Information security & the Internet of Things

The IoT “Internet of Things” Security Foundation decreed an innovative Security Compliance Framework on December 6, 2016.

Read on to know more about Internet of Things (IoT) and how this framework will affect information security teams.

The Internet of Things

In general, the Internet of Things is simply a network of physical objects like vehicles, machines, smart home appliances, tablets, smartphones, and other devices that utilize APIs and sensors to connect to the internet and virtually exchange data.

By combining automated systems with these connected devices, it is easy to gather data, analyze information, and even create an action that can help someone to handle a specific task or learn from the entire process.

The internet of things offers an opportunity for these devices to communicate with others in close proximity and across different networks creating a more connected world.

The IoT definition has tremendously evolved over the last few years. TechTarget depicts IoT as a situation where people, objects, or animals are given distinct identifiers and the ability of transferring information over a network without the need for human-to-computer or human-to-human interaction. Forbes describes IoT as connecting devices to each other or connecting devices to the web through an on and off switch. These devices offer significant connectivity capabilities and are used for school, entertainment, and work. However, this is what makes them to be a security risk.

IoT Risks

Internet of Things risks are usually amplified by a lack of consumer knowledge and speed of implementation.

These risks were discussed in details in a hearing in November 16, 2016 held by the subcommittee Communications and Technology and the subcommittee of Commerce, Manufacturing and Trade. During the hearing, a discussion was held regarding the denial-of-service attack that occurred in October.

This attack was caused by the weaponizing of unsecured network connected devices, such as DVRs and cameras. These devices were used by bad actors to send numerous DoS requests that eventually made the DoS servers ineffective.

Studies show that by the start of 2018, there were more than 3.4 billion connected devices in existence and these serve as potential entry points for security issues.  However, protecting the ever-increasing number of entry points will become more challenging. This is because over time more connected self-driving vehicles and medical devices are increasingly being researched and manufactured.

The IoT Security Foundation (IoTSF)

Increased safety is important because businesses now offer cloud services that are connectible through wireless networks. The Internet of Things Security Foundation (IoTSF) is a non-profit international organization that provides solutions to the complicated security challenges that are experienced in a highly connected world.

The IoTSF is an independent and self-governing body that works to boost the IoT information security while allowing room for innovation. The standards set by this organization are comparable to those of the International Standards Organization.

IoTSF is an important organization because it has security professionals working in different departments of InfoSec. These experts assist consumers and innovators to continue using and inventing new devices with guaranteed safety.

A Breakdown of the IoT Framework

Apart from the IoTSF framework, CISCO has as well recommended a new IoT framework. However, these two organizations have an opposing approach with regards to publicly provided information. The IoTSF framework offers a checklist that helps businesses to get started with security compliance. On the other hand, the CISCO IoT Framework focuses on providing information and definitions to help users understand the security problems surrounding the IoT. A very effective program can be developed by combining these two IoT frameworks.

The risk-based approach of the IoTSF checklist appears similar to other past compliance programs. The risk evaluation involves checking the currently used businesses practices and products. This proposed framework has 12 areas for review. They include the following:

  • Authentication and Authorization
  • Business Security Processes and Responsibility
  • Cloud and Network Elements
  • Device Hardware and Physical Security
  • Device Application
  • Device Operating System
  • Device Wired and Wireless Interfaces
  • Secure Supply Chain and Production
  • Configuration
  • Web User Interface
  • Encryption and Key Management for Hardware
  • Privacy

The IoTSF Framework offers questions and provides a place for linking evidence for all the 12 areas. Businesses can make their 2019 much easier by using this proposed framework to review their IoT security and always stay up-to-date on the compliance curve.

The improved technology and manufacturing of new devices mean that the number of IoT devices will keep growing over the years. Therefore, consumers, businesses and manufacturers must join hands to guarantee the safety of hardware, software, and information.

You can boost the security of your business by reviewing the risks associated with the Internet of Things so that you can establish the best way of implementing the Security Compliance framework and guaranteeing the safety of your business.

Author Bio
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.  Learn more at ReciprocityLabs.com.