Internet of Things security primer

Internet of Things security primerThe Internet of Things (IoT) provides convenience, comfort, and cost savings through a vast and growing collection of connected devices ranging from HVAC systems and printers to fitness trackers, medical devices, Iot devices and automobiles. And not surprisingly, those benefits are attracting the attention of businesses big and small.

“The alluring promise of an improved bottom line will encourage businesses to focus on IoT,” predicts HP Chief Technology Officer, Shane Wall. “It can lower operating costs, increase productivity, and help businesses expand into new markets or offer new products.”

While it is true that IoT devices can help businesses drive improvements in areas such as operations, staff performance, and the customer experience, a serious issue bubbles below all of that promise: security.

Far-reaching consequences

While IoT devices have appealing potential for businesses, real and significant cyber threats exist. During a November 2016 hearing held by the U.S. House Energy and Commerce Committee, a leading cybersecurity scholar reported that the swelling proliferation of insecure IoT products posed “catastrophic risks” to life and property.1

To be certain, IoT-enabled attacks can create armies of zombie computers capable of wreaking havoc on businesses and institutions. In a hospital, for instance, an IoT hack could bring elevators and ventilation systems to a halt, threatening the safety and livelihood of patients, employees, and visitors alike.

A market failure?

Quite simply, IoT security has not kept pace with IoT innovation, a discrepancy that increases the nation’s collective vulnerability to cyberattacks and creates safety and economic risks. One cybersecurity expert even termed IoT security a “market failure” during a U.S. House Committee hearing.1

Various cybersecurity experts charge that many IoT device manufacturers do not prioritize security as high as they should and, as a result, billions of hackable devices blanket the marketplace. One study reports that 70% of IoT devices are vulnerable to attack.2

The top security problems facing IoT devices include3:

  • Insecure web or mobile interfaces
  • Insecure network services
  • Insecure software
  • Insufficient authentication
  • Lack of transport encryptions
  • Lax privacy controls

Confronting negligent IoT security

In November 2016, the U.S. Department of Homeland Security (DHS) unveiled a list of broad action steps to strengthen IoT security. The agency’s recommendations included: incorporating security at the design phase, advancing security updates, and building upon recognized security best practices.4 Other cybersecurity experts, meanwhile, have called for an independent agency to test the security of IoT devices—something akin to the National Highway Traffic Safety Administration’s crash test ratings for automobiles.

Whatever the solutions might be, the DHS contends, the “nation cannot afford a generation of IoT devices deployed with little consideration for security” given the potential consequences to the nation’s infrastructure, economy, and individuals’ personal privacy.4

The IoT and your business

For businesses craving efficiency, productivity, and profit-boosting technologies, the IoT holds unquestionable appeal. At the same time, businesses will need to be conscientious regarding the IoT devices they deploy and consistently vigilant in their cybersecurity efforts. Fortunately, there are manageable ways to confront IoT security concerns. HP’s Security Lab is leading research and innovation in security for current and future technology, and attention from the public and private sector continues to push IoT security to the forefront.

 

 

[1] U.S. House of Representatives, Subcommittee on Communications and Technology, Joint with Subcommittee on Commerce, Manufacturing, and Trade, Committee on Energy and Commerce, Understanding The Role Of Connected Devices In Recent Cyber Attacks
[2] Hewlett Packard Enterprise, HPE Fortify and the Internet of Things
[3] Hewlett Packard Enterprise, Find weak links in connected devices 
[4] U.S. Department of Homeland Security, Strategic Principles For Securing The Internet Of Things

used with permission from HP Technology at Work

Tags: