Vinod Vasudevan, Co-Founder and CTO of Paladion, had the opportunity to participate in a panel discussion on the Internet of Things (IOT) and Cybersecurity at CyberSEED. CyberSEED being a platform pioneered by Comcast Center of Excellence for Security Innovation at the University of Connecticut to bring together cybersecurity leaders, business leaders, government and universities.
In this piece, Vasudevan will share the key ideas, discussed in the panel on IOT security and the broader linkage to cybersecurity initiatives.
The arrival of the IOT era
IOT is a revolution in the making. It is possibly the only technology that has enterprise, consumer, and industrial use cases. The industrial use cases are also called Operational Technology or Industrial Internet of Things. Now use cases are growing in number by the day, increasing their possibility of influencing our lives in the years to come.
At the consumer level, the adoption of IOT for areas including home monitoring & control, wearable tech, and connected cars has already started. At the enterprise level, adoption is active for building management, fleet management, hospital management, retail, telecom, and energy sectors. Operational technology has been long adopted by power grids, oil and gas, utilities, nuclear plants and traffic control. With increased connectivity between SCADA networks and IT in these organisations, industrial internet is becoming a reality.
The risks of IOT implementations
Despite the huge positive impact IOT has over the lives of individuals, employees and customers, the risks which accompany this technology can act as a significant hurdle in adoption. Security issues in IOT are especially a concern as they have the power to cause physical destruction, harm lives and also cause financial impact.
IOT risk factor is unique since it brings together many leading edge technologies including cloud, mobility, and big data in addition to IOT sensors, gateways, and management platforms. IOT security therefore includes risk areas that cybersecurity industry is still learning to resolve including cloud & mobility. IOT security also includes unknown risk areas in the form of IOT sensors, protocols, gateways, and management platforms. Add to this the regular IT systems that IOT platforms integrate with and you get a complex mix of risk areas that should be protected.
If we plot these areas as a combination of attacks (known/unknown) and threat actors/attackers (known/unknown), we can quickly see that there are some key areas where we are fully in the red and some where we have an understanding of attacks & attackers.
Here is a quick look at a set of illustrative risks in the IOT spectrum:
IOT will further complicate the cybersecurity challenges that we already have on hand, including the challenge of detecting unknown attacks.
In this context, IOT security means securing the different components on which the IOT solution is built on. This includes the cloud that it leverages, the IOT protocols which are part of the solution, and the related IT infrastructure and mobile devices.
Overall, it will take time for the ecosystem to reach maturity in terms of products, protocols and industry standards. Even at a mature stage, many of the risks discussed here will need to be managed with diligence by the enterprise rolling out IOT projects. On a pragmatic note, Vinod suggests that the following top three activities be carried out by any enterprise rolling out IOT solutions to achieve meaningful security: