Security from the outside in and inside out

IoT is about converting data to action by extracting and exploiting information from devices around us. That means the integrity and trustworthiness of the data must be beyond reproach, otherwise the results and processes are at risk of being manipulated, intentionally or otherwise.

Security must play an integral role throughout the lifecycle of IoT data, while the data is in motion and at rest. And it is here that we hit the Achilles heel of most IoT implementations - they’re untrustworthy due to poor or no security. That’s why IoT network penetrations and data breaches abound in every industry - nuclear, retail, healthcare and consumer.

The reason is simple. The engineers who design IoT devices are typically trained on process reliability and application specific architectures. These fall under the auspices of operations technology, the goal of which is to make products work as reliably and for as long as possible. Cyber security expertise sits with information technology engineers.

Until IoT security can be asserted from the devices that generate the data to the applications that consume them, neither the devices nor the data should be trusted. And if they can’t be trusted, then they shouldn’t be used for business applications.

That lends some urgency to the task of IoT security. But addressing the shortcomings isn’t a trivial task. The diversity of installed legacy devices is vast, and finding suitable replacements may not be either technically or economically viable, not to mention the disruption that upgrades would cause to ongoing operations.

The solution is to build trust where it doesn’t exist today by incorporating security features into new IoT devices, and by enveloping legacy devices within a protective bubble. This task can be accomplished by moving the demarcation point for trust as close to the origin of the data as possible by applying layers of protective services within and/or around IoT devices.

Essentially, you want to create a defensive framework in which no device or user is trusted until proven otherwise. The framework should leverage contextual information from a multitude of sources to scrutinise user and device security posture before and after they connect. Doing so helps overcome the limitations of fixed security perimeters tied to physical boundaries, which break down in the face of IoT devices that can connect and work from practically anywhere.

The IoT security framework should include the following protective mechanisms:

• Authenticating source/destination devices and monitoring traffic patterns.
• Encrypting data packets using commercial and, where applicable, government encryption standards.
• Enveloping the packets inside a secure tunnel to ensure they go only to their intended destination.
• Fingerprinting IoT devices to determine if they are trusted, untrusted or unknown, and then applying appropriate roles and context-based policies that control access and network services.
• Inspecting north-south traffic with application firewalls and malware detection systems to monitor and manage behaviour.
• Leveraging enterprise mobility management, mobile application management and mobile device management systems to monitor behaviour and protect other devices in the event of a policy breach.

Legacy IoT devices can be identified as known or unknown upon connecting to the network using their MAC address in an external or internal database. The profiling data should flag if a device changes its mode of operation or masquerades as another IoT device, and then automatically modify the device’s authorisation privileges. For example, if a programmable logic controller tries to masquerade as a Windows PC, network access should be immediately denied.

Policies are only as effective as the information used to build them and the enforcement tools available to protect them. Applying a systems approach to the problem will help identify the IoT threat vectors and the security technologies needed for remediation.

In time critical IoT deployments such as oil platforms and industrial pumps, it’s necessary to collect IoT data and process it instantaneously on-site to avoid unacceptable latencies that come from backhauling to a data centre for analysis. These edge IoT processors also need protection, because like data centre servers, edge processors are often the targets of attacks.

VPNs and firewalls provide some measure of protection, but do little to addresses attacks targeting an edge processor’s BIOS and operating system. Here, a secure boot feature will ensure that each component launched during the boot process is cryptographically signed against a set of trusted certificates embedded in the BIOS. Secure boot also validates the software identity of the drivers, shell applications and boot loaders. If a violation is detected, then a secure back-up copy will be loaded and the process restarted.

The end game with IoT is to enable business transformation by exploiting the rich sources of data locked inside of IoT devices. Most IoT devices and the data they generate are untrustworthy, but with the right security measures you can level the playing field so the extraordinary benefits of the internet of things can be realised without incurring unacceptable risk.