IoT security -why you need to bother
Ulf Seijmer
IoT optimist ·?CINO Induo · CTO/co-founder AKKR8 · EUTECH Technology Council | I help companies grow through IoT - ???+46-76-5755751
The stability from a security perspective rapidly changed. Balance has shifted. The map has unexpectedly been redrawn. There are no words to express the situation in Ukraine.
The IoT Security trend
In late 2021 I looked at IoT trends for 2022. Security was not on that list. However, paramount the importance has escalated the last weeks. IoT security has jumped up many rungs on the agenda of businesses. The importance of IoT security has to be higher on the agenda.
An ecosystem of problems
So what is the thing with IoT security? It has been on the agenda for years for many companies but has not always been embraced. Traditional cybersecurity often focuses heavily on software, cloud services and networks. IoT security expands the scope. It is a world of new scenarios where it is hard to keep track of all components. We have devices sending data to god knows where. We have cloud services, operators, and a bunch of API integrations on top. We have devices with firmware we know little about, and we do not know it is maintained—a tricky landscape to navigate.
VPN for things?
Traditionally IT security over a network is spelt VPN. In the IoT context, this translates to end-to-end encryption of device data. But how many people keep track of the encryption of the temperature sensor that has been installed? Where is the data actually being sent? I mean not just the cloud platform, but who can access the data. What happens in the step after that cloud platform? And is the device only sending that information, or are other data points also included, like the location? Nearby mac-addresses? In other words, a completely different approach is needed.
What is preventing security?
Multiple factors and compromises hold back the security of IoT solutions. Here are a few:
(a) battery life
One large portion of IoT is sensors, sensors to be sold in large volumes at the lowest possible price, sensors that should last at least 20 years on a battery. With these metrics, we have reached a design impasse. Too long a battery life automatically means that you compromise on safety more often than you think. It means we sometimes sacrifice end-to-end encrypted transmission, for example, because that reduces battery life.
领英推荐
b) low budget firmware
A low-price product does not necessarily have the most expensive or elaborate firmware. And even if the software in the device is okay, it is hampered by processing power and storage space. For example, many IoT devices may have encrypted firmware, but the same encryption key may be used on all devices. So if a hacker breaches one device, they can breach many.
c) new boarders
The firmware or hardware may have been developed by a team spread over large parts of the world-a region that may be isolated due to the current situation in Ukraine. I have had several close contacts who realize that their developers in Russia or even manufacturers are cut off from the outside world. Markets like Russia and China may likely be even more isolated from Europe in the future.
d) fast to market
Many IoT companies are start-ups. They need to sell fast. The hardware usually is not the most prioritized thing in their business model. It does not attract investors. So software and hardware development is put on the back-burner. This means that it is more vital to get your solution out fast, sometimes with briefly tested firmware, rather than having a balanced and tested ecosystem.
e) security sells less
Great design and ease of use sell more than security. It's the recipe to generate profit and impact quickly. Safety is still as attractive as a Volvo 240 with beige plush upholstery. But that should be where we start looking.
We all need to look at the world with different glasses, unfortunately.