NEXT100 Winner 2017, Dr. Rizwan Ahmed, President of Technology QM Computech, discusses the challenges that IoT faces and the possible solutions needed to ensure security in IoT
IoT security is key to gain and retain consumer trust on privacy and fulfil the promise of IoT
The Internet of Things (IoT) is used to describe a network of objects (or “things”) that have sensors or hardware, and software to enable objects to connect to the Internet through wired and wireless networks. Early experiments conducted during the 1980s and 1990s started showcasing “things” that could be connected. The term IoT was invented in 1999, initially to promote RFID technology. IoT didn’t become popular until 2010-2011. In 2011, Gartner, which invented the famous “hype-cycle for emerging technologies”, included a new emerging phenomenon on its list: IoT.
In 2014, IoT reached mass markets when Google bought Nest for USD 3.2 billion and Consumer Electronics Show (CES) in Las Vegas was held under the theme of IoT. Today billions of “things” can “talk” to each other – from TVs, fridges, cars, smart meters, health monitors and wearables. As per Gartner’s forecast, 8.4 billion connected things were to be in use worldwide in 2017 -- up by 31% from 2016, and will reach 20 to 30 billion by 2020, with total IoT spending on endpoints and services to reach almost USD 2 trillion in 2017.
A wide variety of IoT objects and applications are currently available, with many more to come. Here is the list of most popular IoT applications in use today:
- Smart Home
- Smart City
- Smart Grid
- Industrial Internet
- Connected Cars
- Connected Healthcare
- Smart Retail
- Smart Supply Chain
- Smart Farming
Technology is only adopted when it actually gets enmeshed with our everyday life; considering this, IoT still has a long way to go. As for the future, it is impossible to offer precise predictions as to what devices will be developed. As a paradigm, IoT should further simplify our lives by utilizing connected devices.
On the one hand, IoT opens up exciting new business opportunities and a trail for economic growth. On the other hand, it also opens the door to a variety of new security threats. Since IoT involves networking of “things” or objects that are relatively new and their product design doesn’t always consider security an important factor. Most of the IoT products in the market are often sold with old and unpatched embedded operating system and software. It is generally observed that purchasers of these IoT devices often fail to change the default passwords or fail to select sufficiently strong passwords.
IoT also faces a greater number of possible threats as compared to earlier internet technologies due to the various reasons:
- With ever growing number of connected IoT devices, applications, systems and end users, result in greater scope for vulnerabilities.
- Every compromised IoT device becomes a new possible attack point increasing probability of attacks.
- There is a plethora of IoT standards and protocols, which creates security blind spots. With more connected devices in many applications i.e., hundreds of different use cases build on different standards, interact with different systems and have different goals, especially critical infrastructure applications where there is a rise in the impact of attacks (i.e., damage to the physical world and possible loss-of-life), the stakes are much higher for hackers which increases the threat level.
- Due to more complex technology stack for IoT, multiple threats are possible from across the stack (e.g. hardware, communication, and software elements).
- IoT devices are collecting lots of data and this “data” can get into wrong hands, fuelling privacy concerns.
In order improve security of IoT devices, the following measures should be undertaken:
- Security must be the foundational enabler for IoT.
- IoT devices that need to be directly accessible over the Internet, should be segmented into its own network and have restricted network access. These individual network segments should be then monitored in order to identify potential anomalous traffic so as to take further action if there is a problem.
- IoT device manufacturers should enhance privacy and build secure devices by adopting a security-focused approach, reducing the amount of data collected by IoT devices, and increasing transparency and providing consumers with a choice to opt-out of data collection.
- IoT solution architectures require multi-layered security approaches that seamlessly work together to provide complete end-to-end security from device to cloud and everything in between throughout the lifecycle of the solution.
- Encryption is an absolute must.
- IoT standards are important catalysts and should further mature as per IoT security requirements.
The continued evolution of IoT- specific security threats will undoubtedly drive innovation in this space, enabling us to expect newer IoT- specific security technologies to appear in the creation phase in the near future. Many of these technologies may align around vertical and industry for specific use cases such as IoT in healthcare or IoT in industrial applications, etc. IoT security is integral to gain and retain consumer trust on privacy and fulfil the true potential of IoT, thus safeguarding IoT for our secure future.