How organizations can secure their IoT networks
AS one of the core pillars of industrial revolution 4.0, the internet of things (iot) is already transforming businesses everywhere.
According to a recent IDC prediction, the APAC is set to become the global leader in IoT spending this year accounting for around 36.9 percent of the world total that estimated to reach US$381.8 billion by 2022.
But, businesses adopting IoT solutions are sometimes thought to be digging themselves into a hole, mainly due to the massive cybersecurity risk that the technology poses to the organizations' network and infrastructure.
Speaking exclusively to Tech Wire Asia Joshua McCloud, National Cybersecurity Officer, Security & Trust Organization, ASEAN at Cisco said, “The challenge with IoT networks is that the devices themselves are not particularly secure, they can basically connect to anything, and there are lots of them.
“Securing IoT networks is not just about implementing security but doing so at scale.”
He laid out five key pillars where businesses should focus in order to ensure end-to-end IoT security.
#1 | Secure device on-boarding
IoT security starts at the device itself. Essentially, only devices that belong to the IoT network should be allowed to connect to it, and thus, secure onboarding of device is crucial. To this end, device identity profiling must be deployed.
At present, this task is executed manually. However, some technologies may allow for it to to be automated and scaled. Two technologies that make automation possible are
- Bootstrapping Remote Secure Key Infrastructure (BRSKI) – Use manufacturer embedded digital certificate to identify and authenticate authorized IoT device unto a network.
- Manufacturer Usage Descriptions (MUD) – Uses manufacturer installed identifier to enable the network to obtain devices specific security measures form the manufacturer and apply it to the network.
#2 | Segmenting network
As IoT devices are often installed on a single wide-open network, network segmentation is crucial to reduce the overall attack surface.
The problem is that if an attacker manages to compromise just one device, they can easily move across the network to compromise other devices and, potentially, even find a back door into the enterprise network.
Accordingly, with proper network segmentation, the network is enabled to assign the devices that are securely onboarded will be dynamically limited to a specific leg of the network and what the devices can communicate to – ones that are only essentials to their functions.
#3 | Ensuring continuous network visibility
Once devices are onboarded and the network is sufficiently segmented, there must be a protocol in place to monitor the behavior and communications of all the IoT devices within the system.
Since we cannot install software agents on IoT devices such as anti-malware, we have to rely on network-based monitoring and observations to detect a threat or compromise.
For example, if an IoT device that is only supposed to communicate with a controller using very specific protocols and communications patterns suddenly starts trying to connect to a web server on the internet, we would deem the device has likely been compromised.
Continuous monitoring will enable quick detection and subsequently, response to threats.
#4 | Securing remote access
IoT devices are often managed and serviced by third-party vendors which enable third-party vendor access, and this presents a massive risk to the IoT environment an attacker could potentially compromise the third party's network and deploy their trusted credential to gain entry to the system.
In 2013, for example, hackers broke into US-based retail giant Target's network using login credentials stolen from its refrigeration and HVAC vendor, that affected over 41 millions of customer credit card information, due to similar vulnerability.
Secure remote access is essential to limit the risk of this type of backdoor attack. Not only should remote access be done over a secure VPN with robust identity and access control management, but third-party communications in the IoT environment should be limited to the devices they need to manage using only appropriate tools and communications protocols.
#5 | Enhanced monitoring and swift incident response
There are new types of devices, protocol, and applications that security operations professionals deploy as part of IoT network surveillance which enterprise network security team may not be aware of.
Further, security operations teams integrating IoT solutions need to up-skill their knowledge on the technology and work in tandem with their teammates from the OT (operation technology) environment.
Beyond, that the team may have to develop a new detection, response, and, methods and processes to remedy that are suitable for an IoT set-up.
While it may be acceptable for a security operations team to quarantine a laptop suspected of being infected with malware, the same may not be true for an IoT sensor monitoring temperature or pressure in a manufacturing process.
In conclusion, the risk posed by a compromised IoT device – such as the sensors in the manufacturing facilities, power controllers and weather probes in transportation sectors – could lead to catastrophic damage to assets, critical services and creates a serious safety hazard.
And since IoT devices are not capable for protecting themselves, and due to the low-cost, low-power and low functionality nature of these instruments, it is also not feasible to deploy end-point protections measures found in the enterprise network environment.