IoT Security: ETSI Recommends Avoiding Internet Exposure to IoT devices
Sylvestre Becker Babel
Driving business by connecting ecosystems at Console Connect
The Internet of Things (IoT) has become an integral part of our lives, with billions of devices connected to the internet. The IoT devices are usually connected to Internet in order to allow them to communicate with Cloud-based applications rendering the value added services expected by customers. Examples can include, Medical condition monitoring, Remote Baby monitoring, Music content players, Remote Home Appliances management…? ?
However, this connectivity between the IoT device and the Cloud-Based applications, also makes the overall service an easy target for cyberattacks.
In the past few years, lots of IoT devices have been hacked because they were exposed on the internet.
The list of IoT devices that have been hacked is constantly growing, hence it is important for IoT device designers to take steps to secure their IoT devices and protect them from these types of attacks.
The ETSI 403 645 document is a set of security recommendations for IoT devices. One of the key recommendations is to minimise attack exposure surface, meaning - amongst other things - avoid exposing IoT devices to the internet whenever possible.
There are a number of ways to avoid exposing IoT devices to the internet. One way is to use a local area network (LAN) to connect the devices to each other and to a controller. This way, the devices are not directly connected to the internet and can only be accessed by authorized users. And then if the the controller needs to be connected to other cloud-based instances, that connection needs to remain on a private network as well.
领英推荐
Another way to avoid internet exposure of the device by connecting them directly to the cloud-based instances via fully private networks.
In addition, it is important to keep IoT devices up to date with the latest security patches. This will help to protect the devices from known vulnerabilities.
By following these recommendations, organizations can help to protect their IoT devices from cyberattacks.
In addition to avoiding internet exposure, the ETSI 403 645 standard also recommends a number of other security measures for IoT devices, such as:
By following these recommendations, organizations can help to secure their IoT devices and protect their data from unauthorized access.
CCaaS on Azure. Software Platform Innovation. Microsoft Azure Co-sell. Agility, Adaptability, and Value Creation through Collaborative Co-selling.
1 年Thanks for the article, Sylvestre. Also, the discussion is helpful. ??Dan Newbold II, I'm curious to hear your take on this topic.
Chief Revenue Officer and Cybersecurity Professional- Expert in generating new revenue streams on top of cellular IoT connectivity
1 年I partially agree Sylvestre Becker Babel . However, you have missed one of the major threats of physical tempering with IOT devices, located outside the enterprise perimeter- for example, smart meters, EV charging stations, Point of Sales etc. Deployment of private networks would not solve cases of fraud or remote attacks via connectivity on the enterprise control center.
VP Global IoT Sales and Partnership
1 年the challenge with the Internet is that it just needs one mistake to expose the IoT fleet. Moreover tech evolves. Devices with a 5 to 10years lifecycle are usually not advanced as cost saving drives their procurement. A device that is good technologically and software speaking in 2023 may not be as good in 2033. Imagine the leap frog we made compared to the best devices produced in 2013. So limiting risk and avoiding the main hacking risk that Internet represent is a valid long term step. Current software based solution to protect IoT device is not a guarantee of safety over time.
IoT Solutions for SMBs: Driving Growth & Competitive Advantage
1 年Very good article, Sylvestre Becker Babel. We access our bank accounts daily via the Public Internet, so connecting IoT devices to the network is not the real issue. IoT devices are exposed when they accept incoming connections "from the Internet". Sending telemetry data from devices to the backend system utilizing the Public Internet is totally valid approach, provided that: * Devices are the active participants of communication. * We establish mutual authentication between devices and the backend endpoint. * Transmission is encrypted. If an IoT device drops any incoming request (as it should), connecting it to the Internet does not provide any risk.