IoT Marks the Convergence of Physical Security and Cybersecurity

IoT is about a convergence of physical and digital spaces, objects, and processes. As physical and digital worlds collide, physical security and cybersecurity become co-dependent.

1138
Image of a padlock over chains

Incorporating the internet into the physical world initially began as a slow shift. It has since gained unprecedented momentum with the emergence of the Internet of Things (“IoT”). Multiple “smart” tools with computing capabilities have become smaller and cheaper, resulting in broader availability and utility. Large budgets were required for an industry to computerize a process just a decade ago. Today, it takes far less money and time. Moreover, it’s substantially easier for individuals to perform a majority of daily tasks on the web. All that’s required is a smartphone app and users can control home appliances or set office temperature.

Sophisticated sensors also play a major role in the convergence of physical and digital worlds. New sensor technologies, such as proximity, infrared, image, optical, temperature, smoke, and pressure sensors have surfaced. They facilitate the automation of numerous processes.

Agile software development brought together the devices—the sensors—and the web into a broader ecosystem that includes more vulnerable access points. In terms of security, the boundary between the physical and the cyber world is getting thinner.

Why Pay Attention to This Convergence?

Responsible IT personnel are justifiably concerned about new security challenges developing in the interconnected grid of physical devices. Multiple IT roles play a part in addressing the weaknesses. Hackers have more ways than ever to locate vulnerabilities in IoT devices.

A strong emphasis on IoT cybersecurity expertise arose recently due to the proliferation of enterprise applications and cloud-based platforms. Their practical application blurs the line between what’s required (security-wise) from a CIO, an internal IT security manager, a cybersecurity expert, a cloud service vendor, and an IoT solutions provider. Who is ultimately responsible and for which portions of the overall system of systems that is IoT? If a company deploys an IoT solution, do they also need to hire an IoT cybersecurity expert?

Traditional roles may become clearer and new security roles may develop as a result of the IoT revolution. Nonetheless, everyone included in the process must bear a certain portion of the responsibility for tightening security. Physical and digital security are integral to corporate security policies. And with the dawn of IoT, a binary distinction between physical and digital security is virtually impossible. All securitization procedures concern both physical and digital processes and spaces.

How is IoT Cybersecurity an Overall Security Challenge?

Smart devices offer ample opportunities to simplify business processes. They also expose new weaknesses in those same processes. If an intruder has more touchpoints to access a security ecosystem—encompassing both physical and digital objects—the risk grows exponentially as the number of connected devices, apps, and sensors increases.

The result is a much messier definition of security in a world of interconnected systems. If you think of IoT as one big system of systems, within which thousands of intersections are formed as new devices, users and apps are added, it’s easy to imagine the implications of a single security failure—e.g. a DDOS attack. Chain reactions—think botnets—occur. 

Strengthening Security with IoT

If used in an efficient way, however, the multiple vulnerability points IoT exposes could also become a source of strength. Security participants in the IoT ecosystem can play a role by using these connectivity points to solve the real-world problems of members who communicate over the network. In this way, IoT is creating growth opportunities.

The main task confronting responsible IT security providers is to create barriers and checkpoints between the newly-converged physical and cyber worlds. You can now find many providers of combined security solutions that pay attention to both aspects.

A chart demonstrating the 6 major parts of cybersecuritization across the IoT stack
Image Credit: IoT Analytics

If we can overcome these inherent IoT cybersecurity challenges, then the sky is the limit. The logistics industry is using asset tracking in the logistics management lifecycle to cut down on costs and amplify labor potential. Automotive industries have improved engines and other vehicle parts and accessories by tracking their performance in the overall system.

Real estate and facility management companies have automated building management. They’ve reduced maintenance and operational costs by implementing IoT solutions. Drones are used to improve citizen safety by accessing dangerous areas.

These are just a few examples of how IoT can be used to overcome current enterprise problems. Since we’re not moving back in time to isolated security environments, we must look strategically into a future of making IoT work for enterprise growth rather than against it.

Written by Kait Hobson, Content Editor at Kisi.