people pay to cybersecurity. IoT cybersecurity challenges are plentiful—and those are just the ones we know of.
Researchers who were able to access a multitude of IoT medical devices found that they weren’t password protected. And when they were password protected, many were using default passwords that an experienced attacker with information from the device manufacturer could crack in a few seconds. We can’t afford to have such basic cybersecurity blunders jeopardize the promise of IoT.
Mitigating the Threat
No security system is ever going to be perfect. Even if the underlying technology is robust, there will always be the potential for human error to derail the whole thing. It’s crucial to understand which threats you’re exposed to in order to formulate a response strategy.
We could start to mitigate privacy concerns in IoT by implementing a VPN as the standard security measure. This would require every device to use encryption and private servers to establish a secure Internet connection. But there’s a trade-off in terms of scalability and speed: private servers can slow things down by adding complexity to the network architecture.
One of the most promising ways for enhancing the security of IoT is through the use of identity management. By giving each device a unique ID—and implementing multiple user credentials—it’s possible to create a three-way verification system. Such an authentication system would reduce the attackable cyberspace by requiring the device, the user, and the application to agree about whether a network interaction is valid.
Regulate and Standardize Cybersecurity
“Standardization” is a compelling concept in cybersecurity. Consider the difference in the number of security threats that exist for iPhones versus Android phones. Because all iPhone generations run on the same hardware—representing standardization across devices—it’s much easier to secure them from attacks, implementing comprehensive security measures.
If the IoT revolution is going to succeed, we need to have a robust regulatory framework in place to ensure that device manufacturers adhere to minimum, mutually intelligible IoT cybersecurity standards. We should also standardize device-level security protocols to ensure that each network element is part of a general strategy for combatting common threats. We can’t afford to leave any weak, low-level links unguarded.
With new types of cyber-attacks emerging constantly, it’s essential to get ahead of the curve as soon as possible. Every IoT device has a corresponding IP address. Therefore, each small device can have serious implications for global network privacy. An attacker could potentially infiltrate the network and follow a trail of data from any given device to an end-user.
The next few years will be critical for IoT. The entire concept may well rise or fall on the basis of how well we collectively address cybersecurity risks. Connectivity is always a double-edged sword, and most IoT cybersecurity challenges have yet to be overcome. Fortunately, it seems that device manufacturers are being spurred into action.
Written by Harold Kilpatrick, Cybersecurity Expert, and a Blogger at PR Consultancy.