Securing IoT

What is IoT?

The Internet of Things (IoT) refers to the billions of physical devices around the world that are connected to the internet. We typically associate connected devices with mobile phones, computers and game consoles however more recently we have accepted that TV’s, music systems, heating and lighting are all frequently connected to the internet. Now, we are also seeing anything from home appliances to children’s soft toys being ‘connected’. These are all “things” and collectively we refer to them as Smart Home devices. This is just the tip of the iceberg when considering IoT.

When considering the impact of IoT we must first recognise that Smart Home is only a small area of IoT. All aspects of society are benefiting from IoT: travel, manufacturing, retail, buildings, city services and more. In fact, it is reasonable to consider that almost any physical object could be ‘connected’ by means of sensors. For example, a simple shelf in a shop could use sensors to monitor stock levels and report this information back to a warehouse. A humidity sensor in a greenhouse could report data back to a central analysis server. The ability to connect and centrally manage or monitor devices and information leads to limitless opportunity. This is why the Internet of Things is forecast to grow so fast and large.

Typical Smart Home Service

IoT Landscape and Challenges

Even with increasing reliance on machines globally there is still no common framework for security and privacy standards. Consumers, Industry and Governments use of IoT is at risk. The internet was not built with security at its core and as a result we have experienced numerous attacks on society (cyber terrorism, election fixing, data breaches etc).

The risks associated with IoT are far more concerning than those of the past. Hackers now have the means to cause actual physical damage. To give one example of a cardiac device with vulnerabilities enabling hackers to gain access and deplete the battery or administer incorrect pacing or shocks – this is a life-threatening scenario.

Industry 4.0

Industry 4.0, is coined as the fourth Industrial Revolution encompassing industrial transformation, data exchanges, cloud, cyber-physical systems, robots, Big Data, AI, IoT and (semi-)autonomous industrial techniques.

Industry 4.0 is already challenged. There is a considerable lack of standardisation and agreed scope on how to address the issue of security. The race to automate and the need to build a security infrastructure to keep pace with this has a disparity. The earlier example of a pace maker is dwarfed when compared to threats against Industry 4.0 – disruption to transport, factories, power, water, public services even nuclear reactors.

Industry 4.0 needs a reliable, low cost and most importantly, easy to implement solution for security and privacy, often with a view to retrofitting an infrastructure that has no room to be adapted.

Look at the horizon, smart homes, smart toys, autonomous vehicles, wearables, smart healthcare. The endless list and categories of IoT beyond Industry 4.0 is just that – endless. Businesses racing towards these emerging markets have yet to answer the key questions – how do I protect my customers? How do I protect my reputation and revenue?

We are experiencing the ripples of an Internet revolution where sci fi movies become reality. As citizens digitise their lives Governments are scrambling to deliver the right legislation. Meanwhile technology companies struggle to innovate to meet the ethical and technical demands for future generations.

It is time to put security at the core of IoT.

A Cloud-Based Approach

The Scentrics global security service offers a radically different approach to solving the key management problem. An IoT device, or IoT management system, only needs to be equipped with the means to authenticate to the Scentrics server and can then be provided with whatever keys it needs at the time. That is, unlike a PKI-based solution where a complex web of trust relationships need to be established in advance, solving the key management problem is delegated to a trusted cloud service. Moreover, the need for public key cryptography is largely eliminated, and where it might be required the choice of algorithm can be made flexible, future-proofing the system against a possible need to move to a quantum-computing-resistant algorithm.

Talk to us about how Scentrics can help with your security