·  Legal News, Analysis, & Commentary


The Other Side of the Internet of Things: Cybersecurity

— April 6, 2020

The IoT is a growing paradigm with a significant impact on the technical, social, and economic aspects of our world. It raises new security and major protection challenges that must be addressed.

In the coming years, the Internet of Things (IoT) will definitely transform business, since it will generate changes at a social and industrial level; its implementation will be total. However, its application will also generate significant changes in cybersecurity, which should be redefined since by incorporating a number of devices that, in turn, will generate a large volume of data, vulnerability to cyber-attacks increases to the same extent.

There is talk of an exponential growth not only of the data but also of hardware and software for its control. This will imply higher levels of security. It is a big challenge. IT professionals will have to assume new responsibilities to strengthen security policies, starting by designing new profiles and protocols of action on a larger scale and with a visible impact.

The guarantee of the security of the IoT will be complex since they must be related to other approaches such as cloud computing, mobile architectures, industrial control, automation, and physical security. However, the basic safety principles will still apply.

The IoT is already present in many services, for example, in Smart Electrical Networks, which control energy consumption in a locality or region, comparing energy consumption in the home and power generation. To do this, smart meters are installed in homes to measure consumption.

These types of networks, being vulnerable to cyberattacks, cybercriminals can collapse the electrical system, as well as reduce or increase consumption costs. It can also happen in other critical structures such as a traffic control system, medication control system, among others.

The development of the IoT is key to creating smart cities, improving health, among other aspects of people’s daily lives. In the same measure, it is essential to highlight the safety recommendations in IoT systems to prevent cyber-attacks in the future.

Previously, problems in public services were due to system failures or natural disasters. Nowadays, cyber-attacks must be added. Learning from the incidents, it is necessary to apply safer policies and mechanisms for the IoT Systems. For this, we must consider:

  • Decrease ease of use in order to increase system security, encrypting data, and communication.
  • Do not rely on “read-only”, since it is not safe. Attackers always manage to interfere with systems, especially those developed on Linux, because it is an operating system more susceptible to vulnerabilities than industrial systems being more widespread.
  • Any device is susceptible to cyber-attack. It is essential to monitor the state of the system, including connected nodes, and take measures that detect failures in each of them.
  • It is important to perform penetration tests in an organized way following the security requirements of your system.
  • The security is critical from the analysis, planning, and design of the system. The IoT to be part of the social infrastructure requires sufficient security measures.

What is the Internet of Things (IoT)?

Safety first on the Internet sign; image by geralt, via Pixabay, CC0, no changes.
Safety first on the Internet sign; image by geralt, via Pixabay, CC0, no changes.

They are all the technological devices that, although they are in different areas, are connected, becoming intelligent devices. Through interconnection, they provide dynamic functionality to users, allowing them to exchange data, content updates, among others.

These devices range from connected vehicles, refrigerators, smartwatches, televisions, assistants, among many others, that are manufactured daily.

Cybersecurity Risks in IoT Systems

There are numerous devices that, at a given time, put security or privacy at risk. This is because many manufacturers, with the interest of offering their products to the market before the competition, dedicate little time and resources to audit the safety of these devices. Therefore, they do not guarantee the privacy of the end-users who incorporate them into their daily lives.

Cybersecurity problems continue to increase progressively, considering that the Internet was created to facilitate connectivity. And in its design, development, and implementation, security was not considered. So, it is necessary to redouble efforts to achieve cybersecurity in the great Information Network, which will undoubtedly impact on the Internet of Things (IoT) Systems.

There are already many devices that are managed and incorporated into the personal and work life of individuals, as well as organizations such as Smartwatch, Smart TV, refrigerator, among others. It is important to determine what should be protected and implement specific security measures for protection against cyber-attacks, then it is required to:

  • Harmonize IoT security initiatives and regulations.
  • Raise awareness among users about the importance of cybersecurity, defining security guidelines from the beginning of the hardware and software development life cycle.
  • Achieve interoperability in all systems to which smart devices connect.

In the face of cybersecurity risks, it is necessary to examine the areas of attacks and threats, apply best practices and security recommendations to protect devices, data, and the IoT system in general. To achieve this, the following aspects must be considered:

  • Incorporation of Devices to the IoT System: It is carried out through a series of automated steps supported by an application programming interface without human intervention. For this purpose, a trust anchor is required in the devices, which can be provided by the manufacturer or by the distributors or by the technological solutions team.
  • Security Controlled by the Owners: Despite the anchorage provided by the manufacturer, they are ideal for platforms or closed systems. When used in open systems, they require user-controlled security and the application itself.
  • Data Privacy and Integrity: IoT is not just devices; it also involves data and to a large extent. This is a challenge for IoT, controlling not only a large number of connected devices but controlling the large volume of data they generate. For the protection of this data, the node closest to the source must be encrypted, providing maximum end-to-end security.
  • Secure Firmware Updates: Software and firmware updates for remote devices while ensuring the installation of trusted software is a security strategy applicable to the IoT. To be successful, you must: authenticate secure devices, maintain data privacy and integrity on those devices.

The IoT is a growing paradigm with a significant impact on the technical, social, and economic aspects of our world. It raises new security and major protection challenges that must be addressed in order to reach the maximum potential to guarantee security in the products and services offered in the IoT System for the future. IoT brings us closer to that future, but its other side requires considering Cybersecurity Measures to avoid cyber-attacks.

Join the conversation!