John Matherly, an American bioinformatician, created Shodan, a site that claims to be the first search engine for the Internet of Things. In 2013, Matherly warned that approximately 500 million devices had passwords set to “1234” and “admin”. This poses a security threat, as it is simple for cybercriminals to hack these devices and steal data. Clearly, experts need to address several IoT cybersecurity challenges.
The vulnerable devices included security cameras, thermostats, and garage doors, as well as glucose meters for diabetics, gas station pump controllers, and automatic license plate readers. Privacy and security are still weak points when it comes to the Internet of Things. As a single point for failure can lead to multiple attacks, the more unprotected devices that are used within an organization, the greater the risk. And this is the main issue IT professionals and cybersecurity experts must continue to tackle.
IoT Cybersecurity Challenges and Possible Solutions
While the sector is facing the same cybersecurity challenges as other IT areas, it is becoming more fragmented in how they are being addressed. A handful of people are popping up claiming they will solve the problem, but we are seeing a dearth of concrete deliverables.
Global Platform launched IoTopia at IOTSWC19 (IoT Solutions World Congress 2019) to address this issue. IoTopia, a collaborative industry initiative, proposes a common framework to standardize the design, certification, and deployment of IoT devices.
It sounds holistic and is what it claims to be. IoTopia relies on four pillars: Secure by Design (it defines how secure-by-design standards seek to remove vulnerabilities and prevent attacks), Device Intent (to allow the network to create policies and rules), Secure Onboarding for IoT devices, and Device Lifecycle Management.
IoTopia’s Four Pillars
IoTopia is interested in Device Intent. It seeks to create a consistent method to determine what a device is really made of, who it belongs to, and what it is meant to do.
Onboarding is also a problem, as it can be difficult to get all the devices onboarded in one company. Finally, Product end-of-life management is essential for manufacturers, vendors, IT staff, and device owners.
While people have every right to be skeptical of this initiative, more devices will be available in the coming years. It won’t suffice to state that they are safe. They will need to prove that they are ready for all IoT cybersecurity challenges.
The expertise and ecosystem are already in place. AI-powered monitoring tools and analytics tools could also be of assistance, even though they may not be easy to adapt to all situations. Cybercriminals continue to find new ways to commit crimes, but there is still much to do.
Some companies are implementing blockchain technology to protect their networks. What it does is decentralize data across a distributed network and ensure trust in transactions. Data is organized in blocks, each of which contains a transaction or a bundle of transactions. Each block connects with the ones before and together create a cryptographic chain that is very hard to interfere with. However, that is not to say that blockchain is impervious to attacks.
Experts have their work cut out for them. Tackling IoT cybersecurity challenges is a demanding task but there are tools available that make it possible.