IOT is the Next Cyber-Security Frontier
The recent wave of cyber security attacks that have targeted smart devices such as cameras or wireless routers has delivered a strong signal to the market indicating that IOT is the cyber-security battleground. As more IOT devices expose their capabilities online, they are likely to become the target of cyber-security attacks.
Cyber-security hasn’t been a strong focus of traditional smart device manufacturers. With hackers rapidly developing new techniques to exploid vulnerabilities in IOT runtimes, cyber-security platforms must adapt to these new world. However, the IOT space brings new dimensions in terms of complexity and new challenges to the cyber-security space in ways we haven’t seen before.
IOT Cyber-Security Challenges
There are many cyber-security challenges that we are about to start facing in the new world of connected IOT devices. For starters, IOT increases the complexity of many cyber-security problems by a large multiple. Also, many of the traditional cyber-security techniques can’t be easily adapted to the IOT world.
Let’s explore a few of the most notorious challenges:
The large number and variety of IOT devices directly translates on an equally large number of potential cyber-security threats. Even worse, these attacks take place on many runtimes that are likely unknown to cyber-security technologies.
Cyber-Security Tools are not Optimized for IOT Platforms
Attacks targeting IOT devices are a new dimension in the cyber-security space. Most cyber-security tools and platforms haven’t seen these types of attacks and vulnerabilities and, consequently, haven’t developed robust defenses.
Cyber-security attacks such as DDOS on IOT devices can be exploited to a much larger scale than similar attacks targeting computers or servers. The large number of IOT devices operating in a network can become a dream field scenario for hackers.
M2M Infection Methods
IOT cyber-security attacks would be easier to prevent and control in cases on which devices are controlled by a centralized hub. However, many IOT solutions rely on M2M models in which devices autonomously interact and communicate with each other. This type of communication can be used to propagate malicious code from one device to another scaling the magnitude of the attack.
Immediate Impact on the Physical World
Many traditional cyber-security attacks are constrained to the digital world and target digital resources such as documents, log files, etc. Comparatively, IOT cyber-security attacks can have an immediate impact on the surrounding physical environment, Consider and attack that turns off sensors on a regulated facility that trigger different fake alarms. The impact of that type of attack is immediately visible in the physical and digital worlds.
Five Interesting Ideas About IOT Cyber-Security
Below, I’ve listed five ideas that are worth exploring when comes to cyber-security in the IOT space.
In-Device Protection Techniques
Device manufacturers must start developing security protection methods directly embedded in the firmware of their devices. This point is particularly relevant for vendors such as Intel or QUALCOMM that develop chips that are ubiquitously used across IOT devices.
ML-Based IOT Security Traffic Analysis
Machine learning(ML) techniques can play a pivotal role detecting anomalous IOT traffic activity that follows patterns of cyber-security attacks. These techniques are even more viable in IOT scenarios that generate considerable volume of traffic.
M2M Trusted Communication
M2M communication channels should implement trust and security protocols to avoid the rapid propagation of cyber-security attacks.
Cyber-Security Technologies Should Start Supporting IOT Devices
Cyber-security platforms provided by top vendors such as Palo Alto Networks or Cisco should start including capabilities to support IOT devices and architectures. This will allow organizations to reuse their existing cyber-security infrastructure to protect their IOT solutions.
In this early days on which IOT cyber-security techniques/attacks are just being understood, data auditing plays an essential role to understand potential malicious threats and develop the corresponding defenses.