To offset IoT challenges, two separate areas need to be addressed: end devices and the network protocol itself.
While the Internet of Things (IoT) has fundamentally changed the way we interact with data, organizations, and each other, it has also brought unprecedented risk, because every connected device is a potential entry point for hackers.
The unfortunate reality is that any connected device–small or large, simple or sophisticated–is a potential starting point for mounting an attack, spreading malware, manipulating operations, or stealing valuable information.
A Complex Challenge
IoT deployments can involve hundreds to millions of devices, each operating in an environment that is not always easy to protect. Two up-and-coming trends, 5G cellular and increased computing at the edge are adding to the IoT security challenge. To offset these challenges, two separate areas need to be addressed: end devices and the network protocol itself.
Help Your Customers Take a Security-First Approach
Recognizing the importance of IoT security, many national and international organizations now provide guidelines on how to protect IoT deployments. In the United States, for example, the Department of Homeland Security (DHS), which is a lead agency on cybersecurity, recommends a set of six strategic principles for securing the IoT. Introduced in 2016, they remain a strong foundation for helping your customers create a comprehensive strategy for IoT security:
- Incorporate security at the design phase: Help your customers make security an essential element of the design. They should treat it as an integral component of every device and network connection, incorporated from the earliest points as part of the development process.
- Promote security updates and vulnerability management: Hackers are always working on new attack methods, which means security requirements change over time and new vulnerabilities can appear at any time. Your customers should use patches, security updates, and other strategies for managing vulnerability to ensure ongoing protection.
- Build on recognized security practices: Your customers can establish a solid foundation for protection and save time by using industry-proven techniques that address issues of interoperability, accountability, and liability. Third-party certifications also verify the strength of security mechanisms and their effectiveness in specific use cases.
- Prioritize security measures according to potential impact: Your customers’ entire deployments need to be secure, but identifying where the risk is greatest can help identify where to start and how to commit resources. Knowing the potential consequences of disruption, breach, or malicious activity can help your customers focus their efforts.
- Promote transparency across the IoT: Your customers should evaluate their supply chain to identify any vulnerabilities, either within or without their organization, that need to be addressed. Increased awareness of the greater ecosystem of the IoT deployment can help your customer identify where and how security measures and redundancies should be introduced.
- Connect carefully and deliberately: From initial provisioning to decommissioning, every connection a device makes is a potential source of risk. Your customers should consider all the ways to protect those connections, including limiting the amount of time spent online to minimize vulnerability.
How This Translates to IoT Endpoints
The DHS guidelines address IoT security at a high level and help identify specific steps to take when it comes to the design of the IoT device itself. Here are some specific examples of the DHS philosophy that your customers can put into practice:
- Ensure your customer’s device only runs authentic code.
- Ensure firmware updates are deployed by authorized sources.
- Reduce the attack surface, remove unnecessary code, and disable unnecessary services.
- Deploy layered end-to-end security.
- Reduce the incentive to potential hackers.
A Secure Endpoint Needs to Attach to a Secure Network
It may seem obvious, but no matter how secure an endpoint is made, if the network connection is not also secure then all the endpoint security work may be for naught. Endpoints need to connect to networks that provide:
- Standardized encryption algorithms
- End-to-end security paradigm
- Mutual authentication
- Integrity protection
- Confidentiality
Messaging characteristics of the network need to support encryption, origin authentication, integrity protection, and replay protection. Otherwise, bad actors can (among other things): a. pretend to be a good device but send bad data, b. interfere with good devices transmitting their information, or c. pretend to be the network and tells good end devices to do bad things.
This protection, combined with mutual authentication, ensures that network traffic:
- Has not been altered
- Is coming from a legitimate device
- Is not comprehensible to eavesdroppers
- Has not been captured and replayed by rogue actors
- All of this supports the work done at the endpoint level.
Continuous Improvement
Security is an ever-evolving challenge, which is why some describe it as a journey, not a destination. To embrace this spirit of continuous improvement, your customers need to make security an integral part of how they operate.
As an ongoing process, security begins with assessment, so your customers can identify vulnerabilities and prioritize. Once they’ve addressed these top priorities, it’s time to go back and re-assess, taking into account changes in the threat landscape, new security tools and techniques, and the evolution of their products and services.
Start with Sierra
Sierra Wireless takes a holistic view to IoT security, considering every aspect of security from end to end. Sierra is the only cellular IoT company with a comprehensive security approach from device to network to cloud, and Sierra follows a design process that reflects a deep knowledge of all points of vulnerability within that chain. The Sierra Wireless security team is recognized for use of best practices, based on the latest technology, expertise, and processes, and has gained a reputation for being both proactive and responsive when addressing security issues when they arise. Sierra regularly collaborates with OEM partners to secure deployments throughout the development process.
Why Partner with GetWireless and Sierra Wireless?
Together with Sierra Wireless, GetWireless offers a global channel ecosystem designed to help our resale partners drive incremental revenue by offering leading IoT products, a robust partner program, and an easy partnership that provides tools to grow your business. Our channel program fuels collaborative growth, together with our partners. Our services are based on decades of experience working exclusively with channel partners in the IoT, mobility, in-building connectivity, fleet tracking, and many wireless markets.
About The Author
David Smith
VP of IoT Solutions
Dave Smith is the Vice President of IoT solutions with responsibility for technical advisement and thought leadership around products, solutions, and services; both inside and outside of the GetWireless portfolio. Dave is a tenured information technology professional skilled in LPWAN, IoT, Wireless Technologies, Telecommunications, Software Development, Testing, and Embedded Systems. David began his career at NASA’s Jet Propulsion Laboratory and prior to joining GetWireless served as CTO and Director for two Innovative IT and IoT hardware manufacturer’s in the Twin Cities area.