The Internet of Things (IoT) is being hailed as the next step in our technological development. It’s hard to argue with that. The abilities it provides are as captivating as they are numerous: smart cars and homes, automatized agriculture, advancements in medicine that help with after-stroke recovery and the list goes on.
However, while the IoT is truly a huge topic nowadays, we must not let our fascination with it overcome us. It’s too easy to forget about security and privacy concerns when you hear about exoskeletons that can increase a person’s strength and dexterity–trust me, I know. But we can’t afford to forget about them.
It does seem, though, in our pursuit of the interconnected device environment, the security of those devices was somewhat left behind. Let’s take a look at what the primary IoT cybersecurity hindrances are and what can be done to overcome them.
When Security Struggles To Keep Pace
One example of the quantity of devices outrunning their quality safety-wise is smart homes. They are very popular now, and according to the IDC forecast this trend is not going away:
While undeniably convenient, smart homes can pose a potential threat to their users. To do their job, they must collect information about those users. And the more interconnected the entire system gets, the more trouble can a single weak link cause.
Take smart door locks, for example. Some of them come with facial recognition algorithms. That in itself is a pretty big privacy concern. Facial recognition can be used with an alarming accuracy to identify and track individuals. It can have various purposes, but very few of them (if any) are benevolent.
To add to that, within the smart home system, a smart lock is going to be connected to other devices. Maybe it is safe from cyberattacks on its own, but is the smart thermostat safe? What about the smart water kettle? It only takes one vulnerability to get access to a lot of one’s private data.
This risk can be somewhat mitigated by users taking certain precautions: installing AV software to protect their devices, updating the said devices regularly to prevent exploits, setting up a VPN on their routers to safeguard all of their internet traffic, etc. But how many users are actually going to go through with all this trouble?
It should be noted that data breaches and cyberattacks are not the only threats the IoT faces. Some problems arise from poor design.
For example, among other considerations presented in the June NIST publication, a non-descriptive appearance of an IoT device is mentioned. If it’s just a black box with no markings on it to indicate what software and hardware it runs on, updating it (as well as keeping track of its activities) becomes a very unpleasant chore. It is especially true if there are thousands of such devices located on the premises of a company.
Alternatively, the support of a certain device may get discontinued well before the company plans to replace it. It is also possible the news of its discontinuation can be missed by the company, thus creating a possible vulnerability.
Sheer Scale of the IoT Makes Threats Bigger, Too
Another concern with the IoT is it’s so overwhelmingly difficult to maintain secure. If there is the need to install crucial updates on hundreds of millions of devices, the task becomes all but impossible.
The hundreds of millions of devices example is not an exaggeration, either. Recently, several critical vulnerabilities were found in the VxWorks real-time operating system. Thankfully, this finding was not made by hackers but by a security firm. Some might think it should, therefore, be easy from now on for those vulnerabilities to be patched.
Here comes the problem. There are 2 billion devices that run on VxWorks. Although not all of them can be affected by the vulnerabilities found, hundreds of millions still can. Moreover, there are difficulties in finding all the devices that need a patch, as it’s not obvious what devices even run on this RTOS.
Many of the VxWorks devices are used in medicine. To update them, it is required they undergo the certification and testing processes, and that can take a long time. And before all the necessary testing is done, those devices remain vulnerable.
Making the IoT Safer
That’s why the approach to IoT device security must become more holistic than it is now. It is necessary for the IoT market itself to develop, as security and privacy issues were named one of the biggest problems hindering the implementation of smart devices.
According to the recent Deloitte webcast, one of the biggest threats of the IoT today is security measures and systems are not incorporated into the core design of devices and networks. Another top risk is the lack of security awareness and training among engineers. Yet another one is the lack of proper incident response processes due to the wanting skill levels of security professionals.
It’s obvious the IoT field can benefit immensely from the implementation of DevOps and, especially, DevSecOps. To ensure safety in the IoT, it is not enough to start worrying about it only after the fact, as an addition to other functions. On the contrary, it must become secure by design, and its safety must be a concern on all levels.