The world becomes more connected each and every day — and it’s not just people getting connected. In recent years, machine-to-machine connectivity through the Internet of Things (IoT) has exploded. Even though the IoT remains a relatively new technology, its importance is growing. The Supply Chain Quarterly staff reports, “Buoyed by recent technology advances, Internet of Things networks are continuing to mature, and are now two to five years away from making a transformational impact on supply chain operations, [according to] the research and analyst firm Gartner Inc.”[1] In order to appreciate the full impact of the IoT, several challenges must met, including standardization and security. Of the two, security is probably the greatest concern. Earlier this year, Peter Fretty (@pfretty), technology editor at IndustryWeek, reported, “Researchers found a significant security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial and medical devices open to attackers. The flaw affects Cinterion EHS8 M2M modules built to create secure communication channels for industrial IoT machines that operate in factories, the energy sector and medical roles.”[2] Security flaws have been reported in everything from baby monitors to home security systems.
The IoT is a growing
The number of IoT networks is getting larger every day. Itsik Harpaz, Chief Executive Officer at Essence-Sigamdots, points out, “Over the past two years, the Internet of Things has seen a dramatic rise across the board. IoT devices have become increasingly ubiquitous in both the home and in businesses. … Although it is important to remember that the IoT network is wider than the devices it supports, smart devices give us a good bellwether of the rise of IoT. Smart speaker ownership grew by 78% in 2018, with 1 in 4 Americans now owning one.”[3] As Harpaz notes, the IoT is more than connectivity, it’s an ecosystem. When people refer to the IoT, they generally mean everything from sensors embedded in devices to advanced analytics that make sense of data being generated by devices. Michael Cummings explains, “We’re moving into a world that’s increasingly connected, where everything around us tells everything else how it’s doing. These devices and sensors can act with or without our input; they exchange information and ‘talk’ with other internet-connected devices. They also give us the chance to manually take action on the data they receive, and let us automate behaviors with other devices. It’s an incredible feat of technology.”[4] Cummings (via Salesforce) provides the following infographic about the IoT.
Via Salesforce
IoT security is a growing threat
As the IoT grows, so do threats against it. Harpaz explains, “The increased proliferation of connected devices has meant that the challenges facing start-ups and IoT manufacturers in 2020 have evolved, with the sector increasingly facing serious threats from cybercrime. Hackers not only pose a risk to the IoT network itself; weak or faulty networks now mean our entire cyber-identities could be compromised.” Bad actors will try to attack the IoT from all angles. Fretty observes, “The threat landscape is evolving constantly with increased levels of sophistication. At the same time, manufacturers are becoming attractive targets — not only for access to customer data, but also as an avenue to control data, equipment operation and intellectual property. The key takeaway here? As highly connected industrial environments rapidly become the norm, organizations need to remain proactive in protecting these connections from nefarious characters.”
Surely that comes as no surprise. Almost daily we read about databases being breached despite the best efforts to keep them secure. Harpaz adds, “Our homes currently have more access points than ever before — wireless lights, thermostats, home security sensors, intelligent streetlights, smart meters, and many more. These millions of sensors and devices present a great opportunity for hackers, and a great vulnerability for us all.” Fretty goes so far as to call the IoT the “Internet of Threats.” Journalist Danny Palmer (@dannyjpalmer) bluntly states, “IoT security is a mess.”[5]
Dealing with IoT security threats
Palmer writes, “The supply chain around the Internet of Things has become the weak link in cybersecurity, potentially leaving organizations open to cyberattacks via vulnerabilities they’re not aware of.” Derek Bryan (@derekbryanirl), Vice President EMEA at Verizon Connect, notes, “Supply chains are constantly battling challenges, with unforeseen delays, restrictions and thefts causing disruption at every turn.”[6] He believes the IoT can help with those challenges — at the same time noting IoT security challenges must be met. He explains, “The benefits of installing IoT for logistics companies are numerous, but … cybersecurity remains an issue for the industry. … A resulting lack of confidence is holding some companies back from taking full advantage of the insights the tech has to offer. However, integrated solutions now exist that help automate and facilitate intelligent decision-making using IoT data, and are designed with data security at their heart.”
According to Palmer, “A newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development.” That’s good news. The guidelines were released by the European Union Agency for Cybersecurity (ENISA) and a copy of the guidelines can be downloaded at this link. Palmer notes, “One of the key recommendations is that cybersecurity expertise should be further integrated into all layers of organizations, including engineering, management, marketing and others so anyone involved in any part of the supply chain has the ability to identify potential risks — hopefully spotting and addressing them at an early stage of the product development cycle and preventing them from becoming a major issue. It’s also recommended that ‘Security by Design’ is adopted at every stage of the IoT development process, focusing on careful planning and risk management to ensure that any potential security issues with devices are caught early.”
Concluding thoughts
Harpaz concludes, “In order for IoT to start looking after itself in 2020, we must develop solutions that understand what it is to be an IoT user and manufacturer. Any solution provider must understand that practicality is king and demonstrate software that is designed with an IoT user’s pain points in mind.” Following the ENISA guidelines is certainly a step in the right direction. ENISA notes, “The [guidelines were] developed to help IoT manufacturers, developers, integrators and all stakeholders that are involved to the supply chain of IoT to make better security decisions when building, deploying, or assessing IoT technologies.”
Footnotes
[1] Staff, “Gartner says IoT technology is two to five years from ‘transformational’ impact,” Supply Chain Quarterly, 9 September 2020.
[2] Peter Fretty, “Is it Internet of Things or Internet of Threats?” IndustryWeek, 19 August 2020.
[3] Itsik Harpaz, “Top security challenges that will impact the Internet of Things,” Information Management, 6 February 2020 (out of print).
[4] Michael Cummings, “The Internet of Things Connects Customers to Their World,” Salesforce, November 2019. (email Sean Farrell)
[5] Danny Palmer, “IoT security is a mess. These guidelines could help fix that,” ZDNet, 10 November 2020.
[6] Derek Bryan, “A secure, sustainable pathway to the IoT,” IT in the Supply Chain, 26 October 2020.
[7] Staff, “Guidelines for Securing the Internet of Things,” European Union Agency for Cybersecurity, 9 November 2020.
