/* ---- Google Analytics Code Below */

Friday, May 26, 2023

Securing IOT Sensors

Consider hw many IOTs you have.

Standards to Secure the Sensors That Power IoT

By Logan Kugler

Communications of the ACM, June 2023, Vol. 66 No. 6, Pages 14-16 10.1145/3591215

The use of Internet of Things (IoT) sensors has exploded in popularity in recent years as cheap, effective IoT sensors make it possible to connect devices that do everything from regulating smart home features to monitoring health and fitness using wearable devices.

IoT sensors also are increasingly making their way into business use-cases. In the industrial IoT, sensors are used in many different contexts, including to control and monitor machinery and to regulate core infrastructure systems.

IoT device and sensor usage has accelerated even more with advances in 5G connectivity and the shift to remote work, says Willi Nelson, chief information security officer for Operational Technologies at Fortinet, a cybersecurity firm. In fact, the number of IoT devices in use is projected to nearly triple to 29 billion in 2030 compared to 9.7 billion today, according to data from Statista.

Yet as IoT adoption increases, IoT sensors and devices also are becoming more popular targets for cybercriminals.

"They remain a prime target of cybercriminals as a fast path to gain access to enterprise networks," says Nelson. Fortinet found 93% of companies using IoT sensors in some capacity had one or more cybersecurity intrusions in the past year. A full 78% had experienced three or more, and these attacks increasingly are targeting industrial IoT operations, too.

That is because IoT is a fundamentally different technology than existing systems—a technology with plenty of attack surfaces. Each sensor and device connected to an IoT network presents a possible security risk, opening up an attack vector into an individual or company's hardware, software, and/or data.

In theory, IoT security standards are supposed to mitigate cybersecurity risks by encouraging companies to follow best security practices when designing and deploying IoT sensors and devices.

However, in practice, the standards available to manufacturers and companies using IoT technology do not always offer sufficient protection, are not always designed specifically for IoT, and are not always followed.

Despite the vulnerability of IoT devices, quite shockingly, there is no single standard for IoT security.

No Standard Set of Standards

IoT sensors carry a variety of unique risks because they are connected to larger sensitive networks. Medical IoT devices handle sensitive and often legally protected patient and hospital data. Industrial IoT sensors connect to other critical manufacturing equipment. IoT sensors in energy offer a gateway into critical private and public power infrastructures.

One prominent example is the damage caused by the malware named "Mirai" in 2016. Mirai infected computers and devices, which in turn targeted IoT devices and sensors. Once infected, IoT devices were used to temporarily take down many popular websites, including Twitter, Netflix, and Airbnb.  ... ' 

No comments: