IoT Cybersecurity

The OWASP IoT cybersecurity framework lists the top ten threats to IoT devices and solutions as follows:

• 1. Weak, Guessable, or Hardcoded Passwords
• 2. Insecure Network Services
• 3. Insecure Ecosystem Interfaces
• 4. Lack of Secure Update Mechanism
• 5. Use of Insecure or Outdated Components
• 6. Insufficient Privacy Protection
• 7. Insecure Data Transfer and Storage
• 8. Lack of Device Management
• 9. Insecure Default Settings
• 10. Lack of Physical Hardening

By addressing the top ten threats you bring cybersecurity hygiene toolsets and processes to better protect your IoT environment.

IoT cybersecurity differentiates in nature from IT cybersecurity because the devices are connected to the physical world, and the device life cycle is 10 to 20 years or more. In Industrial IoT and OT environments, the life cycle can be as long as 40+ years. Apart from these fundamental differences, there are a few characteristics that add to the complexity.

• Deployment Environment – IoT devices typically are deployed in "hostile environments," leaving them vulnerable to tampering. Protect your devices with physical hardening.
• Device Variety – There are significantly more variants of IoT devices as well as networks than what’s typically seen within enterprise IT. Asset and device management is crucial to staying in control of your mixed fleet of devices.
• Device Volumes – The number of IoT devices deployed globally is measured in double-digit billions; IoT already represents the majority of all connected devices. Managing devices at hyper-scale volumes requires lifecycle management that differs considerably from enterprise IT devices' management.
• Real-World Impact – In the event of a breach, an outage of an IoT device or IoT solution can have a fatal impact on real-world products, processes, and people. Medical devices, cooling systems in industries, or robots compromised can have a real-time visible impact with people getting hurt or worse. Deploying IoT and OT instantly changes enterprises' risk profile; therefore, cybersecurity requires investments proportionate to the risk.
• Organization and Decision Making – Given that IoT bridges information systems (controlled by the CIO) and operational processes and systems (controlled by the COO), there’s a risk that different points of view on whether cybersecurity is a protector or a barrier for growth.
• Change Management – In contrast to enterprise IT – the majority of IoT and OT systems comprise legacy and unsupported equipment. Cybersecurity for IoT and OT needs to be addressed differently because much of the equipment is comprised of unsuitable traditional tools.
• Availability – In IoT solutions, especially in Industrial IoT/OT environments, operational uptime is the highest priority. In contrast to enterprise IT, where delays are usually accepted, IoT environments need to operate 24/7/365.

IoT enables real-time visibility into how products and processes are performing. Connected sensors enable remote monitoring and control from anywhere.

On a high level, this is how IoT works:

• 1. Sensors are installed on the product or process to collect measurements (anything can be measured, e.g., temperature, humidity, pressure, distance, light, volume, gyroscope, motion, acceleration, location, flow, sound, or moisture).
• 2. The sensor is connected to an IoT device that reads the sensor measurements (for lightweight and Massive IoT use-cases; the device and the sensor can be combined).
• 3. The device then transmits these measurements to a centralized telemetry hub.
• 4. The network used can be wireless (e.g., cellular, Wi-Fi, LoRa) or fixed (fiber, ethernet).
• 5. In the telemetry hub, the data is routed to a time-series storage, typically in the cloud.
• 6. The telemetry data is aggregated and grouped to enable analytics scenarios.
• 7. A business intelligence tool (e.g., Power BI/QlikView) is used to create insights.
• 8. Data-driven automation is adopted, which enables remote optimization.

The above example applies to Massive IoT solutions. OT environments and Industrial Control Systems involve different components where most monitoring and control occur on-site locally.

We’re always interested in strengthening our expertise within the IoT, OT, and Telecom arenas. If you have a strong background in IoT engineering (both within the device and cloud layers), IoT networking (both wireless incl., cellular and fixed), IoT product management, GTM, and marketing, we value your experience and believe that it can make a difference to build a safer digital future.

See our Career Site for job vacancies on the IoT team. Make sure you also connect to receive notifications when new positions become available.